Security Practices

Our Security Practices

How We Protect Your Data

Our Commitment to Your Security

VocalCalm is committed to protecting the privacy and security of your personal data. As a wellness coaching service, we voluntarily adopt industry security best practices to ensure your information is handled with care and protected from unauthorized access.

Privacy by Design

We implement privacy-focused architecture where AI services process your conversations without knowing your identity. Your name and email are kept separate from conversation content.

How We Protect Your Data

Encryption

We use encryption to protect your data:

  • Transport encryption (TLS 1.2+) for all data transmitted between your device and our servers
  • Encryption at rest (AES-256) for all stored data in our database
  • Secure WebSocket connections for real-time voice communications

Anonymous Processing

Your privacy is protected through separation of identity and content:

  • AI processing services receive only conversation content—no name, email, or identifying information
  • Memory storage uses anonymous identifiers (UUIDs) rather than personal details
  • Voice communication services use anonymous participant IDs

Access Controls

We implement strict access controls to protect your information:

  • Row-level security ensures you can only access your own data
  • Authentication required for all API access
  • Regular security monitoring and audit logging

Data Minimization

We collect only what's necessary to provide our wellness coaching service:

  • Email address for account authentication
  • Wellness preferences and coaching goals
  • Insight-level notes for personalized coaching continuity

We do not collect insurance information, medical records, or other sensitive health data beyond what you voluntarily share during coaching sessions.

Data Security Measures

We implement comprehensive security measures to protect your data:

  • • Transport encryption for all communications
  • • Secure cloud infrastructure with regular security updates
  • • Data protection agreements with all service providers
  • • Regular security reviews and monitoring
  • • Minimal data retention practices

Your Rights

You have full control over your data:

Access Your Data

You can access all your data through your account profile at any time. This includes insight notes, coaching preferences, and progress information.

Request Corrections

If you believe any information we have is incorrect, you can update your profile information or contact us to request corrections.

Delete Your Account

You can request deletion of your account and all associated data at any time through your profile settings. Your data will be permanently removed within 72 hours of confirmation, or after a grace period if you have an active subscription.

Export Your Data

You can export all your data in a portable format directly from your profile, including insight notes, summaries, and preferences.

Third-Party Service Providers

We work with trusted service providers to deliver our wellness coaching service. Most providers receive only anonymous data without your personal identity. All providers are bound by data protection agreements. For full details, see our Privacy Policy.

Complaints and Questions

If you have concerns about how we handle your data, you have the right to:

Changes to This Notice

We may update this security practices notice from time to time. We will post the current version on our website and notify users of significant changes.

Contact Information

If you have questions about our security practices or wish to exercise your data rights, please contact:

Data Controller

eHealth Systems Ltd
Email: [email protected]

Last updated: December 2025