Legal
Your privacy matters to us. This policy explains what we collect, why we collect it, and the rights you keep over your data.
Last updated: June 25, 2026
Industry-standard encryption and security measures
Clear information about what we collect and why
Access, correct, or delete your data anytime
Meeting global data protection standards
Last updated: 24 June 2026
Plain-English summary (not a substitute for the full policy): KodaVox is an AI communications platform operated by Koda Axis LTD. We collect the information needed to run your account, verify your identity when required by law (for example, before issuing a phone number), process your payments, and power the calling, messaging, and AI features you use. We do not sell your personal data. We use trusted third-party providers to deliver the service, some of whom are outside Nigeria, and we apply legal safeguards when your data crosses borders. You have rights over your data, including access, correction, and deletion. Questions: [email protected].
KodaVox ("KodaVox", "we", "us", "our") is operated worldwide by the Koda Axis group of companies: - Koda Axis LTD โ a company incorporated in the Federal Republic of Nigeria, registered in Nigeria โ the controller for users outside the Americas (Africa, Europe, UK, Middle East, Asia, Oceania, and the rest of the world). - Koda Axis Inc. โ a Delaware, USA corporation (registered office Delaware, USA), once active, the controller for users in the Americas (United States, Canada, and Central/South America). Until Koda Axis Inc. is operational, Koda Axis LTD is the controller for all regions.
Together referred to as "Koda Axis". The entity responsible for your data depends on your region, but this single policy applies to all of them.
For the purpose of data-protection law, the relevant Koda Axis entity is the data controller of your account and identity information, and a data processor of the customer data you put into the platform (see Section 4).
Data Protection contact / Data Protection Officer (DPO): ๐ง [email protected] ๐ฎ Koda Axis LTD, Nigeria
We are registered with / will register with the Nigeria Data Protection Commission (NDPC) as required under the Nigeria Data Protection Act, 2023.
This policy applies to: - the KodaVox websites (kodavox.com, client.kodavox.com, app.kodavox.com and related subdomains), - the KodaVox web and mobile applications, and - all related products, features, and APIs (the "Services").
It explains what personal data we collect, why, how we share it, how long we keep it, how we protect it, and the rights you have. Country-specific rights are set out in Section 14.
This distinction matters and is required by law to be explained clearly:
| Category | Examples |
|---|---|
| Account & profile | First and last name, email address, phone number, business/company name, password (stored only as a secure hash, managed via our authentication provider), profile photo, role/job title. |
| Identity verification (KYC) | When you purchase a phone number or use regulated telephony features, applicable telecom and anti-fraud regulations require us to verify your identity. Through our verification partner we collect and process your National Identification Number (NIN) and a facial image / live selfie for biometric matching, and the verification result. This is sensitive personal data and is processed only with your explicit consent and only for identity verification and regulatory compliance. |
| Payment & billing | Billing name, transaction history, plan, wallet balance, and partial payment-method details. Full card/bank details are entered directly with our payment processor (Paystack); we do not store full card numbers. |
| Communications content | The content you create or transmit through the Services: voice-call audio and call recordings, call transcripts, AI conversation logs, chat/WhatsApp/Instagram/Facebook messages, voice notes, and uploaded files/attachments. |
| Your contacts / CRM data | Names, phone numbers, emails, notes, and tags for the contacts you add or import (processed as described in Section 4). |
| Support & correspondence | Messages, requests, and feedback you send us. |
| Category | Examples |
|---|---|
| Device & technical | IP address, device type, operating system, browser, app version, mobile push-notification tokens, and language/timezone. |
| Usage & log data | Pages/features used, actions taken, timestamps, call metadata (numbers dialled, duration, status), and diagnostic/error logs. |
| Cookies & similar | See our Cookie Policy. We use strictly-necessary cookies plus, with your consent, analytics cookies (Google Analytics). |
We process personal data only where we have a lawful basis under the NDPA, the GDPR (where it applies), and other applicable laws:
| Purpose | Legal basis |
|---|---|
| Create and operate your account; provide the Services | Performance of a contract |
| Verify your identity for phone numbers / regulated features | Legal obligation; explicit consent for biometric/NIN data |
| Process payments and prevent fraud | Contract; legal obligation; legitimate interests |
| Power AI voice/chat agents, transcription, and routing | Contract; legitimate interests; your instructions |
| Send service, security, and transactional messages | Contract; legitimate interests |
| Send marketing (where permitted) | Consent (you can opt out anytime) |
| Improve, secure, and troubleshoot the Services | Legitimate interests |
| Comply with law, respond to lawful requests, enforce our terms | Legal obligation; legitimate interests |
Where we rely on consent, you may withdraw it at any time (this does not affect processing already carried out).
KodaVox uses artificial-intelligence providers to deliver core features (voice agents, chat replies, transcription, summaries, and routing). To generate a response, relevant content (such as a message, a call transcript, or knowledge-base text) may be sent to these providers (currently Google, OpenAI, and Anthropic, and speech providers Deepgram and ElevenLabs) acting as our processors. We instruct these providers to process the data only to provide the feature and not to use it to train their general models, to the extent their enterprise/API terms allow. AI outputs can be imperfect; they are not professional (legal, medical, or financial) advice.
We do not sell your personal data and do not share it for third-party advertising. We share data only with the categories of recipients below, under contracts that require them to protect it:
| Provider | Purpose | Typical location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, storage, database, backups | United States |
| Cloudflare | Content delivery, security, DDoS protection | Global edge (incl. Nigeria) |
| Clerk | Authentication / login | United States |
| Prembly (or equivalent KYC partner) | Identity verification (NIN + biometric) | Nigeria |
| Paystack | Payment processing | Nigeria / South Africa |
| Stripe | Payment processing (international) | United States / Ireland |
| Meta Platforms | WhatsApp, Instagram, Facebook messaging | United States / Ireland |
| OAuth login, Calendar, Google Analytics, AI | United States | |
| OpenAI / Anthropic | AI language models | United States |
| Deepgram / ElevenLabs | Speech-to-text / text-to-speech | United States |
| NativeTalk / telephony & DID carriers | Phone numbers, call routing, SMS | Nigeria / international carriers |
| Mailgun | Transactional & notification email | United States / EU |
| Sentry | Error monitoring | United States |
| HubSpot, Shopify, Calendly | Integrations you choose to connect | United States |
| Firebase Cloud Messaging / Apple Push | Mobile push notifications | United States |
We may also disclose data: (a) to comply with law, regulation, court order, or a lawful request from authorities (including the NDPC and telecom regulators); (b) to enforce our Terms or protect rights, safety, and security; and (c) in connection with a merger, acquisition, or sale of assets, subject to this policy.
An up-to-date list of sub-processors is maintained in our Sub-processors list and is also available on request at [email protected].
KodaVox operates from Nigeria but uses providers located in other countries (notably the United States and the European Union). When we transfer personal data outside Nigeria, we do so in line with the NDPA's cross-border transfer rules, relying on one or more of: an adequacy decision, Standard Contractual Clauses / equivalent contractual safeguards, binding corporate rules, certification mechanisms, or your explicit consent. We document the basis for each transfer. Where the GDPR applies, equivalent safeguards (e.g. EU SCCs and the UK Addendum) are used. You may request details of the safeguards in place.
We keep personal data only as long as necessary for the purposes above, then delete or anonymise it: - Account data โ for the life of your account and for a reasonable period afterward. - KYC / identity records โ for the period required by telecom and anti-money-laundering regulations, then securely deleted. - Call recordings, transcripts, messages โ per your account settings and our retention schedule; you (as controller of your customer data) can configure or request deletion. - Billing records โ as required by tax and accounting law. - Logs and analytics โ for a limited diagnostic period.
When you close your account, we delete or anonymise your personal data within a reasonable period, except where we must retain it to meet a legal obligation, resolve disputes, or enforce our agreements.
We apply technical and organisational security measures appropriate to the risk, including: encryption in transit (HTTPS/TLS) and encryption at rest for sensitive items, secrets stored encrypted, hashed passwords, role-based access controls and tenant isolation, rate limiting, network and edge protection, monitored error tracking, regular automated backups, and security reviews. No system is 100% secure, but we work continually to protect your data.
If a personal-data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify the NDPC within 72 hours of becoming aware of it, and will inform affected individuals without undue delay, with guidance on protective steps โ as required by the NDPA and equivalent laws (e.g. the GDPR).
The Services are not directed to anyone under 18, and we do not knowingly collect their data. If you believe a minor has provided us personal data, contact [email protected] and we will delete it.
Subject to applicable law, you have the right to: access your data; correct inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent; and lodge a complaint with a regulator. To exercise any right, email [email protected]. We will respond within the timeframe required by law and may need to verify your identity. We will not discriminate against you for exercising your rights.
Note: If you are an end-customer of one of our business users (e.g. you called or messaged a business that uses KodaVox), that business is the controller of your data โ please contact them first; we will assist them in responding.
You hold the rights above under the Nigeria Data Protection Act, 2023, and may complain to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
Where the GDPR applies, you have all rights in Section 14, including the right to lodge a complaint with your local supervisory authority. Our legal bases are set out in Section 6. International transfers are safeguarded as described in Section 9.
We do not sell or "share" (for cross-context behavioural advertising) personal information, and we have not in the preceding 12 months. California residents have rights to know, access, delete, correct, and limit use of sensitive personal information, and the right not to be discriminated against for exercising them. Submit requests to [email protected].
You have the rights of a data subject under the Protection of Personal Information Act and may complain to the Information Regulator (South Africa). Our Information Officer can be reached at [email protected].
We honour consent, purpose-limitation, access, and correction obligations, and our DPO ([email protected]) is the contact point for requests and complaints.
You may access and correct your personal information and complain to the Office of the Privacy Commissioner of Canada.
We use cookies and similar technologies as described in our separate Cookie Policy. Non-essential cookies (such as analytics) are set only with your consent where required.
The Services may link to third-party sites and services we do not control. Their privacy practices are governed by their own policies; please review them.
We may update this policy to reflect changes in our practices or the law. We will post the updated version with a new "Last updated" date and, for material changes, provide additional notice (e.g. email or in-app). Continued use of the Services after changes take effect means you accept the updated policy.
Koda Axis LTD โ Data Protection / DPO ๐ง [email protected] ๐ฎ Nigeria
Questions about our privacy practices? Our team is here to help. Reach out to [email protected] for any concerns or questions.
Contact usWe use strictly-necessary cookies to run KodaVox, and analytics cookies (only with your consent) to improve it. See our Cookie Policy.