Priovox

Privacy Policy - Priovox

Last updated: February 7, 2026

1. Data Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Haus B GmbH
operating under the brand Priovox
Mainzer Straße 98
66121 Saarbrücken
Germany

Email: [email protected]

2. Overview of Data Processing

We process personal data in connection with the operation of our website priovox.com and in the course of providing our AI-powered telephony services. All processing is carried out in accordance with the GDPR and the German Federal Data Protection Act (BDSG). The following sections provide detailed information about the nature, scope, and purpose of data processing.

3. Website — Server Log Files

When you access our website, your browser automatically sends information to our web server. This information is temporarily stored in log files.

The following information is collected automatically and stored until deletion:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the accessed file
  • Amount of data transferred
  • Website from which access is made (referrer URL)
  • Browser used and, where applicable, the operating system of your device and the name of your access provider

This data is processed for the following purposes: ensuring a smooth connection to the website, ensuring comfortable use of our website, evaluating system security and stability, and for other administrative purposes.

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above. The collected data is automatically deleted after no more than 7 days.

4. Website — Contact Form

If you contact us via the contact form provided on the website, the information you provide in the form — including your contact details (name, email address, phone number if applicable, company, message) — will be stored by us for the purpose of processing your inquiry and in case of follow-up questions.

The processing of data entered in the contact form is based on Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (our legitimate interest in responding to your inquiry).

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions — in particular retention periods under Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO) — remain unaffected.

5. Website — Cookies and Tracking

Our website uses only technically necessary cookies that are required for the operation of the website. No consent is required for technically necessary cookies pursuant to Section 25(2) TDDDG.

We currently do not use any analytics or marketing cookies. Should such technologies be used in the future, we will update this privacy policy accordingly and obtain your consent pursuant to Section 25(1) TDDDG.

6. AI Voice Telephony Service

6.1 General

Priovox provides AI-powered telephone agents for business clients. In this context, Haus B GmbH generally acts as a data processor pursuant to Art. 28 GDPR on behalf of the respective business clients (data controllers). The following information is provided as supplementary notice to data subjects whose data is processed in connection with our telephony services.

6.2 Categories of Data Processed

The following categories of data may be processed in connection with our AI telephony services:

  • Voice recordings: Recordings of telephone conversations conducted with the AI telephone agent
  • Transcripts: Text-based transcriptions of conversations
  • Metadata: Call duration, timestamps, phone number (where available), and technical connection data

6.3 Legal Basis

The processing of data in connection with the telephony service is based on the following legal grounds:

  • Art. 6(1)(b) GDPR: Performance of the contract with our business clients
  • Art. 6(1)(f) GDPR: Legitimate interest in optimizing and ensuring service quality
  • Art. 6(1)(a) GDPR: Consent, where obtained (e.g., notification of call recording at the beginning of a call)

6.4 Classification of Voice Data

Voice recordings may, under certain circumstances, be classified as biometric data within the meaning of Art. 4(14) GDPR. Where such classification applies, processing is carried out exclusively on the basis of explicit consent pursuant to Art. 9(2)(a) GDPR.

6.5 Retention Periods

  • Voice recordings: Deleted no later than 30 days after processing
  • Transcripts: Stored for the duration of contract fulfillment, up to a maximum of 12 months, then deleted
  • Anonymized analytics data: May be retained without time limitation, as no personal reference remains

6.6 No AI Training with Customer Data

Customer data is not used for training or improving AI models. Data is not shared with third parties, not combined with data from other customers, and not used for cross-model learning processes.

6.7 Data Processing Agreement

A data processing agreement (DPA) pursuant to Art. 28 GDPR is concluded with each business client, governing the details of data processing, technical and organizational measures, and the rights and obligations of the parties.

7. Hosting and Infrastructure

Our website is hosted on servers in Germany. Processing is based on Art. 6(1)(f) GDPR in the context of our legitimate interest in the secure and efficient provision of our online services.

To protect our website and optimize network performance, we use services provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Personal data (in particular IP addresses and request metadata) may be processed through Cloudflare's network. Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF). In addition, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR have been agreed upon. Further information can be found in Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/.

The infrastructure for our AI voice processing services is operated by specialized service providers within the European Union. All voice data is processed and stored exclusively on servers within the EU.

8. Recipients and Categories of Recipients

Your personal data will only be disclosed to third parties insofar as this is necessary for the fulfillment of our contractual or legal obligations, or you have given your express consent. The following categories of recipients may be involved:

  • Network security and content delivery providers: Cloudflare, Inc. (USA) — for securing and optimizing website performance
  • AI speech processing service providers: Specialized providers within the European Union for processing voice data in connection with our telephony service
  • Hosting infrastructure providers: Providers in Germany for operating our server infrastructure

Your data is not sold or shared with third parties for advertising purposes.

9. Data Transfers to Third Countries

The processing of personal data generally takes place within the EU/EEA.

Where data processing by Cloudflare, Inc. (USA) takes place, this is safeguarded by the European Commission's adequacy decision on the EU-U.S. Data Privacy Framework as well as additionally agreed Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

All voice data from our AI telephony service is processed and stored exclusively within the European Union.

10. Retention Periods Overview

  • Server log files: 7 days
  • Contact form inquiries: Duration of processing plus statutory retention periods (up to 10 years pursuant to Section 257 HGB, Section 147 AO)
  • Voice recordings: 30 days
  • Transcripts: 12 months
  • Contract and billing data: 10 years (Section 257 HGB, Section 147 AO)
  • Anonymized/aggregated data: No time limitation

11. Your Rights as a Data Subject

You have the following rights with respect to your personal data:

  • Right of access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to withdraw consent pursuant to Art. 7(3) GDPR

Right to Object (Art. 21 GDPR)

Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing pursuant to Art. 21 GDPR on grounds relating to your particular situation. To exercise your right to object, please send an email to [email protected].

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us is:

Unabhängiges Datenschutzzentrum Saarland
Fritz-Dobisch-Straße 12
66111 Saarbrücken
Germany
www.datenschutz.saarland.de

12. Data Security

We employ technical and organizational security measures pursuant to Art. 32 GDPR to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures include in particular:

  • Encryption of data in transit using TLS/SSL
  • Encryption of stored data (encryption at rest)
  • Access controls and authentication procedures
  • Regular security assessments
  • Documented processes for detecting and reporting security incidents

Our security measures are continuously improved in line with technological developments.

13. Changes to This Privacy Policy

This privacy policy is currently valid as of February 2026. Due to the further development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed at any time on this website.