Legal
Privacy Policy
Effective date: 1 May 2026· Operated by Voco Ltd, England & Wales
1. Who we are
Voco (“Voco”, “we”, “us”, “our”) provides a real-time sermon translation platform for churches and congregations. Our service is operated from the United Kingdom. For data protection queries, contact us at privacy@voco.church.
2. What data we collect
Account data (admin users only)
- Email address (required to authenticate via magic link, password, or OAuth)
- Church name (provided at sign-up)
- Your unique church URL slug (e.g.
voco.church/c/your-church) - Subscription and billing status (we do not store card details)
Service data
- Event names
- Transcript segments — the text output of speech-to-text processing, stored per service
- Translations of each segment in your selected languages
Attendee data
Attendees (congregation members) are entirely anonymous. No account, no login, no personal data is collected from attendees. We record a connection count per event for analytics displayed in your dashboard.
Technical data
- Server access logs (IP addresses, request timestamps) — retained for 30 days for security purposes
- Anonymised usage analytics (page views, feature usage) — no cross-site tracking
3. Audio processing
Live sermon audio is captured in your browser and securely streamed for speech-to-text processing. Audio is processed transiently and is not stored by Voco after transcription. Only the resulting text transcript is stored in your Voco account.
4. How we use your data
- To provide the service — authentication, event management, real-time translation delivery
- To process payments — subscription billing, payment methods, and invoices
- To send transactional emails — sign-in links, password reset links, and billing receipts. We do not send marketing emails without your consent.
- To improve Voco — anonymised usage data helps us understand which features are used and where we can improve accuracy
- To comply with legal obligations — we may process data as required by law
5. Churches as data controllers
When you use Voco to run a live service, your church acts as the data controller for any personal data processed through that service (e.g. the voice of your preacher). Voco acts as a data processor on your behalf, processing that data only on your documented instructions.
If your church is subject to UK GDPR or EU GDPR, you can request a Data Processing Agreement (DPA) from us at any time by emailing privacy@voco.church. We will provide a signed DPA within 5 business days.
6. Third-party processors
We use carefully selected infrastructure and processing sub-processors solely to deliver Voco. To avoid exposing operational implementation details publicly, the current named sub-processor list is provided to customers under our Data Processing Agreement or on request at privacy@voco.church.
| Processor category | Purpose | Location |
|---|---|---|
| Application hosting and database | Hosting, authentication, realtime delivery, and secure data storage | UK / EU / USA † |
| Speech-to-text processing | Transient live audio processing into text | UK / EU / USA † |
| Translation processing | Live translation and optional cleaned transcript export | UK / EU / USA † |
| Payment processing | Subscription billing, payment methods, invoices, and billing portal access | UK / EU / USA † |
| Transactional email | Sign-in links, password resets, service notifications, and account emails | UK / EU / USA † |
† International transfers to the USA are covered by Standard Contractual Clauses (SCCs) under UK GDPR Article 46(2)(c).
7. Data retention
- Account data — retained for as long as your account is active. Deleted within 30 days of account closure.
- Transcripts and translations — retained for 90 days by default. You can delete individual events (and all associated transcripts) at any time from your dashboard.
- Access logs — retained for 30 days then automatically purged.
- Billing records — retained for 7 years as required by UK law.
8. Your rights (UK GDPR)
As a data subject you have the right to:
- Access the personal data we hold about you
- Rectification of inaccurate data
- Erasure (“right to be forgotten”) where there is no overriding legal basis for processing
- Restriction of processing in certain circumstances
- Portability — export your account data in a machine-readable format
- Object to processing based on legitimate interests
To exercise any right, email us at privacy@voco.church. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.
9. Cookies
We use cookies in the following categories:
- Strictly necessary — a session cookie used to keep you signed in. This cannot be disabled while using the admin dashboard.
- Analytics (optional) — Google Analytics 4, loaded only after you accept analytics cookies via our consent banner. All data is anonymised (IP masking enabled). You can withdraw consent at any time by clicking “Cookie settings” in the footer.
- Marketing (optional) — Meta Pixel, loaded only after you accept marketing cookies via our consent banner. Used to measure the effectiveness of any paid advertising we run. Not used for retargeting attendees.
Our consent banner is powered by CookieYes. Your preferences are stored locally and respected on every visit. Attendee pages (/c/…) do not load any analytics or marketing cookies — only the admin dashboard does.
10. Children's data
Voco is not directed at individuals under 16. If you believe a child has created an account, please contact us immediately at privacy@voco.church and we will delete the account promptly.
11. Changes to this policy
We may update this policy from time to time. If we make material changes we will notify admin users by email at least 14 days before the changes take effect. The effective date at the top of this page will always reflect the most recent version.