Legal

Privacy Policy

Last updated: February 2026

Overview

Vockal is designed around a simple principle: minimum data, maximum trust. There are no user accounts, no passwords, and no profiles. Authentication is handled entirely through device pairing.

Information Collected

Audio Streams

Voice audio is streamed from your mobile device to our server in real-time. The audio is forwarded to a third-party provider for speech-to-text transcription. Raw audio is never stored on Vockal servers - it exists only in-transit during transcription.

Device Tokens

When you pair your mobile and desktop devices, unique tokens are generated. Tokens are stored securely on each device using platform-native encryption. These tokens are the only "credentials" in the system.

Screenshots

Vockal's AI agent may capture screenshots of your desktop to verify action results. Screenshots are auto-deleted within 1 hour of capture and are only used for real-time action verification.

Usage Data

We track daily action counts per device for plan enforcement. This data is numeric only and contains no content from your actions.

Email (Optional)

An email address is only collected if you choose to enable device recovery. It is used solely for sending 6-digit verification codes and is not used for marketing.

Audio Data

Audio is streamed to a third-party speech-to-text provider for real-time transcription. Once transcribed, the audio is discarded. Vockal does not store, replay, or retain any audio recordings.

Device Authentication

Vockal uses device pairing instead of traditional accounts. Your desktop displays a QR code, your phone scans it, and a secure pairing is established. No usernames, no passwords, no OAuth. The device tokens are the sole authentication mechanism.

User Data Deletion

All action data - including AI outputs and screenshots - can be permanently deleted by you at any time through the mobile or desktop app.

Payments

All payment processing is handled by a third-party payment processor. Vockal never sees, stores, or processes your card numbers or financial information.

Third-Party Services

  • Speech-to-text transcription (audio streamed in real-time)
  • AI processing for intent understanding and action planning
  • Payment processing for paid plans

Each service receives only the minimum data required for its function. No data is shared beyond what is operationally necessary.

Data Sales

Vockal does not sell, rent, or trade any user data. Ever.

Security

All desktop actions are cryptographically signed using a secret key that exists only on your paired devices. The server relays commands but cannot forge or tamper with them. Certain categories of actions (shell commands, system modifications) are permanently banned.

Contact

For privacy-related inquiries, contact us at privacy@vockal.app