Privacy Policy

Voco (“Voco”, “we”, “us”, “our”) provides a real-time sermon translation platform for churches and congregations. Our service is operated from the United Kingdom. For data protection queries, contact us at privacy@voco.church.

Account data (admin users only)

• Email address (required to authenticate via magic link)
• Church name (provided at sign-up)
• Your unique church URL slug (e.g. voco.church/c/your-church)
• Subscription and billing status (managed via Stripe; we do not store card details)

Service data

• Event names and scheduled languages
• Transcript segments — the text output of speech-to-text processing, stored per service
• Translations of each segment in your selected languages

Attendee data

Attendees (congregation members) are entirely anonymous. No account, no login, no personal data is collected from attendees. We record a connection count per event for analytics displayed in your dashboard.

Technical data

• Server access logs (IP addresses, request timestamps) — retained for 30 days for security purposes
• Anonymised usage analytics (page views, feature usage) — no cross-site tracking

Live sermon audio is captured in your browser and streamed directly to Deepgram Inc. for speech-to-text processing. Audio is processed in memory and is not stored by Deepgram or Voco after transcription. Only the resulting text transcript is stored in your Voco account.

Deepgram's privacy policy is available at deepgram.com/privacy.

• To provide the service — authentication, event management, real-time translation delivery
• To process payments — subscription billing via Stripe
• To send transactional emails — magic link sign-in, billing receipts. We do not send marketing emails without your consent.
• To improve Voco — anonymised usage data helps us understand which features are used and where we can improve accuracy
• To comply with legal obligations — we may process data as required by law

When you use Voco to run a live service, your church acts as the data controller for any personal data processed through that service (e.g. the voice of your preacher). Voco acts as a data processor on your behalf, processing that data only on your documented instructions.

If your church is subject to UK GDPR or EU GDPR, you can request a Data Processing Agreement (DPA) from us at any time by emailing privacy@voco.church. We will provide a signed DPA within 5 business days.

We share data with the following sub-processors solely to deliver our service:

† International transfers to the USA are covered by Standard Contractual Clauses (SCCs) under UK GDPR Article 46(2)(c).

• Account data — retained for as long as your account is active. Deleted within 30 days of account closure.
• Transcripts and translations — retained for 90 days by default. You can delete individual events (and all associated transcripts) at any time from your dashboard.
• Access logs — retained for 30 days then automatically purged.
• Billing records — retained for 7 years as required by UK law.

As a data subject you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate data
• Erasure (“right to be forgotten”) where there is no overriding legal basis for processing
• Restriction of processing in certain circumstances
• Portability — export your account data in a machine-readable format
• Object to processing based on legitimate interests

To exercise any right, email us at privacy@voco.church. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

We use cookies in the following categories:

• Strictly necessary — a single session cookie set by Supabase Auth to keep you signed in. This cannot be disabled while using the admin dashboard.
• Analytics (optional) — Google Analytics 4, loaded only after you accept analytics cookies via our consent banner. All data is anonymised (IP masking enabled). You can withdraw consent at any time by clicking “Cookie settings” in the footer.
• Marketing (optional) — Meta Pixel, loaded only after you accept marketing cookies via our consent banner. Used to measure the effectiveness of any paid advertising we run. Not used for retargeting attendees.

Our consent banner is powered by CookieYes. Your preferences are stored locally and respected on every visit. Attendee pages (/c/…) do not load any analytics or marketing cookies — only the admin dashboard does.

Voco is not directed at individuals under 16. If you believe a child has created an account, please contact us immediately at privacy@voco.church and we will delete the account promptly.

We may update this policy from time to time. If we make material changes we will notify admin users by email at least 14 days before the changes take effect. The effective date at the top of this page will always reflect the most recent version.