1. Data Controller
The data controller for personal data collected on vocalchef.ai is:
2. Data Collected
We collect only the data strictly necessary for the service:
| Data | Source | Required |
|---|---|---|
| Email address | Contact / trial sign-up form | Yes |
| First & last name | Registration form | Yes |
| Phone number | Contact form | No |
| Business name | Client onboarding | Yes |
| Order data | Service use (sub-processor) | — |
| IP address | Server logs (OVH) | Technical |
We do not collect sensitive data (health, ethnic origin, political opinions) or data relating to minors.
3. Purposes & Legal Bases
Managing the free trial and subscription
Performance of contract (Art. 6.1.b GDPR)
Sending service-related communications
Performance of contract (Art. 6.1.b GDPR)
Notifications of ToS / policy updates
Legal obligation (Art. 6.1.c GDPR)
Service improvement, anonymised usage statistics
Legitimate interest (Art. 6.1.f GDPR)
Email marketing (newsletter, offers)
Consent (Art. 6.1.a GDPR) — explicit opt-in
4. Retention Periods
5. Recipients & Sub-processors
Your data is never sold or transferred to third parties for commercial purposes. It may be shared only with the following technical sub-processors, bound by GDPR-compliant contractual clauses:
Contact form processing
Web hosting
Database (AWS eu-west-3 infrastructure)
Online payment
AI voice API (Google AI)
Delivery module (PRO & MULTI plans)
SCC = Standard Contractual Clauses approved by the European Commission.
6. Transfers Outside the EEA
Some sub-processors (Formspree, Stripe, Google) are based in the United States. These transfers are governed by the Standard Contractual Clauses (SCC) of the European Commission (Decision 2021/914), guaranteeing a level of protection equivalent to that applicable within the EU.
7. Your Rights
Under the GDPR, you have the following rights over your personal data:
- Right of access— Obtain a copy of the data held about you.
- Right of rectification— Correct inaccurate or incomplete data.
- Right to erasure— Request deletion of your data ('right to be forgotten').
- Right to restriction— Temporarily suspend the processing of your data.
- Right to portability— Receive your data in a structured, machine-readable format.
- Right to object— Object to processing based on legitimate interest or for direct marketing purposes.
- Right to withdraw consent— At any time, without affecting the lawfulness of prior processing.
How to exercise your rights:
By email: dpo@vocalchef.fr · By post: JLAIEL STUDIO AI – DPO, 39 Rue de Bel Air, 45110 Saint-Martin-d'Abbat, France.
Response within 30 days. If unsatisfied, you may lodge a complaint with the CNIL (French data protection authority): www.cnil.fr
8. Cookies
This site uses only cookies strictly necessary for its operation (session, interface preferences). No advertising or behavioural tracking cookies are set without your prior consent.
9. Security
JLAIEL STUDIO AI implements appropriate technical and organisational measures to protect your data against unauthorised access, loss or disclosure:
- ✓Encryption of data in transit (TLS 1.3) and at rest
- ✓Data access restricted to authorised personnel (least privilege principle)
- ✓Strong authentication on administrative access
- ✓Daily encrypted backups (Supabase)
- ✓Periodic security review of code and dependencies
In the event of a data breach, we will notify the competent supervisory authority within 72 hours and affected individuals without undue delay if the breach poses a high risk, in accordance with Art. 33-34 of the GDPR.
10. Amendments to This Policy
Any material change to this policy will be notified by email to registered users with a minimum notice of 30 days before taking effect. The current version is always available at vocalchef.ai/privacy-policy.
Last updated: 07/03/2026 — vocalchef.ai
↑ Back to top