Legal

    Privacy Policy

    Your privacy matters to us. This policy explains what we collect, why we collect it, and the rights you keep over your data.

    Last updated: June 25, 2026

    Your Data, Secured

    Industry-standard encryption and security measures

    Full Transparency

    Clear information about what we collect and why

    Your Rights

    Access, correct, or delete your data anytime

    GDPR & NDPR Compliant

    Meeting global data protection standards

    Last updated: 24 June 2026

    Plain-English summary (not a substitute for the full policy): KodaVox is an AI communications platform operated by Koda Axis LTD. We collect the information needed to run your account, verify your identity when required by law (for example, before issuing a phone number), process your payments, and power the calling, messaging, and AI features you use. We do not sell your personal data. We use trusted third-party providers to deliver the service, some of whom are outside Nigeria, and we apply legal safeguards when your data crosses borders. You have rights over your data, including access, correction, and deletion. Questions: [email protected].


    1. Who we are

    KodaVox ("KodaVox", "we", "us", "our") is operated worldwide by the Koda Axis group of companies: - Koda Axis LTD โ€” a company incorporated in the Federal Republic of Nigeria, registered in Nigeria โ€” the controller for users outside the Americas (Africa, Europe, UK, Middle East, Asia, Oceania, and the rest of the world). - Koda Axis Inc. โ€” a Delaware, USA corporation (registered office Delaware, USA), once active, the controller for users in the Americas (United States, Canada, and Central/South America). Until Koda Axis Inc. is operational, Koda Axis LTD is the controller for all regions.

    Together referred to as "Koda Axis". The entity responsible for your data depends on your region, but this single policy applies to all of them.

    For the purpose of data-protection law, the relevant Koda Axis entity is the data controller of your account and identity information, and a data processor of the customer data you put into the platform (see Section 4).

    Data Protection contact / Data Protection Officer (DPO): ๐Ÿ“ง [email protected] ๐Ÿ“ฎ Koda Axis LTD, Nigeria

    We are registered with / will register with the Nigeria Data Protection Commission (NDPC) as required under the Nigeria Data Protection Act, 2023.

    2. Scope of this policy

    This policy applies to: - the KodaVox websites (kodavox.com, client.kodavox.com, app.kodavox.com and related subdomains), - the KodaVox web and mobile applications, and - all related products, features, and APIs (the "Services").

    It explains what personal data we collect, why, how we share it, how long we keep it, how we protect it, and the rights you have. Country-specific rights are set out in Section 14.

    3. Definitions

    • Personal data / personal information โ€“ any information relating to an identified or identifiable person.
    • Sensitive (special-category) personal data โ€“ data such as biometric data (including facial images used to uniquely identify you) and government identifiers (such as your National Identification Number, "NIN"). These receive heightened protection.
    • Processing โ€“ any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).
    • Data controller โ€“ the party that decides why and how personal data is processed.
    • Data processor / sub-processor โ€“ a party that processes personal data on behalf of a controller.
    • You โ€“ a visitor, account holder, authorised user, or an individual whose data is processed through the Services.

    4. Our two roles: Controller and Processor

    This distinction matters and is required by law to be explained clearly:

    • When we act as a Controller โ€“ for the data we collect to create and manage your relationship with us: your account details, identity-verification (KYC) data, billing data, support communications, and website usage. This policy governs that processing.
    • When we act as a Processor โ€“ when you, our business customer, use KodaVox to communicate with and manage your own customers/contacts. Examples include your CRM contacts, the call recordings and transcripts of calls with your callers, and the WhatsApp/Instagram/Facebook messages exchanged with your customers. For that data, you are the controller and we process it on your behalf under our Terms and (where applicable) a Data Processing Addendum. You are responsible for having a lawful basis and the necessary notices/consents for the data you put into KodaVox.

    5. The personal data we collect

    5.1 Information you give us

    Category Examples
    Account & profile First and last name, email address, phone number, business/company name, password (stored only as a secure hash, managed via our authentication provider), profile photo, role/job title.
    Identity verification (KYC) When you purchase a phone number or use regulated telephony features, applicable telecom and anti-fraud regulations require us to verify your identity. Through our verification partner we collect and process your National Identification Number (NIN) and a facial image / live selfie for biometric matching, and the verification result. This is sensitive personal data and is processed only with your explicit consent and only for identity verification and regulatory compliance.
    Payment & billing Billing name, transaction history, plan, wallet balance, and partial payment-method details. Full card/bank details are entered directly with our payment processor (Paystack); we do not store full card numbers.
    Communications content The content you create or transmit through the Services: voice-call audio and call recordings, call transcripts, AI conversation logs, chat/WhatsApp/Instagram/Facebook messages, voice notes, and uploaded files/attachments.
    Your contacts / CRM data Names, phone numbers, emails, notes, and tags for the contacts you add or import (processed as described in Section 4).
    Support & correspondence Messages, requests, and feedback you send us.

    5.2 Information we collect automatically

    Category Examples
    Device & technical IP address, device type, operating system, browser, app version, mobile push-notification tokens, and language/timezone.
    Usage & log data Pages/features used, actions taken, timestamps, call metadata (numbers dialled, duration, status), and diagnostic/error logs.
    Cookies & similar See our Cookie Policy. We use strictly-necessary cookies plus, with your consent, analytics cookies (Google Analytics).

    5.3 Information from third parties

    • Identity & fraud checks โ€“ verification results from our KYC provider.
    • Connected accounts โ€“ if you connect Google, Meta (WhatsApp/Facebook/Instagram), HubSpot, Shopify, or a calendar, we receive the data those services share per your authorisation.
    • Payment confirmations โ€“ from Paystack.

    6. Why we use your data, and our legal bases

    We process personal data only where we have a lawful basis under the NDPA, the GDPR (where it applies), and other applicable laws:

    Purpose Legal basis
    Create and operate your account; provide the Services Performance of a contract
    Verify your identity for phone numbers / regulated features Legal obligation; explicit consent for biometric/NIN data
    Process payments and prevent fraud Contract; legal obligation; legitimate interests
    Power AI voice/chat agents, transcription, and routing Contract; legitimate interests; your instructions
    Send service, security, and transactional messages Contract; legitimate interests
    Send marketing (where permitted) Consent (you can opt out anytime)
    Improve, secure, and troubleshoot the Services Legitimate interests
    Comply with law, respond to lawful requests, enforce our terms Legal obligation; legitimate interests

    Where we rely on consent, you may withdraw it at any time (this does not affect processing already carried out).

    7. How AI is used in the Services

    KodaVox uses artificial-intelligence providers to deliver core features (voice agents, chat replies, transcription, summaries, and routing). To generate a response, relevant content (such as a message, a call transcript, or knowledge-base text) may be sent to these providers (currently Google, OpenAI, and Anthropic, and speech providers Deepgram and ElevenLabs) acting as our processors. We instruct these providers to process the data only to provide the feature and not to use it to train their general models, to the extent their enterprise/API terms allow. AI outputs can be imperfect; they are not professional (legal, medical, or financial) advice.

    8. Who we share your data with (sub-processors)

    We do not sell your personal data and do not share it for third-party advertising. We share data only with the categories of recipients below, under contracts that require them to protect it:

    Provider Purpose Typical location
    Amazon Web Services (AWS) Cloud hosting, storage, database, backups United States
    Cloudflare Content delivery, security, DDoS protection Global edge (incl. Nigeria)
    Clerk Authentication / login United States
    Prembly (or equivalent KYC partner) Identity verification (NIN + biometric) Nigeria
    Paystack Payment processing Nigeria / South Africa
    Stripe Payment processing (international) United States / Ireland
    Meta Platforms WhatsApp, Instagram, Facebook messaging United States / Ireland
    Google OAuth login, Calendar, Google Analytics, AI United States
    OpenAI / Anthropic AI language models United States
    Deepgram / ElevenLabs Speech-to-text / text-to-speech United States
    NativeTalk / telephony & DID carriers Phone numbers, call routing, SMS Nigeria / international carriers
    Mailgun Transactional & notification email United States / EU
    Sentry Error monitoring United States
    HubSpot, Shopify, Calendly Integrations you choose to connect United States
    Firebase Cloud Messaging / Apple Push Mobile push notifications United States

    We may also disclose data: (a) to comply with law, regulation, court order, or a lawful request from authorities (including the NDPC and telecom regulators); (b) to enforce our Terms or protect rights, safety, and security; and (c) in connection with a merger, acquisition, or sale of assets, subject to this policy.

    An up-to-date list of sub-processors is maintained in our Sub-processors list and is also available on request at [email protected].

    9. International data transfers

    KodaVox operates from Nigeria but uses providers located in other countries (notably the United States and the European Union). When we transfer personal data outside Nigeria, we do so in line with the NDPA's cross-border transfer rules, relying on one or more of: an adequacy decision, Standard Contractual Clauses / equivalent contractual safeguards, binding corporate rules, certification mechanisms, or your explicit consent. We document the basis for each transfer. Where the GDPR applies, equivalent safeguards (e.g. EU SCCs and the UK Addendum) are used. You may request details of the safeguards in place.

    10. How long we keep your data

    We keep personal data only as long as necessary for the purposes above, then delete or anonymise it: - Account data โ€“ for the life of your account and for a reasonable period afterward. - KYC / identity records โ€“ for the period required by telecom and anti-money-laundering regulations, then securely deleted. - Call recordings, transcripts, messages โ€“ per your account settings and our retention schedule; you (as controller of your customer data) can configure or request deletion. - Billing records โ€“ as required by tax and accounting law. - Logs and analytics โ€“ for a limited diagnostic period.

    When you close your account, we delete or anonymise your personal data within a reasonable period, except where we must retain it to meet a legal obligation, resolve disputes, or enforce our agreements.

    11. How we protect your data

    We apply technical and organisational security measures appropriate to the risk, including: encryption in transit (HTTPS/TLS) and encryption at rest for sensitive items, secrets stored encrypted, hashed passwords, role-based access controls and tenant isolation, rate limiting, network and edge protection, monitored error tracking, regular automated backups, and security reviews. No system is 100% secure, but we work continually to protect your data.

    12. Data-breach notification

    If a personal-data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify the NDPC within 72 hours of becoming aware of it, and will inform affected individuals without undue delay, with guidance on protective steps โ€” as required by the NDPA and equivalent laws (e.g. the GDPR).

    13. Children

    The Services are not directed to anyone under 18, and we do not knowingly collect their data. If you believe a minor has provided us personal data, contact [email protected] and we will delete it.

    14. Your rights

    Subject to applicable law, you have the right to: access your data; correct inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent; and lodge a complaint with a regulator. To exercise any right, email [email protected]. We will respond within the timeframe required by law and may need to verify your identity. We will not discriminate against you for exercising your rights.

    Note: If you are an end-customer of one of our business users (e.g. you called or messaged a business that uses KodaVox), that business is the controller of your data โ€” please contact them first; we will assist them in responding.

    14.1 Nigeria (NDPA 2023)

    You hold the rights above under the Nigeria Data Protection Act, 2023, and may complain to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

    14.2 European Economic Area & United Kingdom (GDPR / UK GDPR)

    Where the GDPR applies, you have all rights in Section 14, including the right to lodge a complaint with your local supervisory authority. Our legal bases are set out in Section 6. International transfers are safeguarded as described in Section 9.

    14.3 California (CCPA/CPRA) & other U.S. states

    We do not sell or "share" (for cross-context behavioural advertising) personal information, and we have not in the preceding 12 months. California residents have rights to know, access, delete, correct, and limit use of sensitive personal information, and the right not to be discriminated against for exercising them. Submit requests to [email protected].

    14.4 South Africa (POPIA)

    You have the rights of a data subject under the Protection of Personal Information Act and may complain to the Information Regulator (South Africa). Our Information Officer can be reached at [email protected].

    14.5 Singapore & wider Asia-Pacific (PDPA and similar)

    We honour consent, purpose-limitation, access, and correction obligations, and our DPO ([email protected]) is the contact point for requests and complaints.

    14.6 Canada (PIPEDA)

    You may access and correct your personal information and complain to the Office of the Privacy Commissioner of Canada.

    15. Cookies and tracking

    We use cookies and similar technologies as described in our separate Cookie Policy. Non-essential cookies (such as analytics) are set only with your consent where required.

    16. Third-party links

    The Services may link to third-party sites and services we do not control. Their privacy practices are governed by their own policies; please review them.

    17. Changes to this policy

    We may update this policy to reflect changes in our practices or the law. We will post the updated version with a new "Last updated" date and, for material changes, provide additional notice (e.g. email or in-app). Continued use of the Services after changes take effect means you accept the updated policy.

    18. Contact us

    Koda Axis LTD โ€” Data Protection / DPO ๐Ÿ“ง [email protected] ๐Ÿ“ฎ Nigeria

    Questions about our privacy practices? Our team is here to help. Reach out to [email protected] for any concerns or questions.

    Contact us