StoryVox — Voice Biometric Privacy Notice
Effective Date: April 28, 2026
Last Updated: April 28, 2026
This Voice Biometric Privacy Notice (the "Biometric Notice") describes how StoryVox LLC ("StoryVox," "we," "us") collects, stores, uses, retains, and destroys voice biometric information when you use the Custom Voice (voice cloning) features of our service. It supplements our Privacy Policy and Terms of Service and is part of those documents. Capitalized terms not defined here have the meanings given in those documents.
We have written this Biometric Notice to satisfy the disclosure, consent, retention, and destruction requirements of the U.S. state laws that regulate biometric information, including the Illinois Biometric Information Privacy Act (740 ILCS 14, "BIPA"), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001, "CUBI"), and the Washington biometric identifier statute (RCW 19.375). We apply the disclosures and practices in this Notice to all users in regions where we offer voice cloning, even where a particular law does not technically apply.
We do not currently offer the Custom Voice feature in the State of Illinois.
1. What Biometric Information We Collect
When you create a Custom Voice, we collect the following items, each of which we treat as biometric information:
(a) Raw voice samples — the audio file or recording you upload or record in-product to be used as the source for the cloned voice;
(b) Voice consent recording — the spoken statement you record in your own voice (or that the voice owner records, if you are cloning someone else's voice with their consent) confirming that you (or the voice owner) consent to the cloning;
(c) Cloned voice model — the digital model, embedding, or other derived representation of the voice that we create from the raw samples and use to generate speech in that voice; and
(d) Voice metadata — limited operational metadata about the voice, including duration of samples, time of upload, the speaker name you provide, your account identifier, the consent attestation timestamp, and the configuration we apply when generating speech with the voice.
For purposes of this Biometric Notice, items (a), (b), and (c) are treated as biometric identifiers and biometric information. Item (d) is information about biometric data but is not itself biometric data.
For clarity: synthesized preview audio (short clips of the cloned voice produced for in-product playback) is the output of the cloned voice model, not a source biometric identifier. We treat synthesized previews with appropriate confidentiality, but they are not subject to the special protections described in this Notice in the way that raw samples and the model itself are.
2. Purposes of Collection and Use
We collect and use voice biometric information solely for the following purposes:
(a) to enable the Custom Voice feature you have requested — that is, to create a cloned voice from your samples and generate speech in that voice when you use the Service;
(b) to verify and document consent at the time of voice creation (your recorded statement and your attestation);
(c) to operate, secure, and protect the Service from misuse, including to investigate suspected violations of our Acceptable Use Policy or law (for example, complaints about an unauthorized clone of someone's voice);
(d) to provide customer support and respond to your requests;
(e) to comply with legal obligations and to respond to valid legal process; and
(f) to enforce our Terms of Service.
We do not use voice biometric information for any of the following:
- to sell, lease, trade, profit from, or otherwise commercially benefit from your biometric information;
- to train, fine-tune, validate, or test any artificial intelligence model, including any text-to-speech model, voice cloning model, or large language model — by default, you would have to give specific opt-in consent before we used your content for any training, and our default is no training;
- to disclose, share, or transfer your biometric information to third parties except as described in Section 5; or
- to create profiles for advertising, marketing analytics, or any cross-context behavioral purpose.
3. Written Consent
We obtain your written consent before collecting any voice biometric information. By uploading a voice sample, recording a voice consent statement, completing the in-product attestation, or otherwise initiating the creation of a Custom Voice, you provide informed written consent to:
(a) the collection of the items in Section 1;
(b) the storage of those items as described in Section 6;
(c) the uses described in Section 2;
(d) the retention schedule and destruction practices described in Sections 7 and 8;
(e) the disclosures described in Section 5; and
(f) any subsequent generation of speech using the cloned voice model in connection with your Service projects.
You may withdraw consent at any time by deleting the Custom Voice in-product, deleting your account, or contacting us at hello@storyvox.app. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal but triggers our destruction obligations described in Section 8.
For voices you create that are not your own, we additionally require:
(g) a recorded consent statement from the voice owner, in their own voice, confirming consent to be cloned by StoryVox;
(h) your separate attestation that you have the legal right to upload the samples and to grant the consents described in this Notice; and
(i) the voice owner's name, which we associate with the recorded consent statement.
The script and detailed instructions for the recorded consent statement are described in our Voice Cloning Consent Statement, which is provided to users at the time of voice creation.
4. Hard Prohibitions
Even with attempted consent, you may not create a Custom Voice using the voice of:
(a) any individual under the age of eighteen (18);
(b) any deceased person, unless you have written authorization from the rights holder of that person's voice;
(c) any current or former public official, candidate for public office, or political figure for any election-related, political, or campaign purpose;
(d) any celebrity or public figure for the purpose of impersonation, endorsement, satire that could plausibly be mistaken for the real person, or any commercial use; or
(e) any individual who has not given clear, informed, voluntary consent to be cloned by StoryVox.
These prohibitions are part of our Terms of Service and Acceptable Use Policy, and any voice that violates them will be deleted.
5. Disclosure to Third Parties
We do not sell, lease, trade, or otherwise profit from voice biometric information. We disclose voice biometric information only to:
(a) service providers acting on our written instructions and bound by confidentiality obligations consistent with this Notice. The categories of service providers that may handle voice biometric information are:
- a cloud storage provider that holds raw samples, consent recordings, voice models, and metadata in encrypted-at-rest storage;
- a GPU compute provider used to generate speech with cloned voice models; and
- a content delivery and DDoS protection provider through which biometric data is in transit only.
Specific identities of these providers are available on request to hello@storyvox.app.
(b) with your consent, when you direct us to share the information with a specific third party;
(c) to comply with law, court order, subpoena, or other valid legal process, after we evaluate the request for legitimacy and scope;
(d) to protect rights, property, or safety, including to investigate fraud, security threats, or threats of physical harm; and
(e) in a corporate transaction, including a merger, acquisition, financing, or sale of assets, in which case the recipient will be bound by terms at least as protective as this Notice.
We will update this Notice if we add, remove, or substantially change a service provider that handles voice biometric information.
6. Storage Protections
We store voice biometric information using technical and organizational measures designed to protect it from unauthorized access, use, disclosure, alteration, or destruction. Specifically:
(a) raw voice samples, voice consent recordings, and voice model artifacts are stored in private, access-controlled storage that is not publicly accessible;
(b) all transmissions of biometric information are encrypted in transit using TLS;
(c) all biometric information is encrypted at rest by our storage providers;
(d) administrative access is limited to authorized personnel under least-privilege principles, with audit logging;
(e) access to biometric information by service providers is governed by contractual confidentiality and security obligations consistent with this Notice; and
(f) we apply at least the same degree of care to biometric information as we apply to confidential and proprietary information of similar nature, and in any event no less than a reasonable standard of care.
7. Retention Schedule
We retain voice biometric information only as long as needed to fulfill the purposes for which it was collected (Section 2), or as required by law. The specific schedule:
| Item | Retention |
|---|---|
| Raw voice samples (the audio you uploaded for cloning) | Thirty (30) days from upload, or thirty (30) days from your most recent in-product "renew" action, whichever is later. We send a notice email seven (7) days before deletion with a one-click renew link. After the 30-day window expires without renewal, raw samples are scheduled for destruction per Section 8. |
| Cloned voice model | Until (a) you delete the Custom Voice; (b) you close your account; or (c) three (3) years pass with no use of the voice, whichever occurs first. |
| Voice consent recording | For the life of the related Custom Voice plus three (3) years, after which it is destroyed. We retain it longer than the model itself to document consent if challenged. |
| Voice metadata (Section 1(d)) | Until the related Custom Voice is destroyed; certain audit log entries may be retained for up to seven (7) years for legal recordkeeping. |
The three-year ceiling on the cloned voice model corresponds to the BIPA standard of "the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first." We have selected a retention schedule designed to satisfy that standard for all users, regardless of the user's home state.
If a longer retention period is required by applicable law (for example, a litigation hold), we may retain the information longer than this schedule. We document any such retention in our internal records.
8. Destruction Practices
When biometric information becomes eligible for destruction under Section 7, or when you withdraw consent, we destroy it according to the following practices:
(a) within thirty (30) days of the deletion trigger, we delete the biometric information from primary storage so that it is no longer accessible to operational systems;
(b) backup and disaster-recovery copies that contain the deleted biometric information are aged out within ninety (90) days of the deletion trigger, after which the information is rendered unrecoverable;
(c) we retain a destruction log noting the type of biometric information destroyed and the date of destruction, but the log does not preserve the biometric information itself;
(d) we instruct any service provider in possession of the biometric information to perform an equivalent destruction within the same timeframe; and
(e) we may retain (i) anonymized or de-identified information that no longer identifies any specific individual; (ii) cryptographic hashes used to prevent re-upload of previously rejected content; and (iii) records sufficient to demonstrate compliance with this Notice — none of which constitutes biometric information for the purposes of this Notice.
9. Your Rights
You have the following rights regarding voice biometric information about you:
(a) Access — you may request a copy of the biometric information we hold about you;
(b) Deletion / withdrawal of consent — you may delete a Custom Voice in-product or contact us at hello@storyvox.app; we will execute Section 8 destruction practices;
(c) Information about disclosures — you may request information about the categories of recipients to whom we have disclosed biometric information about you;
(d) Non-discrimination — we will not retaliate against you for exercising any right under this Notice; and
(e) Complaint — you may complain to your state attorney general or, in some states, your state privacy regulator.
To exercise rights, email hello@storyvox.app and include the email address associated with your account so we can verify the request. We respond within forty-five (45) days, or sooner where required by law, and may extend by up to forty-five additional days where reasonably necessary, with notice.
10. Geographic Availability of Voice Cloning
We currently offer the Custom Voice feature in the United States (excluding Illinois), Canada, Australia, and New Zealand. The feature is not available in:
- the European Economic Area;
- the United Kingdom;
- Switzerland;
- the State of Illinois;
- any country or region subject to a comprehensive U.S. economic sanction.
We may change this list at any time without notice. Geographic restrictions on the Service generally are described in our Terms of Service.
11. Changes to This Biometric Notice
We may update this Biometric Notice. The "Last Updated" date at the top reflects the most recent change. For material changes, we will provide reasonable advance notice through the Service or by email, and where applicable law requires it we will obtain renewed consent.
12. Contact
Questions, requests, or complaints about voice biometric information:
Email: hello@storyvox.app
Mail: StoryVox LLC, Attn: Privacy, 6547 N. Academy Blvd. #2206, Colorado Springs, CO 80918, United States.