Vox Logic Privacy Policy

Effective Date: November 13, 2025

At Vox Logic, we specialize in fine-tuning Automatic Speech Recognition (ASR) models using sensitive, domain-specific data. We understand the critical importance of data privacy and security, especially when handling legal and medical transcripts. As an EU-based entity, we are fully committed to protecting your data in compliance with the General Data Protection Regulation (GDPR).

Data Controller Information

The data controller responsible for the processing of your personal data is:
Vox Logic
Stada Preot Vasile Nicolau 17, Brebu, Prahova, Romania
Email: privacy@voxlogic.eu

Data Collection & Processing

1. Website Data (Contact/Audit Form)

When you use our Audit Request Form, we collect only the necessary data required to process your inquiry (Name, Work Email, Project Description). The legal basis for this processing is Legitimate Interest (to respond to your requests) and Contractual Necessity (to prepare a service proposal).

  • Purpose: Communication, service proposal generation.
  • Retention: Communications are retained for up to 12 months unless a contract is established.

2. Client Proprietary Data (Core Service)

This section is the most critical for our clients dealing with specialized transcripts and audio.

This refers to the domain-specific audio and transcription files provided for ASR model fine-tuning (LoRA). We treat this data as highly sensitive Proprietary Commercial Data (PCD) and strictly adhere to the principle of Data Minimization.

  • Data Processed: Audio files (WAV, FLAC, MP3), corresponding human-generated transcripts (Text, JSON).
  • Legal Basis: Contractual Necessity (the sole purpose of processing is to fulfill the LoRA fine-tuning agreement).
  • Security Measures: Data is handled within ISO 27001 certified environments using AES-256 encryption both in transit and at rest. Access is strictly limited to authorized engineering personnel.
  • Retention & Deletion: All Client Proprietary Data is permanently and securely destroyed (cryptographically wiped) within 30 days** after the final fine-tuned model has been delivered and tested, unless an explicit, signed agreement dictates a longer retention period.

Your GDPR Data Rights

Under GDPR, you have the right to:

  • Right of Access: Request copies of your personal data.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): Request the permanent deletion of your personal data (subject to legal obligations).
  • Right to Restriction of Processing: Request us to limit how your data is used.
  • Right to Data Portability: Request that we transfer the data we have collected to another organization, or directly to you.
  • Right to Object: Object to our processing of your personal data.

To exercise any of these rights, please contact us using the details provided above.

Changes to This Policy

We reserve the right to update this Privacy Policy. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date" at the top.