Privacy Policy

This Policy applies to personal information processed through our websites, mobile or web applications, and related features (e.g. onboarding, goals, voice or chat experiences, integrations you connect), regardless of where you live or access the Service. It does not apply to third-party sites or services that we do not control.

2.1 You provide directly

• Account data: name, email, password or authentication tokens (passwords are stored using secure hashing where applicable), profile details, and preferences.
• Goals & commitments: objectives, deadlines, notes, stakes, and related content you enter.
• Onboarding & coaching content: text you type, voice or audio you submit where enabled, transcripts, and inferred insights used to personalize the Service.
• Tribe & accountability contacts: names and contact details (e.g. email or phone) you add so we can send invitations or notifications on your behalf—you must have a lawful basis to provide this information.
• Support & communications: messages you send us via forms, email, or in-product channels.

2.2 Collected automatically

• Usage & device data: IP address, approximate location, browser or device type, operating system, pages or screens viewed, timestamps, and diagnostic logs.
• Cookies & similar technologies: to keep you signed in, remember preferences, measure performance, and prevent abuse.

2.3 From third parties

If you sign in with a provider (e.g. Google or GitHub) or connect integrations, we receive information allowed by that provider's consent screen, such as email, name, and identifiers. We use it as described in this Policy.

We use information to:

• Provide, operate, and maintain the Service;
• Authenticate users and secure accounts;
• Personalize goals, reminders, AI-assisted features, and accountability flows;
• Send transactional messages, security alerts, and (where permitted) product updates;
• Analyze usage in aggregated or de-identified form to improve reliability and features;
• Comply with law, enforce our terms, and protect rights, safety, and security;
• Develop and improve models and systems, consistent with your settings and applicable law.

We do not sell your personal information as a commodity. We may share data with service providers and as described below.

Where the GDPR or UK GDPR applies, we rely on one or more of: contract (to deliver the Service), legitimate interests (security, analytics, product improvement—balanced against your rights), consent (where required, e.g. certain cookies or marketing), and legal obligation.

• Service providers: hosting, databases, email, analytics, AI inference, customer support, and security vendors who process data on our instructions.
• Accountability contacts: limited information needed to invite or notify people you designate.
• Legal & safety: when required by law, legal process, or to protect Vocett, users, or the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards.

We retain information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it in line with our internal schedules and applicable law.

We implement technical and organizational measures designed to protect personal information (e.g. access controls, encryption in transit where appropriate, secure development practices). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

We and our service providers may process and store information in any country where we or they operate, including countries outside your own. Those countries may have data protection laws that differ from those where you live.

If we transfer personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection, we use appropriate safeguards such as the EU Commission Standard Contractual Clauses (and the UK International Data Transfer Addendum or UK IDTA where relevant), or other lawful transfer mechanisms approved under applicable law.

Depending on where you live, you may have rights to access, correct, or delete personal information; export (portability) certain data; object to or restrict certain processing; withdraw consent where processing is consent-based; opt out of certain uses (e.g. targeted advertising where required by U.S. state law); and lodge a complaint with a data protection authority (for example in the EEA or UK).

EEA/UK. You may contact your local supervisory authority; a list of EEA authorities is available from the European Data Protection Board. In the UK, the ICO is ico.org.uk.

How to exercise rights. You can update some information in your account settings. For other requests, contact us using the details in Section 14. We may need to verify your identity and may decline requests where permitted by law (e.g. excessive or unfounded requests).

We use cookies and similar technologies for essential operation (e.g. sessions), preferences, analytics, and fraud prevention. You can control cookies through your browser settings; disabling some cookies may limit functionality.

The Service is not directed at children under the age where parental consent is required in their jurisdiction. We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

The Service may link to third-party websites or services. Their privacy practices are governed by their own policies; we encourage you to read them.

We may update this Policy from time to time. We will post the revised version on this page and update the effective date. For material changes, we will provide additional notice as appropriate (e.g. in-app or email). Continued use after the effective date constitutes acceptance where permitted by law.

For privacy requests or questions, contact Vocett through our contact page, or visit vocettt.com.ng.