voju
Start free trial

Privacy Policy

Last updated 2026-05-16. Voju is operated by World Corporation OÜ (Estonia).

This Privacy Policy describes how World Corporation OÜ ("we", "us", "our") collects, uses, and shares personal data when you use Voju. It is designed to be GDPR-compliant.

1. Data we collect

  • Account data: email, password (hashed with bcrypt), name (optional), target language, native language, account timestamps.
  • Subscription data: plan, status, billing period, trial dates, provider identifiers (Stripe customer/subscription IDs, RevenueCat app user IDs). We do not store payment card details.
  • Usage data: reading progress (which stories and chunks you've completed), audio playback events.
  • Technical data: IP address (collected by our hosting and CDN providers, retained for short periods for abuse prevention), user-agent string, timestamps.

2. How we use your data

  • To provide the Service and remember where you left off.
  • To process subscriptions and prevent fraud.
  • To send transactional emails (verification, password reset, subscription notices).
  • To monitor service health and diagnose errors.

We do not sell your personal data. We do not use your data for advertising.

We process your data under one or more of the following legal bases:

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — to secure the Service and prevent abuse.
  • Consent — where required (e.g. optional analytics, if we add any).
  • Legal obligation — where law requires us to retain data.

4. Sharing your data

We share data only with providers strictly necessary to run the Service:

  • Stripe (payment processing)
  • RevenueCat (mobile subscription management)
  • Resend (transactional email)
  • Cloudflare R2 (audio file storage)
  • Sentry (error tracking, with PII scrubbing)
  • ElevenLabs and Google (Gemini) for content production — these never see your personal data.

Each provider has its own privacy policy. We have data processing agreements where required.

5. Data retention

  • Active account data: kept indefinitely while your account is active.
  • Deleted accounts: removed from our database within 30 days of deletion request.
  • Subscription data held by Stripe and RevenueCat: retained per their policies (we cannot purge from their systems for accounting reasons).
  • Backups: deleted on a 30-day rotation.

6. Your rights (GDPR)

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data — most fields are editable from your account settings.
  • Delete your account and all associated data. Use "Delete account" in your settings, or contact support@voju.com.
  • Portability — request a machine-readable export of your data.
  • Object to processing or restrict it.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority. In Estonia: Andmekaitse Inspektsioon (https://aki.ee).

To exercise any right, contact support@voju.com. We will respond within 30 days.

7. International data transfers

We are based in the EU. Some of our providers may process data outside the EU under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

8. Children's privacy

Voju is not directed at children under 13. We do not knowingly collect data from children under 13. If we learn we have, we will delete it.

9. Security

We use industry-standard practices: passwords are bcrypt-hashed; in-transit data is TLS-encrypted; secrets are kept out of source control; access to production systems is restricted. No system is perfectly secure; if a breach occurs, we will notify affected users without undue delay.

10. Changes to this policy

If a change is material, we'll notify you by email or in-app. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

World Corporation OÜ, Estonia. Data controller contact: support@voju.com.