Priovox

Privacy Policy - Priovox

Last updated: April 15, 2026

1. Data Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Haus B GmbH
operating under the brand Priovox
Mainzer Straße 98
66121 Saarbrücken
Germany

Email: [email protected]

2. Overview of Data Processing

We process personal data in connection with the operation of our website priovox.com and in the course of providing our AI-powered telephony services. All processing is carried out in accordance with the GDPR and the German Federal Data Protection Act (BDSG). The following sections provide detailed information about the nature, scope, and purpose of data processing.

3. Website — Server Log Files

When you access our website, your browser automatically sends information to our web server. This information is temporarily stored in log files.

The following information is collected automatically and stored until deletion:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the accessed file
  • Amount of data transferred
  • Website from which access is made (referrer URL)
  • Browser used and, where applicable, the operating system of your device and the name of your access provider

This data is processed for the following purposes: ensuring a smooth connection to the website, ensuring comfortable use of our website, evaluating system security and stability, and for other administrative purposes.

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above. The collected data is automatically deleted after no more than 7 days.

4. Website — Contact Form

If you contact us via the contact form provided on the website, the information you provide in the form — including your contact details (name, email address, phone number if applicable, company, message) — will be stored by us for the purpose of processing your inquiry and in case of follow-up questions.

The processing of data entered in the contact form is based on Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (our legitimate interest in responding to your inquiry).

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions — in particular retention periods under Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO) — remain unaffected.

5. Website — Cookies and Tracking

5.1 Cookie Consent

When you first visit our website, a cookie banner is displayed allowing you to grant, customize, or decline consent for analytics and marketing cookies. Your choice is stored in a cookie called priovox_consent (retention: 1 year) so that the banner is not shown again on subsequent visits. You can change your settings or withdraw your consent at any time via the "Cookie settings" link in the footer of our website.

Technically necessary cookies are set without consent pursuant to Section 25(2) TDDDG. For all other cookies and tracking technologies, we obtain your consent pursuant to Section 25(1) TDDDG and Art. 6(1)(a) GDPR.

5.2 Google Tag Manager

We use Google Tag Manager (GTM), a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GTM is a technical management tool that controls the loading of analytics and marketing scripts. GTM itself does not collect personal data and does not set cookies. The services managed via GTM are only loaded after you have granted your consent.

Legal basis: Art. 6(1)(a) GDPR (consent).

5.3 Google Analytics 4

If you have granted your consent, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited. Google Analytics uses cookies that enable an analysis of your use of the website. The following data is processed: pages visited, session duration, device information, and approximate location (country/city). IP anonymization is active, meaning your IP address is truncated within the EU/EEA before transmission.

The collected data may be transferred to the USA. The data transfer is safeguarded by the European Commission's adequacy decision on the EU-U.S. Data Privacy Framework as well as additionally agreed Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

Retention period: 14 months. Legal basis: Art. 6(1)(a) GDPR (consent). Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

5.4 Google Ads Conversion Tracking

If you have granted your consent, we use Google Ads Conversion Tracking to measure the effectiveness of our advertising campaigns. When you reach our website via a Google ad, a conversion cookie is set. This cookie is used to determine whether a specific action (e.g., form submission) was completed. No personal identification takes place.

Legal basis: Art. 6(1)(a) GDPR (consent). Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

5.5 Meta Pixel

If you have granted your consent, we use the Meta Pixel to measure the effectiveness of our advertising campaigns on Facebook and Instagram. The following data is processed: pages visited, actions taken, and device information. Data is transmitted to Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Data transfers to the USA are safeguarded by the adequacy decision on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).

Legal basis: Art. 6(1)(a) GDPR (consent). Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

5.6 EU Analytics Service

If you have granted your consent, we use an analytics service hosted in the European Union (data center: Frankfurt am Main, Germany) to analyze website usage and improve our services. The following data is processed: pages visited, click behavior, session duration, and device information. All data is processed and stored exclusively on servers within the European Union. No data transfers to third countries take place.

The service is only activated after you have granted your consent. If you decline analytics cookies, no data is collected. Input fields are automatically masked in session recordings, ensuring that no passwords or sensitive information is visible. IP addresses are not stored.

Legal basis: Art. 6(1)(a) GDPR (consent). Provider: Specialized analytics service provider based in the European Union.

On our customer portal (app.priovox.com), we use the same EU analytics service to improve product quality. Processing is cookie-free (in-memory only) and based on Art. 6(1)(f) GDPR (legitimate interest in optimizing our service). You may object to this processing at any time by emailing [email protected].

5.7 Cookie Overview

Cookie Purpose Retention Provider
priovox_consent Stores cookie preferences 1 year Priovox
_ga, _ga_* Google Analytics 14 months Google
_gcl_au Google Ads Conversion 90 days Google
_fbp Meta Pixel 90 days Meta

5.8 Withdrawal of Consent

You can withdraw your consent at any time with effect for the future by accessing the cookie settings via the "Cookie settings" link in the footer of our website and changing your selection.

6. AI Voice Telephony Service

6.1 General

Priovox provides AI-powered telephone agents for business clients. In this context, Haus B GmbH generally acts as a data processor pursuant to Art. 28 GDPR on behalf of the respective business clients (data controllers). The following information is provided as supplementary notice to data subjects whose data is processed in connection with our telephony services.

6.2 Categories of Data Processed

The following categories of data may be processed in connection with our AI telephony services:

  • Voice recordings: Recordings of telephone conversations conducted with the AI telephone agent
  • Transcripts: Text-based transcriptions of conversations
  • Metadata: Call duration, timestamps, phone number (where available), and technical connection data

6.3 Legal Basis

The processing of data in connection with the telephony service is based on the following legal grounds:

  • Art. 6(1)(b) GDPR: Performance of the contract with our business clients
  • Art. 6(1)(f) GDPR: Legitimate interest in optimizing and ensuring service quality
  • Art. 6(1)(a) GDPR: Consent, where obtained (e.g., notification of call recording at the beginning of a call)

6.4 Classification of Voice Data

Voice recordings may, under certain circumstances, be classified as biometric data within the meaning of Art. 4(14) GDPR. Where such classification applies, processing is carried out exclusively on the basis of explicit consent pursuant to Art. 9(2)(a) GDPR.

6.5 Retention Periods

  • Voice recordings: Deleted no later than 30 days after processing
  • Transcripts: Stored for the duration of contract fulfillment, up to a maximum of 12 months, then deleted
  • Anonymized analytics data: May be retained without time limitation, as no personal reference remains

6.6 No AI Training with Customer Data

Customer data is not used for training or improving AI models. Data is not shared with third parties, not combined with data from other customers, and not used for cross-model learning processes.

6.7 Data Processing Agreement

A data processing agreement (DPA) pursuant to Art. 28 GDPR is concluded with each business client, governing the details of data processing, technical and organizational measures, and the rights and obligations of the parties.

7. Hosting and Infrastructure

Our website is hosted on servers in Germany. Processing is based on Art. 6(1)(f) GDPR in the context of our legitimate interest in the secure and efficient provision of our online services.

To protect our website and optimize network performance, we use services provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Personal data (in particular IP addresses and request metadata) may be processed through Cloudflare's network. Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF). In addition, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR have been agreed upon. Further information can be found in Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/.

The infrastructure for our AI voice processing services is operated by specialized service providers within the European Union. All voice data is processed and stored exclusively on servers within the EU.

8. Recipients and Categories of Recipients

Your personal data will only be disclosed to third parties insofar as this is necessary for the fulfillment of our contractual or legal obligations, or you have given your express consent. The following categories of recipients may be involved:

  • Network security and content delivery providers: Cloudflare, Inc. (USA) — for securing and optimizing website performance
  • AI speech processing service providers: Specialized providers within the European Union for processing voice data in connection with our telephony service
  • Hosting infrastructure providers: Providers in Germany for operating our server infrastructure
  • Web analytics and conversion tracking: Google Ireland Limited (Ireland) — for analyzing website usage and measuring advertising campaigns (only with consent)
  • Advertising measurement: Meta Platforms Ireland Limited (Ireland) — for measuring the effectiveness of advertising campaigns on Facebook and Instagram (only with consent)
  • Product analytics provider: Specialized provider within the European Union (data center: Germany) — for analyzing website usage and improving our services (consent-based on the website; legitimate interest on the customer portal)

Your data is not sold or shared with third parties for advertising purposes.

9. Data Transfers to Third Countries

The processing of personal data generally takes place within the EU/EEA.

Where data processing by Cloudflare, Inc. (USA) takes place, this is safeguarded by the European Commission's adequacy decision on the EU-U.S. Data Privacy Framework as well as additionally agreed Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

All voice data from our AI telephony service is processed and stored exclusively within the European Union.

Where data processing by Google Ireland Limited or Meta Platforms Ireland Limited takes place (web analytics, conversion tracking, advertising measurement), this is safeguarded by the European Commission's adequacy decision on the EU-U.S. Data Privacy Framework as well as additionally agreed Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. Such processing takes place exclusively on the basis of your consent (Art. 6(1)(a) GDPR).

10. Retention Periods Overview

  • Server log files: 7 days
  • Contact form inquiries: Duration of processing plus statutory retention periods (up to 10 years pursuant to Section 257 HGB, Section 147 AO)
  • Voice recordings: 30 days
  • Transcripts: 12 months
  • Contract and billing data: 10 years (Section 257 HGB, Section 147 AO)
  • Anonymized/aggregated data: No time limitation

11. Your Rights as a Data Subject

You have the following rights with respect to your personal data:

  • Right of access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to withdraw consent pursuant to Art. 7(3) GDPR

Right to Object (Art. 21 GDPR)

Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing pursuant to Art. 21 GDPR on grounds relating to your particular situation. To exercise your right to object, please send an email to [email protected].

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us is:

Unabhängiges Datenschutzzentrum Saarland
Fritz-Dobisch-Straße 12
66111 Saarbrücken
Germany
www.datenschutz.saarland.de

12. Data Security

We employ technical and organizational security measures pursuant to Art. 32 GDPR to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures include in particular:

  • Encryption of data in transit using TLS/SSL
  • Encryption of stored data (encryption at rest)
  • Access controls and authentication procedures
  • Regular security assessments
  • Documented processes for detecting and reporting security incidents

Our security measures are continuously improved in line with technological developments.

13. Changes to This Privacy Policy

This privacy policy is currently valid as of April 2026. Due to the further development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed at any time on this website.