Privacy Policy

Thank you for visiting our website and for your interest in our services.

We, Volto GmbH, Kolonnenstraße 8, 10827 Berlin, Germany ("Volto.AI" or "we"/"us"), provide software that enables, among other things, the creation and execution of voice-based short surveys to efficiently and precisely capture consumer opinions (our "Services").

When you visit our website, use our online services and offerings, or when entering into or expressing interest in a contractual relationship with us, your personal data may be processed. The protection of your data is of paramount importance to us, and we would like to inform you through this privacy policy, in accordance with Article 13 of the General Data Protection Regulation (GDPR), about how we handle your personal data (hereinafter also referred to as "data").

For better readability, we use exclusively masculine forms for personal designations in this text. However, all formulations apply equally to all genders.

Last updated: 26.09.2025

Definitions

Our privacy policy should be easily readable and understandable for our website visitors, users, customers, business partners, and interested parties. To ensure this, we would like to explain the most important terminology. In this privacy policy, we use, among others, the following terms:

  • "personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"), such as name, address, email addresses, user behavior;
  • "processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • "profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Data Controller

Unless otherwise specified in this privacy policy, the controller within the meaning of Article 4(7) GDPR is:

Volto GmbH, Kolonnenstraße 8, 10827 Berlin, Germany

Email: support@volto.ai

For specific questions regarding the processing of your personal data and the exercise of your rights under the GDPR, you may contact the above-mentioned contact points at any time.

Log Files

When using our website for informational purposes, i.e., merely viewing without registration and without providing us with information in any other way, we process the following personal data that your browser transmits to our server:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (page visited)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Previously visited page
  • Browser type
  • Operating system used
  • Language and version of browser software
  • Hostname of the accessing computer

This data is technically necessary for us to display our website to you and to ensure stability and security, and must therefore be processed by us. The legal basis for this is Article 6(1)(1)(f) GDPR.

Data Security

For security reasons and to protect the transmission of confidential content, such as requests that you send to us, the website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Cookies

We use cookies on some areas of our website. Cookies are small text files that are stored on your device (e.g., computer, tablet, or mobile phone) by the browser when visiting a website and can be read by us or a third party. They serve to identify your device for a certain period of time.

Some of the cookies we use are so-called "session cookies" that are automatically deleted after the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.

Some cookies are necessary for the use of our website. These cookies are not used for analysis, tracking, or advertising purposes. They sometimes contain only information about specific settings and are not personal. These cookies are essential for user guidance, security, and the operation of the website. We use these cookies based on Article 6(1)(1)(f) GDPR to ensure basic functions of the website.

You can set your browser to inform you about the placement of cookies, making the use of cookies transparent to you. You can also delete cookies at any time through the appropriate browser setting and prevent the setting of new cookies. Please note, however, that this may result in our website possibly no longer being displayed and some functions no longer being technically available.

Contractual Partners

Insofar as we are in a contractual, contract-like, or pre-contractual business relationship with you, i.e., if you are already our customer or are interested in such a legal relationship ("contractual partners"), we process the following data as necessary:

  • Master data (e.g., first and last name, address, company, location)
  • Contact data (e.g., email address, telephone number)
  • Payment data (e.g., bank details, payment behavior, payment history)
  • Contract data (e.g., subject matter of contract, contract term, customer number)
  • Data on the use of our services (e.g., usage behavior, preferences, interests)

Processing is carried out to fulfill our contractual obligations pursuant to Article 6(1)(1)(b) GDPR and to safeguard our legitimate interests pursuant to Article 6(1)(1)(f) GDPR.

We use Pipedrive's CRM system for managing our customer relationships and providing our services. The provider is Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. The data is stored within the EU.

Detailed information can be found in Pipedrive's Trust Center at: https://www.pipedrive.com/de/trust-center.

The legal basis for this processing is Article 6(1)(1)(b) GDPR (contract performance and pre-contractual measures), Article 6(1)(1)(c) GDPR (legal obligation), and – otherwise – Article 6(1)(1)(f) GDPR (legitimate interest).

Use of Our Services

When you use our services and their short surveys, we process audio and voice recordings (your voice) as well as the demographic data optionally requested in the short survey (e.g., demographic information such as age, place of residence, income range, profession, gender).

Before evaluation, we anonymize your voice and your inputs by removing direct identifiers where possible and not using voice profiles for identification. Results are stored and provided in aggregated form, so that conclusions about your person are generally not possible.

Processing is based on your consent pursuant to Article 6(1)(1)(a) GDPR. You may withdraw any consent given at any time with effect for the future.

As a rule, we store and process personal data on behalf of our customers as a processor pursuant to Article 28 GDPR. In this case, the customer is the controller and bears responsibility for the lawfulness of collection and processing. Our processing is carried out exclusively on documented instructions from the respective customer.

If you have questions about personal data that we process on behalf of a customer, please contact this customer directly and observe their data protection information.

Insofar as we process data under our own responsibility, we are the controller. In these cases, processing is based on your consent pursuant to Article 6(1)(1)(a) GDPR. You may withdraw any consent given at any time with effect for the future.

Contact

When you contact us (e.g., online contact form, email, telephone, or via social media) as well as in the context of an existing business relationship with us, your data will be processed insofar as this is necessary to answer your contact request and any requested measures.

Regardless of the chosen form of communication, we collect the content of your request (e.g., entries in online contact forms, including name, email address).

We process your data for the following purposes: individual communication with you, administration and answering of inquiries, provision of our online offering and user-friendliness.

We process your data to safeguard our legitimate interests pursuant to Article 6(1)(1)(f) GDPR for the appropriate answering of contact requests. If you are inquiring about an impending or existing contractual relationship, processing is carried out for the performance of pre-contractual measures pursuant to Article 6(1)(1)(b) GDPR.

Newsletter

You have the option to subscribe to our newsletter. With our newsletter, we inform you about us and our offers. To subscribe to the newsletter, it is necessary to provide your email address. When you subscribe to the newsletter, your email address is transmitted to us (or our email provider) and stored there. After registration, you will receive an email to confirm your registration ("double opt-in").

Our newsletter is sent based on your prior express consent, Article 6(1)(1)(a) GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact options described in this privacy policy or via a link provided in the newsletter. After unsubscribing, we delete your email address from the recipient list, unless you have expressly consented to further use of your data pursuant to Article 6(1)(1)(a) GDPR or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this privacy policy.

If we receive your email address in connection with the sale of goods or services and you have not objected to this, we reserve the right to regularly send you offers for similar products or services to those already purchased or ordered from our range by email based on Section 7(3) of the German Act Against Unfair Competition (UWG). This serves to safeguard our legitimate interest in conducting direct marketing, which prevails in the context of a balancing of interests, Article 6(1)(1)(f) GDPR. You may object to this use of your email address at any time by sending a message to the contact options described in this privacy policy or via a link provided in the advertising email (see also below regarding the right to object), without incurring any costs other than transmission costs according to basic rates.

OpenAI

For the automated evaluation of short surveys, we provide an interface to the AI service of OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA. We use this service provider to analyze your survey content in aggregated form. Since OpenAI is a company based in the USA, a transmission of data to a third country without an adequate level of data protection cannot be completely excluded. We therefore pay particular attention to ensuring that no sensitive or identifying information is transmitted. Insofar as personal data is processed in individual cases, this is done on the basis of standard contractual clauses that we have concluded with OpenAI.

We use – where possible – the most privacy-friendly configuration and pay attention to careful and conscious handling of the technology.

Details on data protection at OpenAI can be found here: https://openai.com/de-DE/policies/row-privacy-policy/

Deepgram

We use the AI service "Deepgram" from Deepgram, Inc., 548 Market St, Suite 25104, San Francisco, CA 94104-5401 for transcription of voice recordings and anonymization. Since Deepgram is a company based in the USA, a transmission of data to a third country without an adequate level of data protection cannot be completely excluded. We therefore pay particular attention to ensuring that no sensitive or identifying information is transmitted. Insofar as personal data is processed in individual cases, this is done on the basis of standard contractual clauses that we have concluded with Deepgram.

Details on data protection at Deepgram can be found at: https://deepgram.com/privacy

Google Cloud

To provide our services, we use the cloud services of Google Cloud, where data is stored and processed. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data is stored within the EU (Frankfurt).

Further information can be found at: https://policies.google.com/privacy?tid=131596225.

Social Media Presence

We maintain various presences on so-called social media platforms. We operate presences with the following providers:

  • LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; Website: https://de.linkedin.com/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy

When you visit our presences on social networks, your personal data is processed by the respective providers. In addition to us, the providers of the social networks are also responsible for data processing.

We have concluded agreements with the providers of the social networks regarding joint responsibility for data processing. In these agreements, we have determined which data processing operations we or the respective providers carry out. You can view the agreements on joint responsibility at the respective providers of the social networks.

The legal basis for the use of the respective social networks is Article 6(1)(1)(f) GDPR. The analysis processes of the social networks may be based on other legal bases that must be specified by the respective providers of the social networks.

Regarding information requests and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to users' data and can take appropriate measures and provide direct information. If you still need help, you can contact us.

The providers of the social media platforms explain in their privacy policies what information they receive and how it is used. These statements (see links above) also contain information on contact options and settings for advertisements.

Data Storage and Deletion

The data processed by us will be deleted in accordance with legal provisions as soon as your consent to data processing is revoked or when the purpose for processing this data ceases to exist or the data is no longer necessary for the purpose. This means that we only store your personal data for as long as it is necessary for the respective processing purpose and limit the storage period to the required minimum. Furthermore, we only store your data if we are entitled or obligated to do so according to legal retention periods.

Your Data Subject Rights

You have the right to:

  • Information pursuant to Article 15 GDPR,
  • Rectification pursuant to Article 16 GDPR,
  • Erasure pursuant to Article 17 GDPR,
  • Restriction of processing pursuant to Article 18 GDPR,
  • Data portability pursuant to Article 20 GDPR,
  • Objection pursuant to Article 21 GDPR,
  • Withdrawal of consent pursuant to Article 7(3) GDPR,
  • Complaint to the supervisory authority pursuant to Article 77 GDPR.

Furthermore, you may withdraw any consent given for the processing of personal data from us at any time. The withdrawal can be made via the contact options described in this privacy policy. Please note that the withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected by this.

Furthermore, there is a right to complain to the data protection supervisory authority pursuant to Article 77 GDPR.

Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Article 6(1)(1)(e) or (f) GDPR; this also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

The objection can be made via the contact options described in this privacy policy.

Data Processing When Accessing Linked Content

This website may contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, and we have no influence on the content of third-party sites. If you are redirected to other sites via links on the website, please inform yourself there about the respective handling of your data.

Automated Decision-Making / Profiling

Automated decision-making or profiling does not take place.

Changes to This Privacy Policy

Due to the further development of our website and services as well as our online offering or due to changed legal and regulatory requirements, it may become necessary to occasionally adapt this privacy policy.

If you have questions regarding the processing of your data, you can contact us at any time.