Privacy Policy

1. Introduction

VoltaServices Limited ("we", "us", "our") operates the VoltaAI platform, an API gateway and chat interface for artificial intelligence models. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

VoltaServices Limited is a company registered in England and Wales. Company Number: 16178827. ICO Registration Number: ZB874097.

By accessing or using VoltaAI, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our services.

2. Information We Collect

We collect information that you provide directly to us, as well as information generated through your use of our services:

• Account Information: When you register for an account, we collect your email address, first name, and surname. Your password is stored using industry-standard hashing algorithms and is never stored in plain text.
• Usage Data: We automatically collect information about your use of the platform, including API calls made, models used, token counts, request timestamps, and response status codes. This data is used for billing, rate limiting, and service improvement.
• Payment Information: Payment processing is handled by Stripe and GoCardless. We do not store your full credit card numbers, bank account details, or other sensitive payment credentials on our servers. We may retain transaction identifiers, payment amounts, and billing history for record-keeping purposes.
• Device and Browser Information: We may collect information about the device and browser you use to access our services, including IP address, browser type, operating system, and referring URLs. This information is used for security monitoring and service optimisation.
• Conversation Data: Messages sent through the VoltaAI chat interface are stored in our database to enable conversation history functionality. Conversation data is stored encrypted and is associated with your user account.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: To operate, deliver, and improve the VoltaAI platform, including processing your API requests, managing your account, and enabling chat functionality.
• Process Payments: To process subscription payments, wallet top-ups, and refunds through our payment partners.
• Send Notifications: To send you essential communications related to your account, including email verification, password reset links, MFA codes, billing notifications, and service announcements.
• Improve Our Services: To analyse usage patterns, diagnose technical issues, and develop new features. We use anonymised and aggregated data for analytics purposes.
• Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to protect the rights, property, and safety of VoltaServices Limited, our users, and the public.

4. Data Storage and Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it:

• Secure Servers: Your data is stored on secure servers with appropriate physical and logical access controls in place.
• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
• Encryption at Rest: Sensitive data, including passwords and conversation content, is encrypted at rest using industry-standard encryption algorithms.
• Regular Security Audits: We conduct regular security assessments and audits to identify and address potential vulnerabilities in our systems.
• Access Controls: Access to personal data is restricted to authorised personnel who require it to perform their duties. All access is logged and monitored.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account Data: Retained for as long as your account remains active. Upon account deletion, personal data is removed within 30 days, subject to our legal obligations.
• Usage Logs: API usage logs are retained for a period of 12 months for billing reconciliation, security monitoring, and service improvement purposes.
• Conversation Data: Conversation history is retained until you choose to delete it. You may delete individual conversations or request deletion of all conversation data at any time.
• Payment Records: Financial transaction records are retained for a minimum of 6 years as required by UK tax and accounting regulations.

6. Third-Party Services

We use the following third-party service providers to deliver and support our platform. Each provider has been selected for their commitment to data protection and security:

• Stripe: Processes credit and debit card payments. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
• GoCardless: Processes Direct Debit payments. GoCardless is FCA-authorised. GoCardless Privacy Policy
• Pollinations AI: Provides the underlying AI model inference for text and image generation. Prompts and generated content are processed through Pollinations' servers.
• Vonage: Delivers SMS messages for multi-factor authentication. Your phone number is shared with Vonage solely for the purpose of sending verification codes.
• Postmark: Sends transactional emails, including verification emails, password resets, and account notifications. Your email address is shared with Postmark for delivery purposes.

7. Cookies and Local Storage

We use a minimal set of cookies and local storage to provide essential functionality:

• Session Cookies: We use session cookies to maintain your authenticated state after you log in. These cookies are essential for the operation of the platform and cannot be disabled.
• Local Storage: We may use your browser's local storage to save user interface preferences, such as selected themes or display settings, to enhance your experience.
• No Third-Party Tracking Cookies: We do not use third-party tracking cookies, advertising cookies, or any analytics cookies that track your activity across other websites.

8. Your Rights (GDPR)

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month.
• Right to Rectification: You have the right to request that we correct any inaccurate personal data or complete any incomplete personal data we hold about you.
• Right to Erasure: You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

To exercise any of these rights, please contact us at privacy@voltaservices.co.uk. We will respond to your request within one calendar month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Children's Privacy

The VoltaAI platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as promptly as possible.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at privacy@voltaservices.co.uk so that we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will notify you by email or by posting a prominent notice on our website prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any modifications to this policy constitutes your acceptance of the updated terms.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: VoltaServices Limited
• Email: privacy@voltaservices.co.uk
• Company Number: 16178827 (England and Wales)
• ICO Registration: ZB874097