Privacy Policy.
Last updated · May 29, 2026
The short version
- We collect your email, church name, password hash, subscription state, and broadcast usage.
- We process your service's audio in real time to produce captions and translations — broadcast audio isn't stored. Short transcript fragments may be retained in pseudonymized form to improve our detection and transcription quality.
- We never sell your data and use no advertising trackers.
- Payment info never touches our servers — Stripe handles all card data.
- You can request a full copy of your data, or have it deleted, at any time by emailing [email protected].
1. Who we are
VoxLive LLC, a Texas limited liability company ("VoxLive," "we," "us," or "our"), operates the live translation platform at voxlive.app. This Privacy Policy describes how we collect, use, and share information when you use it. For privacy questions, email [email protected].
2. What we collect
Account information
When you create an account: your email address, a password (stored only as a salted hash — never plaintext), your first and last name (collected during setup), and the name of your church or organization.
Subscription & billing
When you upgrade to a paid plan: a Stripe customer ID, your current plan, your subscription status, the date your next billing period ends, and whether you've cancelled. We do not store your credit card number, CVC, or billing address — all of that lives with Stripe, who is PCI-DSS certified.
Usage metadata
To enforce plan limits and help you monitor your usage: broadcast minutes per month per church, per service and per target language. We also log when broadcasts start and end (timestamp + duration + peak viewer count) so you and we can see historical usage.
Broadcast audio & captions
When you broadcast, your pulpit or studio audio is streamed through our servers in real time so we can produce captions and translations for listeners.
- Audio is not stored. It's processed in memory, fanned out to listeners, and discarded.
- Captions and translations are streamed to listeners in real time. We do not record a transcript of your service for later playback.
- Transcript fragments may be retained. To improve our Bible-verse detection and transcription quality, we retain short transcript snippets in pseudonymized form — the storage path uses a one-way hash of your church identifier rather than your church name or service ID, the fragments aren't surfaced anywhere in the product, and they aren't linked to your account in any analytics.
- We do not record services. If you need a recording, do that on your own system — our architecture intentionally doesn't keep one.
Church logo
If you upload a church logo during setup, we store it on our image service to display on the listener page. You can remove or replace it anytime from account settings.
Server logs & technical data
Our servers log request details (IP address, user agent, timestamp, path, status code) for at most 30 days to debug outages, investigate abuse, and prevent bot attacks. These logs are not linked to marketing and are never sold.
Cookies
We use a single session cookie (sessionId) to keep you logged in. It's HttpOnly and Secure. We do not use advertising cookies, cross-site trackers, or analytics that fingerprint you. We use a bot-protection challenge (Turnstile) on the login and register pages — it sets its own short-lived cookie to distinguish bots from humans.
3. How we use your information
- To provide the Service: authenticate you, deliver captions and translations, track your plan, show your billing status.
- To enforce plan limits: stop new broadcasts when you've exhausted your monthly hours, so you don't hit surprise overage.
- To process payments: send subscription info to Stripe so they can bill your card.
- To communicate with you: email you about your account, billing, and product changes. We do not send marketing emails without your consent.
- To keep the service safe: detect abuse, investigate security incidents, and enforce our Terms of Service.
- To comply with law: respond to valid legal requests and protect the rights of others.
4. Who we share it with
We share the minimum necessary data with third-party providers that help us run the Service. We do not sell your data to anyone. Our current providers:
- Stripe, Inc. — payment processing. Receives your email, church name, and card data (collected by Stripe, not us). Stripe Privacy Policy.
- Soniox, Inc. — speech-to-text and live translation. Receives your broadcast audio streams in real time for the duration of a service to produce captions and translations. Audio is not retained by Soniox or by us. Soniox Privacy Policy.
- Cloudflare Realtime (a Cloudflare, Inc. service) — real-time audio routing between your studio and your listeners. Receives ephemeral audio for the duration of a broadcast; no audio is persisted. Cloudflare Privacy Policy.
- Hosting & infrastructure provider — runs our application servers, databases, edge network, and image hosting. Stores your account data, billing metadata, server logs, and the pseudonymized transcript fragments described in §2. Server logs are kept up to 30 days; account and billing data per §5.
- Bible text API — when a Bible verse is detected or looked up, we query a public Bible text API to retrieve the verse in the listener's chosen translation. We send only the reference (e.g. "John 3:16") and the translation code. No user account data is shared.
We require all providers to process data only on our instructions and not for their own purposes beyond what's described above.
5. Data retention
- Account and billing data: kept while your account is active + 90 days after deletion for dispute resolution and tax compliance.
- Usage metadata (broadcast hours, session counts): kept for current + 12 previous months for billing + usage analytics.
- Server logs: rotated and discarded within 30 days.
- Broadcast audio: never stored — discarded immediately after fan-out to listeners.
- Transcript fragments: retained in pseudonymized form (no church identifier in the storage path) for the limited purpose of improving our detection and transcription engine. Not linked to your account or surfaced in product analytics. You can request deletion of your church's fragments at any time by emailing [email protected] — provide your church slug and we'll purge the corresponding hash prefix.
6. Your rights
Depending on where you live, you may have additional rights under laws like the EU's GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA), or similar. These generally include:
- Access — request a copy of the data we have about you.
- Correction — ask us to fix inaccurate information.
- Deletion — ask us to delete your account and data ("right to be forgotten").
- Portability — receive your data in a machine-readable format.
- Objection — object to certain processing, including any direct marketing (which we don't do without opt-in).
- Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting earlier processing.
To exercise any of these, email [email protected] from the account email. We aim to respond within 30 days. If you believe we're mishandling your data, you have the right to lodge a complaint with your local data-protection authority.
7. Security
We protect your data with industry-standard measures: encrypted transit (HTTPS/WSS everywhere), hashed passwords (PBKDF2), scoped session cookies with short expiry, signed webhooks from Stripe, and strict server-side authorization on every API route. No security is perfect — if we detect a breach affecting your data, we'll notify you and the relevant authorities per applicable law.
8. Children
VoxLive is not directed to children under 13. We do not knowingly collect data from children under 13. If we learn that we have, we'll delete it. If you believe a child has provided us data, email [email protected].
9. International data transfers
VoxLive is operated from the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. and in regions where our infrastructure providers operate. By using the Service, you consent to those transfers. Where required by law (e.g. GDPR), we rely on Standard Contractual Clauses and equivalent mechanisms to protect your data in transit.
10. Changes to this policy
We may update this Privacy Policy to reflect product, legal, or business changes. The "Last updated" date at the top reflects the most recent revision. Material changes that reduce your rights or expand data use will be announced to active users by email at least 14 days before taking effect.
11. Contact
For any privacy questions, data-rights requests, or concerns, contact VoxLive LLC, a Texas limited liability company, at [email protected].