Privacy Policy

Epic Voice (hereinafter “Company”, “we”, “us”) respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR — Regulation EU 2016/679), Greek law 4624/2019, and all applicable legislation.

This Privacy Policy explains what data we collect, why we collect it, how we use it, how we protect it, and what rights you have.

This policy applies to two categories of individuals:

• Customers: Businesses or individuals who use our services.
• End Users: Individuals who interact with our customers’ AI Voice Agents via phone.

The data controller for your personal data is:

Epic Voice — DIMITRIOS TZOUVARAS
VAT No (ΑΦΜ): 170530136
General Commercial Registry (ΓΕΜΗ): 188582003000
Email: info@epicvoice.gr
Phone: 211 234 0203
Website: epicvoice.gr

For data processed by AI Voice Agents in the context of serving end users, the data controller is the Customer (the business). Epic Voice acts as the data processor in accordance with the Customer’s instructions.

3.1 Customer data

When you register for and use our services, we collect:

• Personal data: Name, email address, phone number, company name.
• Business information: Hours of operation, services, prices, logo — information provided for the setup of the AI agent.
• Payment data: Bank details or card information (processed through a secure payment provider).
• Usage data: Call statistics, talk minutes, performance reports.

3.2 End user data

When someone calls a customer’s AI Voice Agent, the following may be collected:

• Caller phone number (caller ID).
• Date, time, and duration of the call.
• Call transcription (transcript).
• Call recording (if enabled by the customer).
• Information provided by the caller (e.g., name, appointment date, request).

3.3 Website data

When you visit epicvoice.gr, we may collect:

• Cookies and technical data: IP address, browser type, pages visited.
• Contact form data: Name, email, message.
• Analytics data: In anonymized form, via analytics tools.

We process your data for the following purposes:

• Service provision: Setting up and operating AI Voice Agents, managing appointments, handling calls.
• Billing and payments: Issuing invoices, managing subscriptions.
• Communication: Sending service-related notifications and system updates.
• Service improvement: Analyzing usage data to optimize performance.
• Marketing: Sending promotional communications (only with your consent).
• Legal compliance: Meeting tax and other legal obligations.

Data processing is based on one or more of the following legal bases (Article 6 GDPR):

• Contract performance (Article 6(1)(b)): To provide the services you have requested.
• Legitimate interests (Article 6(1)(f)): To improve services, ensure system security, and prevent fraud.
• Consent (Article 6(1)(a)): Where required, e.g., for marketing emails or non-essential cookies.
• Legal obligation (Article 6(1)(c)): To comply with tax legislation and other regulatory requirements.

We do not sell, rent, or trade your personal data. We may share data with:

• Service providers: AI platforms, speech synthesis and recognition services, cloud hosting, calendar and automation providers — solely for the operation of our services.
• Payment providers: For the secure processing of transactions.
• Legal authorities: When required by law or court order.

All third-party providers that process data on our behalf are bound by Data Processing Agreements (DPA) in accordance with Article 28 GDPR and are GDPR compliant.

7.1 Call recordings and transcripts

Call recordings and transcripts generated through the service are retained for ninety (90) days from the date of the call. After this period, both the audio file and the transcript are automatically and irrevocably deleted from our systems. Call metadata (duration, date, phone number, status) is retained for billing and accounting purposes.

7.2 Operational logs

Technical logs generated to monitor the proper operation of the service are retained for ninety (90) days and then automatically deleted.

7.3 Financial records

Billing records (purchases, invoices, payments, top-up balances) are retained for as long as required by applicable tax legislation (a minimum of five (5) years), regardless of the periods set out above.

7.4 Customer account information

Your account information (company name, email, VAT number, address) is retained for as long as your subscription is active. After termination or cancellation of your subscription, the information is retained for an additional thirty (30) days so you may request reactivation or data export, and is then pseudonymized or deleted.

7.5 Other categories

• Website data (cookies): In accordance with the lifetime of each cookie, as detailed in the cookie banner.
• Contact form data: Up to twelve (12) months after the request is completed.
• Marketing data: Until you withdraw your consent.

For your rights regarding the above data, see Section 8. For provisions concerning end users of calls, see Section 11.

Under the GDPR, you have the following rights:

• Right of access (Article 15): To know what data we hold about you.
• Right to rectification (Article 16): To request correction of inaccurate data.
• Right to erasure (Article 17): To request deletion of your data (“right to be forgotten”).
• Right to restriction (Article 18): To request restriction of processing.
• Right to portability (Article 20): To receive your data in a structured, electronic format.
• Right to object (Article 21): To object to specific processing activities.
• Right to withdraw consent: To withdraw your consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@epicvoice.gr. We will respond within thirty (30) days.

If you believe your rights are not being respected, you have the right to file a complaint with the Greek Data Protection Authority (DPA) at www.dpa.gr.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Access restricted to authorized personnel (principle of least privilege).
• Use of secure cloud platforms with certifications (e.g., SOC 2, ISO 27001).
• Regular security audits and software updates.
• Secure data centers located within the European Union.

Despite these measures, no system is 100% secure. In the event of a data breach, the relevant authorities (Greek Data Protection Authority) and affected individuals will be notified within 72 hours, in accordance with Articles 33 and 34 GDPR.

Our website uses cookies, which are categorized as follows:

• Essential cookies: Required for the website to function. No consent needed.
• Analytics cookies: Help us understand how the website is used (e.g., Google Analytics). Activated only with your consent.
• Marketing cookies: Used for ad targeting. Activated only with your consent.

You can manage your cookie preferences through the cookie banner on our website or through your browser settings.

Data is primarily processed within the European Union. For the operation of our AI Voice Agents, we may use technology providers based outside the European Economic Area (EEA).

Where data transfers outside the EEA occur, we apply appropriate safeguards in accordance with Articles 45 and 46 GDPR, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission (Implementing Decision 2021/914).
• Adequacy decisions: Where applicable (e.g., EU-US Data Privacy Framework).
• Data Processing Agreements (DPA): Signed with every provider in accordance with Article 28 GDPR.

You have the right to request information about the safeguards applied to data transfers by contacting us at info@epicvoice.gr.

Our services are intended for businesses and are not designed for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it promptly.

We may update this Privacy Policy from time to time. The date of the last update is indicated at the top of this document. In the event of significant changes, we will notify you via email and/or a prominent notice on our website.

Continued use of our services after notification constitutes acceptance of the updated policy.

For any questions about your personal data or this Privacy Policy:

Epic Voice — DIMITRIOS TZOUVARAS
VAT No (ΑΦΜ): 170530136
General Commercial Registry (ΓΕΜΗ): 188582003000
Email: info@epicvoice.gr
Phone: 211 234 0203
Website: epicvoice.gr