Legal

Privacy Policy

Effective May 28, 2026 · Last reviewed May 28, 2026

Voxenti ("we," "us," or "our") provides software to US healthcare providers handling personal-injury medical liens. This Privacy Policy describes how we collect, use, and share information when you visit voxenti.ai (the "Site") or request a product demo through our intake form.

This Policy covers the Site only. Voxenti's handling of customer and patient data inside the product is governed by a separate Business Associate Agreement and Data Processing Addendum with each customer. For a public summary of that product posture, see Section 5.

On this site

US-based
No advertising trackers
We do not sell, share, or rent personal information
Cookieless analytics by default
Honors Global Privacy Control signals

In our product

HIPAA-aligned
We require a BAA before processing PHI
Every outbound message sends under human approval
Single-tenant: your data informs only your workflows

#1. Information we collect

In short: we collect what you give us through the demo intake form and a small amount of standard request data needed to serve and secure the Site.

1.1 Information you provide to us

When you request a demo, you provide your full name, work email, optional phone number, role at practice, practice name, practice type, approximate monthly PI case volume, and US state.

You may also reach us by replying to email correspondence or contacting [email protected]. Any information you send becomes covered by this Policy.

1.2 Information collected automatically

When you visit voxenti.ai we may collect:

Aggregated page-view, referrer, and visitor metrics through privacy-aware analytics. No cross-site identifiers are placed.
Limited request metadata (IP address, user agent, timestamps) collected by our hosting layer and used for security and operational diagnostics.
Cookies set by embedded third-party content (such as embedded video and demo scheduling) only after you interact with that content.

1.3 Cookies and similar technologies

We minimize cookies on the Site. Cookieless analytics are used by default; third-party content that may set cookies is deferred until you interact with it.

Category	Purpose	When set
Strictly necessary	Site delivery and security	On every visit
Privacy-aware analytics	Aggregated traffic measurement, no cross-site ID	On every visit
Embedded video	Playback of product walkthroughs	Only when you press play
Embedded scheduling	Demo-call booking	Only after form submit

Category: Strictly necessary
Purpose: Site delivery and security
When set: On every visit

Category: Privacy-aware analytics
Purpose: Aggregated traffic measurement, no cross-site ID
When set: On every visit

Category: Embedded video
Purpose: Playback of product walkthroughs
When set: Only when you press play

Category: Embedded scheduling
Purpose: Demo-call booking
When set: Only after form submit

1.4 Demo intake guidance

The Site is not designed to receive Protected Health Information. Please do not submit PHI, payment card data, or other sensitive information through the demo intake form or email.

#2. How we use information

In short: we use what you give us to set up a demo and keep the Site running. We do not profile you for marketing and we do not run advertising trackers.

We process information collected through the Site for the following purposes and on the following lawful bases:

Respond to demo requests — legitimate interest in responding to inquiries from prospective customers.
Schedule demo meetings — consent (you choose to book a time after submitting the form).
Operate and secure the Site — legitimate interest in keeping voxenti.ai available and protected.
Comply with legal obligations — legal obligation under applicable law.

We do not use your information for advertising, profiling for marketing, or sale to third parties.

In short: we share information only with the service providers that help us run the Site, and only in the limited ways required by law or by a future business change.

3.1 Service providers

We engage trusted service providers for site hosting, analytics, transactional email, demo scheduling, and embedded video. Each provider is bound by written contract to process information only on our instructions. A current sub-processor list is available on request and is provided to customers as part of our Data Processing Addendum.

3.2 Legal disclosures

We may disclose information if required by law, valid legal process, or to protect our rights, property, or safety, or that of our users or others.

3.3 Business transfers

If Voxenti is involved in a merger, acquisition, financing, or asset sale, your information may be transferred as part of that transaction. We will provide notice (for example, on the Site) before your information becomes subject to a different privacy policy.

#4. Categories of personal information

In short: this is the CCPA-style breakdown of what we collect, where it comes from, why we collect it, and how long we keep it.

In the preceding 12 months, we have collected the categories of personal information below. We have not sold or shared personal information for cross-context behavioral advertising, and we have not collected sensitive personal information as defined by the California Privacy Rights Act.

CCPA category	Examples we collect	Sources	Purposes	Disclosed to	Retention
Identifiers	Name, work email, phone	You (demo form)	Respond to inquiry	Service providers under contract	Up to 24 months from last contact
Commercial information	Practice name, role, PI case volume	You (demo form)	Tailor demo	Service providers under contract	Up to 24 months from last contact
Internet / network activity	IP, user agent, page views	Auto-collected	Security, aggregate analytics	Service providers under contract	Short operational period (logs); aggregated (analytics)
Geolocation (coarse)	US state	You (demo form)	Route to correct rep	Service providers under contract	Up to 24 months from last contact

CCPA category: Identifiers
Examples we collect: Name, work email, phone
Sources: You (demo form)
Purposes: Respond to inquiry
Disclosed to: Service providers under contract
Retention: Up to 24 months from last contact

CCPA category: Commercial information
Examples we collect: Practice name, role, PI case volume
Sources: You (demo form)
Purposes: Tailor demo
Disclosed to: Service providers under contract
Retention: Up to 24 months from last contact

CCPA category: Internet / network activity
Examples we collect: IP, user agent, page views
Sources: Auto-collected
Purposes: Security, aggregate analytics
Disclosed to: Service providers under contract
Retention: Short operational period (logs); aggregated (analytics)

CCPA category: Geolocation (coarse)
Examples we collect: US state
Sources: You (demo form)
Purposes: Route to correct rep
Disclosed to: Service providers under contract
Retention: Up to 24 months from last contact

#5. Voxenti product — privacy posture

This Policy covers our marketing Site only. The summary below describes how the Voxenti product handles customer and patient data, so prospective customers can evaluate fit before signing a Business Associate Agreement and Data Processing Addendum.

5.1 Scope boundary

Product handling of customer and patient data is not governed by this Policy. It is governed by a Business Associate Agreement and Data Processing Addendum executed with each customer.

5.2 HIPAA-aligned, BAA-gated

We operate the product as a HIPAA Business Associate. We require a Business Associate Agreement to be in place before processing Protected Health Information on a customer's behalf.

5.3 Single-tenant intelligence

Each customer's data informs only that customer's workflows. We do not train models, build cross-clinic data products, or aggregate customer data into shared intelligence.

5.4 Human-in-the-loop outbound

Every outbound communication generated by the product is reviewed and sent under explicit human approval. We do not send fully automated outbound messages.

5.5 AI providers

Our product uses large-language-model providers. Where we use such providers, we use them under terms that prohibit them from using customer data to train their models, and under Business Associate Agreements where applicable.

5.6 Requesting the DPA, BAA, or sub-processor list

Available to customers, and to prospective customers under a non-disclosure agreement, via [email protected].

#6. Data retention

In short: we keep information only as long as we need it. The upper bounds are below.

Category	Retention
Demo-request submissions	Up to 24 months from last contact
Email correspondence	Up to 24 months, longer if subject to legal hold
Server / security logs	Short operational period
Aggregated analytics	Retained without individual identifiers
Records subject to legal hold	Until the hold is released

Category: Demo-request submissions
Retention: Up to 24 months from last contact

Category: Email correspondence
Retention: Up to 24 months, longer if subject to legal hold

Category: Server / security logs
Retention: Short operational period

Category: Aggregated analytics
Retention: Retained without individual identifiers

Category: Records subject to legal hold
Retention: Until the hold is released

You may request deletion of demo-request information at any time at [email protected].

#7. Your rights

In short: you have rights to access, correct, delete, and limit how we process your information. To use them, email [email protected].

7.1 All visitors

Subject to applicable law, you may have rights to access the information we hold about you, correct inaccurate information, request deletion, restrict or object to certain processing, and request portability of information you provided.

7.2 California (CCPA / CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, California residents have additional rights to know, delete, correct, and limit the use of sensitive personal information. We have not collected sensitive personal information through the Site. We do not sell, share for cross-context behavioral advertising, or rent personal information. To exercise CCPA rights, email [email protected].

7.3 Other US state rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida, and other US states granting equivalent rights may have rights to access, correct, delete, port their personal information, and opt out of targeted advertising, sale, or profiling that produces legal or similarly significant effects. To exercise these rights, email [email protected].

7.4 EEA, UK, and Switzerland

Under the GDPR and UK GDPR, the lawful bases we rely on are: consent (when you submit the form), legitimate interests (responding to your inquiry and securing the Site), and legal obligation. You may lodge a complaint with your local supervisory authority. (See also the targeting note at the end of this Policy.)

7.5 Global Privacy Control

We do not sell, share for cross-context behavioral advertising, or rent personal information. Where your browser sends a Global Privacy Control signal, we honor it as an opt-out request.

7.6 How to exercise rights

Email [email protected] with your request. We may ask you to confirm the request from the email address on file before we act on it. We will respond within the time required by applicable law (generally 45 days, with a single 45-day extension where permitted). For states that provide an appeals process, you may appeal a denied request by replying to our response.

#8. Security

In short: we use standard administrative, technical, and physical safeguards. No system is perfectly secure.

We use administrative, technical, and physical safeguards including encryption in transit, access controls on production systems, and enterprise-grade hosting infrastructure. No system is perfectly secure; we cannot guarantee absolute security.

#9. International transfers

In short: we're US-based, so your information will be processed in the United States.

Voxenti is based in the United States. If you contact us from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

#10. Children

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. For California residents under 16, we do not sell or share personal information.

#11. Automated decision-making

We do not engage in automated decision-making that produces legal or similarly significant effects through this Site.

#12. Changes to this Policy

We may update this Policy from time to time. We will update the "Effective Date" and "Last reviewed" dates above and, for material changes, notify you by reasonable means (for example, a notice on the Site).

#13. Contact us

Voxenti
[email protected]

Voxenti targets US healthcare providers. We do not knowingly market or offer services to data subjects in the EU, UK, or Switzerland. Visitors from those regions who contact us may exercise their data-protection rights at [email protected].

Back to demo page