Legal · Last updated November 2026

Privacy Policy

This policy describes how the VoicEra project — maintained by the Coalition for Open Source Software (COSS) India — collects and processes personal data on voicera.in and in officially maintained reference deployments. Anyone self-hosting the VoicEra stack is a separate data controller and must publish their own policy.

Who we are

VoicEra is an open Digital Public Good developed by COSS India with EkStep, IIIT-Bangalore and AI4Bharat. This policy is issued by COSS India, C/o COSS, Bengaluru, India, reachable at info@coss.org.in.

What we collect on this website

  • Contact form submissions: name, work email, organisation, and the message you type. This is sent to info@coss.org.in with a copy to your own email address.
  • Basic request logs: IP address, user agent, and timestamps kept for up to 30 days for security and abuse prevention.
  • Anonymous analytics: page views and coarse geography (country only), used to understand which content is useful. We do not use advertising or cross-site tracking cookies.

What the VoicEra reference sandbox collects

The hosted sandbox at sandbox.voicera.in exists so people can try building an agent without installing anything. When you place a test call, we process the audio in real time to transcribe, respond and synthesise speech. Audio is not retained after the call ends. Anonymised transcripts of test calls may be kept for up to 7 days for debugging, and are then deleted.

The sandbox is for evaluation only. Do not use it with real citizen data, PII, or PHI. Production deployments are expected to run in the operating institution's own infrastructure.

Lawful bases

  • Consent — when you submit the contact form or place a test call in the sandbox.
  • Legitimate interest — running the website securely, preventing abuse, and improving documentation.
  • Legal obligation — where applicable Indian law requires us to retain or disclose information.

How long we keep data

  • Contact enquiries: up to 24 months from your last interaction with us.
  • Request logs: up to 30 days.
  • Sandbox debug transcripts: up to 7 days.
  • Aggregate, non-identifying analytics: indefinite.

Who we share data with

We do not sell personal data. We share it only with (a) infrastructure providers strictly needed to serve this website and the sandbox, under written data processing terms, and (b) authorities when required by applicable law.

Your rights

You can ask us to access, correct, export or delete your personal data by emailing info@coss.org.in with the subject line 'Privacy request'. We aim to respond within 15 working days.

Changes to this policy

We will update this page whenever the underlying practice changes and note the revision date at the top. Material changes will be highlighted for at least 30 days.

Questions? Write to info@coss.org.in or use our contact form.