Voicewright legal
Privacy Policy
Version 2026-07-06.draft-1 · Last updated July 6, 2026 · Not yet in effect
Draft — pending legal review
This document is a working draft published so the product can be exercised end to end on staging. It has not yet been reviewed by counsel and is not yet in effect. Bracketed text marks decisions still to be confirmed.
In short
We collect what's needed to produce and deliver audiobooks: your account details, your manuscript and project material, payment records (never card numbers — Stripe handles those), and the email we exchange. It's shared only with the service providers that run the product. No advertising trackers, no selling data, no third-party analytics today.
Who we are and what this covers
This policy describes how Voicewright Studio ("Voicewright," "we"), operated by [Voicewright entity — LLC name and state of formation to be confirmed], handles personal information across voicewright.studio: the marketing site, the client production studio, and the listener storefront.
Contact for anything privacy-related: support@voicewright.studio.
What we collect
We collect only what the Services need to work:
- Account — your name, email address, and (from sign-in providers such as Google or GitHub) your avatar. If you sign in by emailed link, we process your email to send the link.
- Project material — the manuscript you submit, character and pronunciation guidance, direction and review notes, uploaded audio, and the audio we generate for your project.
- Payment records — amounts, dates, status, and Stripe transaction references for deposits, balances, fees, refunds, and storefront purchases. Card details are entered on Stripe's hosted pages and are never seen or stored by us.
- Listening data — on the storefront: your purchases, library, playback position (so playback can resume), and any ratings you post.
- Communications — transactional email we send about your project or purchases, and any support conversation with us.
- Technical basics — server logs (IP address, request metadata) and the session cookie that keeps you signed in.
What we deliberately do not collect
- No advertising trackers or cross-site tracking cookies.
- No third-party analytics today. If we adopt an analytics tool, we intend it to be a privacy-focused one, and we will update this policy first.
- No card numbers — payment pages are Stripe's.
- No voice recordings of you, and no biometric identifiers. The voices in our audiobooks are synthetic voice identities designed in our production tools; we do not build voices from our users' speech.
How we use information
- To produce and deliver your audiobook: quoting, production, review, mastering, and delivery.
- To operate purchases and payouts through Stripe, and to keep the transaction ledger that makes your invoices and refunds auditable.
- To send transactional email when your project or purchase changes state (for example, "your draft is ready"). These are service messages, not marketing.
- To run automated checks on submitted manuscripts that help us and our retail channels apply their content policies. Results are reviewed by our production team; they are not used for any automated decision about you as a person.
- To secure the Services: authentication, access control on every project and file, abuse prevention, and audit trails of project state changes.
- To meet legal, tax, and accounting obligations.
Voice synthesis providers
Producing your audiobook requires sending manuscript text, with our direction, to the voice-synthesis providers we work with (currently ElevenLabs and Hume). We send what production needs — the text being narrated and performance direction — not your account profile. [Provider data-handling and no-training commitments to be confirmed in writing as part of moving the engine accounts to commercial terms — launch-plan Step 25.]
Service providers we share with
We share personal information only with the processors that run the product, and only what each needs:
- Stripe — payment processing and payouts.
- Google and GitHub — sign-in, if you choose them.
- Resend — transactional email delivery.
- Cloudflare R2 — file storage for manuscripts and audio, accessed through short-lived signed URLs.
- Render — application hosting and the database.
- ElevenLabs and Hume — voice synthesis, as described above.
When else we might disclose
We disclose information if the law requires it, to protect the rights, safety, or property of Voicewright or others, or as part of a business transaction such as forming the operating entity, a financing, or a sale — in which case this policy continues to apply to the transferred information. We do not sell personal information, and we do not share it for cross-context behavioral advertising.
Cookies
We use the cookies required for signing in and for protecting forms (session and CSRF cookies). They are essential, so there is no cookie banner theater — there is nothing optional to opt out of. No advertising cookies.
Retention
- Account data — for as long as your account exists.
- Project material — for the engagement and a reasonable period after, so revisions, re-delivery, and disputes are possible. Intermediate audio takes are automatically pruned after a project closes.
- Transaction records — as long as tax and accounting law requires.
- Backups — deleted data can persist in encrypted backups for a limited period before rotating out.
Your rights
Email support@voicewright.studio to access, correct, export, or delete your personal information. We will verify the request from your account email and respond within a reasonable time. Deletion has limits: we keep what tax, accounting, or dispute-resolution obligations require, and delivered rights (like a purchased audiobook's ownership records) need their supporting records.
[Region-specific rights language — GDPR/UK lawful bases, CCPA/CPRA categories and "do not sell/share" statement — to be tailored by counsel. The practices above are accurate; the formal frameworks need counsel's wording.]
Children
The Services are not directed to children under 16, and we do not knowingly collect their information. Production engagements require an adult. If you believe a child has provided us personal information, contact us and we will delete it.
Security
Traffic is encrypted in transit. Audio and manuscripts live in private object storage reachable only through short-lived signed URLs tied to ownership checks. Access to projects is enforced per account and role on every request, and project state changes are recorded in an append-only audit trail. No system is perfectly secure, but we build so that a single mistake does not expose your book.
Where data lives
Voicewright operates from the United States and processes data there. If you use the Services from elsewhere, you understand your information is processed in the U.S. [Cross-border transfer mechanics, if EU/UK users are in scope at launch, to be confirmed with counsel.]
Changes
When this policy changes materially we will give notice on the site or by email before the change takes effect. The version and date at the top identify the current policy.