Privacy Policy

Last updated: May 11, 2026

Sonicwell Technology Limited ("we", "us", or "our") operates the VOXP!N application (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

1. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you:

• Location Data: As a core feature of VoxPin (Location-Based Services), we collect and process your exact location data to enable dropping "Voice Pins" and joining geographic PTT channels. You can control location permissions via your device settings.
• Audio Data: We collect audio recordings (Voice Pins) and real-time voice streams (PTT) you create to deliver them to intended recipients. Microphone access is requested at runtime and only activated while you are actively transmitting (Push-to-Talk button held).
• Account Data: If you register, we collect a username, phone number, or email address to authenticate you.
• Device Data: We collect device identifiers (device model, OS version, app version) and push notification tokens to deliver real-time PTT wake-up notifications. On iOS, we use Apple Push Notification Service (APNs) tokens (including VoIP push tokens). On Android, we use Firebase Cloud Messaging (FCM) tokens issued by Google. Tokens are bound to your account and rotated when you reinstall or change devices.
• Token Rotation and Device-Token Hygiene: When a user signs out and a new user signs in on the same physical device, our server detects that the FCM, APNs, or VoIP token now belongs to a different account and immediately revokes the binding from the previous account. This prevents push notifications intended for the previous owner from continuing to wake the device after a handover, sale, or sign-out. Token unbinding runs automatically on every device-status report and requires no user action.
• Diagnostic Data: We collect crash reports and limited performance metrics (e.g., audio packet loss, network latency, app version) via Firebase Crashlytics on Android to diagnose issues. Crash reports may include stack traces and device characteristics but never include the contents of your voice messages, location coordinates, or contacts. You can opt out of crash reporting in the app's Privacy settings.

2. Use of Data

Sonicwell Technology Limited uses the collected data for various purposes:

• To provide and maintain the Service
• To notify you about changes to our Service
• To allow you to participate in interactive spatial features
• To provide customer care and support
• To maintain App safety and prevent abuse
• To monitor usage patterns and improve the Service

3. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

• Voice Pins: Retained until you delete them or your account is closed.
• Real-Time PTT Audio: Transmitted in real-time and not persistently stored on our servers. Audio streams are relayed in-memory and discarded immediately after delivery.
• Account Data: Retained while your account is active. Upon account deletion, all personal data is permanently removed within 30 days.
• Location Data: Precise location is used transiently for LBS features and is not stored beyond the session, except where you explicitly attach it to a Voice Pin.

4. International Data Transfers

Your information may be transferred to — and maintained on — servers located in the following regions:

• Hong Kong SAR (Primary Database, Redis cache)
• Singapore (Media Relay Node, primary API entry)
• Los Angeles, USA (Media Relay Node)
• Zhangjiakou, China (Media Relay Node, China-region service)

All inter-node communication between our servers is encrypted via WireGuard VPN tunnels. Communication between your device and our servers is encrypted in transit (TLS / DTLS). By using the Service, you consent to the transfer of your data to these locations.

5. Your Rights Under GDPR (European Users)

If you are a resident of the European Economic Area (EEA), you have the following data protection rights under the General Data Protection Regulation (GDPR):

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate personal data.
• Right to Erasure: You can request that we delete your personal data ("right to be forgotten").
• Right to Data Portability: You can request a machine-readable copy of your data.
• Right to Object: You can object to the processing of your personal data in certain circumstances.
• Right to Restrict Processing: You can request that we limit how we use your data.

To exercise any of these rights, please contact us at privacy@voxpin.app. We will respond within 30 days.

6. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request the deletion of your personal information.
• Right to Opt-Out: You can opt out of the sale of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We do not sell your personal information. To exercise your rights, contact us at privacy@voxpin.app.

7. Account and Data Deletion

VoxPin provides two ways to permanently delete your account and all associated data, in compliance with Apple App Store and Google Play Store data deletion requirements:

1. In-App Deletion (preferred): Open VoxPin → Profile → Settings → Account → Delete Account. Confirmation will be required. Deletion takes effect immediately.
2. Web / Email Request: Send a deletion request to privacy@voxpin.app from the email address associated with your account. We will verify your identity and process the deletion within 7 business days.

Upon receiving your request, we will:

• Deactivate your account immediately
• Permanently delete all personal data, Voice Pins, and associated content within 30 days
• Remove your data from all backup systems within 90 days
• Revoke all push notification tokens (APNs, FCM) bound to your account

What is retained: Anonymized aggregate metrics (e.g., daily active user counts) and legally required records (e.g., financial transaction logs, if any) may be retained for the period mandated by law. None of these contain personally identifiable information.

8. Third-Party Services and SDKs

Our Service integrates with the following third-party services. Each provider processes data according to its own privacy policy:

• Apple Inc. (iOS only): Push Notifications (APNs / VoIP), Sign in with Apple — subject to Apple's Privacy Policy. Data shared: APNs device token, VoIP token (no message content).
• Google LLC — Firebase Cloud Messaging (Android only): Used to deliver PTT wake-up push notifications. Subject to Firebase Privacy and Security. Data shared: FCM registration token, app instance ID, payload metadata (speaker name, group ID). Voice content is never sent through FCM.
• Google LLC — Firebase Crashlytics (Android only): Used to collect crash reports and diagnose stability issues. Subject to Firebase Privacy and Security. Data shared: crash stack traces, device model, OS version, app version, custom keys (distribution channel). Voice messages, location, and contacts are never included in crash reports.
• Google LLC — Firebase Analytics (Android only): Required by Crashlytics. Collects anonymized app usage metrics (sessions, screen views, app version). You can opt out in the app's Privacy settings.
• Google Play Services (Android only): Required to deliver push notifications via Google's infrastructure. Subject to Google Privacy Policy.
• OpenAI: AI-assisted features (e.g., playlist generation). Only user prompts are sent; no personally identifiable information is transmitted.

The full list of SDKs included in our Android app: com.google.firebase:firebase-messaging, com.google.firebase:firebase-crashlytics, com.google.firebase:firebase-analytics, com.squareup.okhttp3:okhttp, org.osmdroid:osmdroid-android (offline maps), io.coil-kt:coil-compose (image loading), com.jakewharton.timber:timber (logging — local only).

9. Children's Privacy and Age Restrictions

VoxPin is not directed to children under the age of 13 (or 16 in regions where the GDPR applies). We do not knowingly collect personally identifiable information from anyone in this age group. If you are a parent or guardian and become aware that your child has provided us with Personal Data, please contact us at privacy@voxpin.app and we will delete the information promptly.

The App is not designed for or marketed to children. Our App Store / Play Store target audience rating is set accordingly:

• Apple App Store: Age rating 17+ (per Apple's content rating guidelines).
• Google Play Store: Target audience: Adults only. Distributed in compliance with Google Play Families Policy.

This App complies with both Apple's App Store Review Guidelines and Google Play Developer Program Policies, including data handling, permission, and disclosure requirements.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

• Email: privacy@voxpin.app
• Support: Support Page
• Mail: Sonicwell Technology Limited, Room 704, 7/F., Tower A, New Mandarin Plaza, 14 Science Museum Road, TST East, Kowloon, Hong Kong