Welcome to the VoxAura App Privacy Policy.

VoxAura GmbH (“VoxAura”, “we”, “us”, “our”) develops and operates the VoxAura App and related services that allow users to control smart-lighting and connected devices (the “Services”). This Privacy Policy explains what personal information we collect, how we use it, how long we keep it, when we share it, how we protect it, where it is processed (as described below), and the rights and choices available to you depending on your location (including the European Economic Area/United Kingdom).

Table of Contents

1.Definitions
2.How We Collect and Use Your Personal Information
3.How We Store and Protect Your Personal Information
4.How We Share, Transfer, and Disclose Your Personal Information
5.Children and Minors
6.How This Policy Will Be Updated
7.International Transfers (if applicable)
8.How to Contact Us
9.Effective Date of This Privacy Policy

“VoxAura”, “we”, “us”, and “our” refer to VoxAura GmbH, the provider of the Services described in this Privacy Policy.

Personal information means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier (for example, name, email address, phone number, device identifier, online identifier, or similar). Information that has been irreversibly anonymized is not personal information.

“Sensitive personal information” means personal information that is considered sensitive under applicable law. This may include, depending on the jurisdiction, information such as precise geolocation, government-issued identifiers, account login credentials, financial account information, information about children, and other information that requires enhanced protection. In the European Economic Area and the United Kingdom, “special categories of personal data” has the meaning set out in applicable data-protection law (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification, health data, or data concerning a person’s sex life or sexual orientation).

“Minors” means individuals under the age of legal majority in their place of residence (typically under 18).

“Children” means individuals under the age of 13.

1.How We Collect and Use Your Personal Information

To provide the Services, we (and service providers acting on our behalf) collect and process certain information from you and from your devices. Some information is necessary for the App to function (for example, to connect to devices, or provide support). If you choose not to provide required information or you disable required permissions, some features may not work or may not work properly.

Personal Information: This refers to personal information that you provide to us directly when you use the Services. This may include your account and contact information (for example, a username or nickname and your email address and/or phone number if you create an account or contact us) and the content you provide when you request customer support (for example, the text of your request and any attachments you choose to submit). We use this information to provide the Services, respond to your requests, and communicate with you about service-related matters.

Location-related information: Some mobile operating systems require location permission in order to discover and connect to nearby Bluetooth Low Energy (BLE) devices. If you grant this permission, your device may make certain location-related signals available under the operating system’s permission model (for example, whether location services are enabled). We use this permission only to enable Bluetooth device discovery and connection within the App, and for related troubleshooting and security purposes. We do not use this permission for targeted advertising.

Device information: When you use the App to discover, connect to, or control smart-lighting and other connected devices, the App reads and displays certain technical information from the devices. This may include the device type/model, device identifiers used for communication (for example, a Bluetooth identifier and/or MAC address), and device software/hardware information (for example, firmware version, hardware version, and related build/version metadata). We use this information to enable pairing and connection, display device details in the App, provide device control features, perform firmware updates where available, and troubleshoot problems.

Log and diagnostic information: To maintain the security and stability of the Services and to diagnose and fix errors, we may collect diagnostic data such as error logs, crash reports, timestamps, App version, device model, operating system version, and technical information about connected devices. Where remote log retrieval is used, it is limited to troubleshooting and security purposes.

The device information we process may include the following technical attributes (which may vary by device model and operating system):

① Device type/model: Indicates the device category and model (e.g., controller, driver, sensor) to display the correct capabilities and controls in the App.
② Device identifier (e.g., Bluetooth identifier and, where available, a MAC address): Used for device discovery, pairing, connection management, and troubleshooting. Some operating systems may restrict access to certain identifiers.
③ Version: Indicates the current device version number.
④ Firmware identifier code (if available): A device-reported identifier used to distinguish firmware builds for compatibility checks, support, and troubleshooting.
⑤ Firmware version: The version number of the device firmware, used to display device status, determine feature compatibility, and support firmware update and troubleshooting processes.
⑥ Firmware description / build information (if available): Device-reported descriptive build metadata used for diagnostics and support (for example, build label or release channel).
⑦ Firmware build/compile date (if available): Device-reported build timestamp information used for diagnostics and compatibility checks.
⑧ Bluetooth stack/SDK version information (if available): Device-reported Bluetooth software stack or SDK version metadata used for diagnostics, connectivity troubleshooting, and compatibility checks.
⑨ Diagnostic log information: When the App or connected devices experience errors or abnormal behavior, we may process diagnostic information (such as error codes, timestamps, and limited technical logs) to investigate and fix issues, improve stability and security, and provide customer support. Where remote diagnostic collection is used, it is limited to troubleshooting and security purposes.
⑩ Storage information: The App stores certain application data locally to operate the Services (for example, device associations, settings, and limited diagnostic data). Depending on your device and operating system, some data may be stored in the App’s internal storage and, where technically necessary, in device storage locations permitted by the operating system. We do not access unrelated files stored on your device.

2.How We Store and Protect Your Personal Information

Retention and storage: We retain personal information only for as long as necessary to provide the Services and for the purposes described in this Privacy Policy. We will keep all your data on your mobile phone only, and will not store the data on servers.If you request data deletion, simply uninstall the app or clear the app data.

Security: We implement appropriate technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, misuse, and loss. These measures may include encryption in transit (for example, TLS) and, where appropriate, encryption at rest; access controls and least-privilege permissions; authentication and authorization mechanisms; logging and monitoring; security testing; and timely security updates. We also aim to minimize the personal information we process and to limit access to personal information to authorized personnel and service providers who need it to perform their tasks. No method of transmission or storage is completely secure; however, we work to maintain safeguards proportionate to the risks.

We store and retain data according to the principles below. Actual retention periods may vary depending on the type of data, how it is used, and applicable legal requirements, and we retain personal information only as long as necessary for the purposes described in this Privacy Policy.

1) Local data: Some data is stored locally on your device (for example, device associations, settings, and cached information) to operate the Services. You can delete local App data using your device’s App settings and/or by uninstalling the App. Depending on your device and operating system, some local data may also be removed when you clear the App cache or storage.

2) Server data: Our data is stored only locally in the app, therefore there is no server data.

3) Device status data: We do not store device status data.

4) Contacts: Our app will not enable features that require access to the address book/contacts.

4.How We Share, Transfer, and Disclose Your Personal Information

We may share personal information with service providers and partners that help us operate, support, and improve the Services (for example, hosting and infrastructure providers, customer support tools, and security service providers). These recipients are authorized to process personal information only as necessary to provide services to us and in accordance with our instructions and contractual obligations. We do not sell your personal information.

We may disclose personal information to governmental authorities, regulators, law enforcement, courts, or other third parties when we believe disclosure is necessary to comply with applicable law, a lawful request, or legal process, or to protect the rights, property, or safety of VoxAura, our users, or others.

Where permitted by law, we may request appropriate documentation or verification for such requests (for example, a court order, subpoena, or other valid legal process), and we may challenge or narrow requests that are unlawful, overly broad, or unclear.

We aim to be transparent about legally required disclosures where permitted by law, and we may notify affected users of such requests when legally allowed and when it is appropriate to do so.

We may process and disclose personal information without your prior consent where permitted or required by applicable law, for example to comply with legal obligations, respond to lawful requests, protect vital interests, or ensure the security and integrity of the Services. The specific legal bases and requirements may vary depending on your location.
1) To comply with applicable law, regulations, or binding legal obligations.
2) To respond to lawful requests by public authorities (including law enforcement) or to meet national security or law-enforcement requirements where applicable.
3) To protect vital interests, such as to prevent imminent harm to you or another person, where consent cannot reasonably be obtained in time.
4) For information you make publicly available on your own initiative (for example, public posts), subject to applicable law.
5) For information obtained from public sources where permitted by law.
6) To perform a contract with you or to take steps at your request prior to entering into a contract (where applicable).
7) To maintain the security, stability, and integrity of the Services (for example, detecting, preventing, and addressing technical issues, fraud, or security incidents).
8) For other purposes permitted or required by applicable law.

5. Children and Minors

The Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete or anonymize it as soon as reasonably possible.

If you are a parent or guardian and you believe that a child has provided us with personal information, please contact us using the contact details below so that we can take appropriate steps.

6.How This Policy Will Be Updated

We may update this Privacy Policy from time to time to reflect changes in the Services, our practices, or applicable law. We will post the updated version within the App and/or on our website and update the “Effective Date” section. Where required by applicable law, we will provide notice of material changes.

If we make material changes, we will provide a more prominent notice (for example, within the App or by email, where we have your email address). Where required by applicable law, we will ask for your consent again (for example, where a change requires consent or where we introduce new processing that requires consent). Your continued use of the Services after the effective date of an updated Privacy Policy means that you have read the notice of the update.

The major changes referred to in this policy include, but are not limited to:
1)Our service model has undergone significant changes, such as the types, purposes, and methods of processing personal information;
2)We have undergone significant changes in ownership structure and organizational structure, such as changes in ownership due to business adjustments, mergers and acquisitions, and bankruptcies;
3)The main recipients of shared, transferred, or publicly disclosed personal information have changed;
4)There have been significant changes to your rights regarding the processing of your personal information and how to exercise those rights;
5)When the department responsible for handling personal information security, its contact information, and complaint channels change;
6)When an assessment of the impact of our processing or security measures indicates a high risk to individuals’ rights and freedoms.

We may retain and make available prior versions of this Privacy Policy for reference.

7.Group Companies and Affiliates (if applicable)

1)This Privacy Policy applies to VoxAura GmbH, which provides the Services.
If VoxAura GmbH is part of a corporate group, we may share personal information within the group where permitted by applicable law and only as necessary for internal administrative purposes, security, and to support the Services.
Where we share personal information with group companies or affiliates (if any), we limit sharing to what is necessary, apply appropriate contractual and security measures, and require recipients to use the information only for the purposes described in this Privacy Policy.

Data sharing and processing
We may share personal information with group companies or affiliates (if any) in the following circumstances, where permitted by applicable law and only as necessary:
To provide and support shared or combined services and functions.
To perform internal reporting, analytics, and research to improve the Services and enhance security.
To comply with applicable law and respond to lawful requests and legal process.

Please note that the information we share will be limited to what is necessary to achieve the purposes described above. We are committed to protecting user privacy and data security.

Before sharing personal information within a corporate group (if applicable), we implement appropriate safeguards, including access controls, security reviews, and, where appropriate, contractual measures.

8.How to Contact Us
1.If you have questions about this Privacy Policy or how we handle personal information, or if you would like to exercise your privacy rights, you can contact us using the details below:

（1）Privacy contact (email): legal@voxaura.ai
（2）Address: Eschentalweg 5, 77948 Friesenheim, Germany (VoxAura GmbH)
（3）Optional (recommended): You may also contact us via our website contact form.

We aim to respond to verified requests within a reasonable timeframe and, where required by applicable law, within the applicable statutory deadlines (for example, generally within 30 days for certain requests in the EEA/UK).
If you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority. If you are located elsewhere, you may have similar rights to file a complaint with a relevant privacy or consumer protection authority, and you may seek judicial remedies as permitted by applicable law.

9.Effective Date of This Privacy Policy

This Privacy Policy was last updated on 31 December 2025 and is effective as of 1 January 2026.

United States, Canada, and Other Regions (Additional Notices)
United States: If you are a resident of the United States, additional privacy rights may apply to you under certain state laws. Where applicable, you may have the right to request access to, deletion of, or correction of personal information we hold about you, and to opt out of certain processing such as “sales” or “sharing” of personal information for targeted advertising (as defined by applicable law).
United States: How to submit a request. You may submit a privacy request by emailing us at legal@voxaura.ai. We may need to verify your identity and/or your authority to make the request before responding. We will respond within the time required by applicable law.
United States: We do not sell personal information and we do not share personal information for cross-context behavioral advertising.
Canada: If you are located in Canada, you may request access to and correction of your personal information and ask questions about our privacy practices by contacting us at legal@voxaura.ai. We will respond in accordance with applicable Canadian privacy laws.
Latin America: If you are located in a country in Latin America, you may have rights to access, correct, or delete your personal information, and to object to or restrict certain processing, depending on local law. You can exercise these rights by contacting us at legal@voxaura.ai.
Other Regions: If local law provides additional rights or requires additional notices, we will comply with such requirements. You can contact us at legal@voxaura.ai to exercise applicable rights or to ask questions about this Privacy Policy.

Our privacy contact email is monitored in Germany. Requests are processed by VoxAura GmbH, and we may coordinate with relevant service providers solely as necessary to fulfill your request.
International Transfers (if applicable)
If personal information is transferred to or accessed from countries outside your country of residence, we apply safeguards required by applicable law (for example, contractual protections and appropriate technical and organizational measures) and limit access to what is necessary to provide and support the Services.
You may contact us using the details above to request information about the safeguards applicable to your location.