← Back to Imagine Voxa

Data Protection & GDPR

Last updated: March 30, 2026

1. Our Commitment

Imagine Voxa is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page explains how we handle your data and the rights you have.

2. Data Controller

Imagine Voxa acts as the data controller for the personal information collected through the platform. For data protection inquiries, contact us at arvinrajani71@gmail.com.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide you with the services you signed up for (account management, content generation, social media publishing).
  • Legitimate Interest: Improving our platform, preventing abuse, and ensuring security.
  • Consent: Where you explicitly consent to specific data processing activities (e.g., connecting social media accounts).

4. Data We Collect

  • Identity Data: Name, email address, and profile picture from Google OAuth.
  • Brand Data: Brand names, logos, color palettes, descriptions, and uploaded documents you provide.
  • Content Data: AI-generated posts, images, and associated metadata.
  • Connection Data: OAuth tokens for LinkedIn and Meta platforms (encrypted at rest).
  • Usage Data: Feature usage, credit consumption, and platform interactions.

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten"). You can delete your account and all associated data from the Settings page.
  • Right to Restriction: Request restriction of processing in certain circumstances.
  • Right to Data Portability: Request your data in a structured, machine-readable format. You can export your data from the Settings page.
  • Right to Object: Object to processing based on our legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (e.g., revoking social media connections).

6. Data Storage & Security

  • All data is stored on Supabase infrastructure (hosted on AWS in the EU/US depending on project configuration).
  • Data in transit is protected by TLS 1.2+ encryption.
  • Data at rest is encrypted using AES-256.
  • OAuth access tokens are stored securely and never exposed to the client.
  • We do not store payment card details — all billing is handled by our payment processor.

7. Data Retention

  • Account data is retained as long as your account is active.
  • Generated content is retained until you delete it or close your account.
  • Upon account deletion, all personal data is permanently removed within 30 days.
  • Anonymized usage statistics may be retained for service improvement purposes.

8. International Transfers

Your data may be processed by third-party services (OpenAI, Vercel) located outside the EEA. Where this occurs, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Data Sub-Processors

We use the following sub-processors:

  • Supabase (AWS): Database, authentication, and file storage.
  • OpenAI: AI text generation and image generation.
  • Vercel: Application hosting and edge functions.
  • Google: OAuth authentication provider.
  • LinkedIn (Microsoft): Social media publishing API.
  • Meta: Facebook and Instagram publishing API.

10. Exercising Your Rights

To exercise any of your data protection rights, email us at arvinrajani71@gmail.com with the subject line "GDPR Request". We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.