Privacy Policy

Version 2.1 · Last updated: July 2026

The plain-English version: HeyVox records the voicemails people leave you, transcribes them with AI, and shows them to you (and anyone you invite). We collect what's needed to run that service — nothing more. We don't sell your information, and we don't use your voicemails for advertising. Audio recordings delete after 30 days; your written log (transcripts and details) is kept for a period you choose — up to 12 months — for your record keeping. You can turn HeyVox off, export or shorten your log, or delete your account at any time. The detail is below.

1. Who we are and what this covers

HeyVox is a voicemail and AI receptionist service operated by Gabriel Denemark, a sole trader in Perth, Western Australia, trading as HeyVox (referred to as "HeyVox", "we", "us"). This policy covers the HeyVox Android application, the HeyVox web portal at heyvoxapp.com/app, the HeyVox backend service, and the heyvoxapp.com website. The portal provides access to the same inbox described below using your Google sign-in; no additional categories of information are collected through it.

Although some small businesses are exempt from parts of the Privacy Act 1988 (Cth), we have chosen to comply with the Privacy Act and all thirteen Australian Privacy Principles (APPs) in full, and this policy is written and operated on that basis. We also participate in the Notifiable Data Breaches scheme (see section 12).

2. The information we collect

2.1 Your account

2.2 Phone numbers and telephony data

2.3 Voicemail content (including other people's personal information)

Voicemail content necessarily includes the personal information of the people who call you (their voice, number, and whatever they choose to say). Section 6 explains how callers are notified and what your responsibilities are.

2.4 Shared access

If you invite someone to help manage your inbox, we collect their email address, the permissions you grant them, when they join, and a record of the changes they make (so actions in a shared inbox are attributable).

2.5 Payments

Subscriptions are processed entirely by Google Play. We receive confirmation of your plan and a purchase token to verify your subscription. We never receive or store your card or bank details.

2.6 Device permissions — what stays on your phone

The app requests several Android permissions. Most of the information they access is processed on your device only and never reaches our servers:

PermissionUsed forWhere it goes
Phone state / numbers / call logDetecting your SIMs and missed calls so the app can guide setup and match messagesOn device only
ContactsShowing a caller's name from your address book against their messageOn device only
MicrophoneRecording your voicemail greeting when you choose to record oneGreeting uploaded — nothing else is recorded
CalendarCreating an event when a caller mentions an appointment and you tap to add itOn device only
Biometrics / app-lock PINOptionally locking the appOn device only — the PIN never leaves your phone
NotificationsAlerting you to new voicemailsPush token stored to deliver alerts

2.7 Analytics and the website

We use Google Analytics on heyvoxapp.com and basic diagnostics in the app to understand usage and fix problems. Analytics is configured with IP anonymisation, and we do not feed voicemail content into analytics. Our website does not use advertising trackers.

3. How we collect information

Directly from you (sign-up, configuration, support requests); automatically when callers interact with your HeyVox number; from Google (sign-in and billing confirmations); and from our carrier partner when calls are routed. Where it is practicable to deal with us anonymously — for example, general website enquiries — you may do so; however, the HeyVox service itself cannot be provided anonymously, because routing your calls requires your phone number and account (APP 2).

4. Why we collect it (purposes)

We use and disclose personal information only for these purposes, closely related purposes you would reasonably expect, or as otherwise permitted by law (APP 6). We do not sell personal information. We do not use your voicemail content for advertising or to train third-party AI models.

5. AI processing

Transcription, summaries, suggested replies, spam scoring and categorisation are performed by machine-learning models running on our infrastructure provider (Cloudflare Workers AI). Your recordings and transcripts are processed to deliver these features for you, and are not used by us to train models. AI output can be wrong: transcripts and suggestions are aids, not records of truth, and you should verify them before relying on or sending them.

6. Call recording and notice to callers

Voicemail works because callers knowingly leave a recorded message. HeyVox is designed so that callers are on notice:

Your responsibilities: you must not configure a greeting that hides the fact that callers are leaving a recorded message, and you must handle callers' messages lawfully — including under the Telecommunications (Interception and Access) Act 1979 (Cth) and the surveillance devices legislation of your state or territory (in Western Australia, the Surveillance Devices Act 1998 (WA)). Do not republish or share callers' messages beyond your business purposes without their consent. If a caller asks you to delete their message, you can do so in the app, and we will action deletion requests made directly to us.

7. Who we disclose information to

We disclose personal information only to the service providers required to run HeyVox, each engaged for a defined function:

ProviderFunctionData involved
Cloudflare, Inc.Hosting, storage, databases and AI processingRecordings, transcripts, account and configuration data
Telnyx LLCCarrier services for your HeyVox numberCall events, caller numbers, call audio in transit
Google LLCSign-in, Play billing, push notifications, analyticsAccount identifiers, purchase tokens, push tokens, anonymised analytics

People you invite to your inbox (shared access) can see your messages to the extent of the permissions you grant. We may also disclose information where required or authorised by law — for example, in response to a valid warrant or court order — and we will disclose no more than the law requires.

8. Overseas disclosure (APP 8)

Our providers process data on infrastructure located outside Australia, principally in the United States and, in Cloudflare's case, across its global network including the European Union. Before engaging each provider we assessed their security practices, and we contract with them on terms that restrict use of your data to providing services to us. By using HeyVox you consent to this overseas processing as an inherent part of how the service is delivered.

9. Security

No system is impenetrable, but we design HeyVox so that the sensitive material — your callers' voices and words — is protected by default (APP 11).

10. Retention and deletion

11. Your rights: access, correction and deletion

You may at any time:

Requests go to [email protected] (or [email protected]). We will verify you control the account, respond within 30 days, and will not charge for making a request (APPs 12–13). If we cannot grant a request, we will tell you why in writing.

12. Data breaches

We participate in the Notifiable Data Breaches scheme. If a data breach occurs that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as required by Part IIIC of the Privacy Act.

13. Direct marketing, identifiers and children

14. Complaints

If you believe we have mishandled your personal information, contact [email protected] with the details. We will acknowledge your complaint within 7 days and aim to resolve it within 30. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner: oaic.gov.au · 1300 363 992.

15. Changes to this policy

We will update this page when our practices change, note the date and version above, and — for material changes — tell you in the app or by email before they take effect.

16. Contact

HeyVox (Gabriel Denemark, sole trader) · Perth, Western Australia
Privacy: [email protected] · General: [email protected]