Privacy Policy

Identity of the data controller

Vopway Ltd. acts as the data controller for the personal data processed through the Vopway web app, backend services, and connected mobile experiences.

Vopway Ltd. is registered in England & Wales under company number 17276149.

Registered address: 124 City Road, London, United Kingdom, EC1V 2NX.

Privacy and DPO contact: privacy@vopway.com

Categories of personal data collected

  • Identity and account data such as first name, last name, email, pseudo, and role.
  • Location data such as live map positions and historical location points.
  • Audio and communication data such as push-to-talk messages and message metadata.
  • Device and session data such as IP address, device identifiers, user agent, and auth sessions.
  • Payment and billing metadata such as Stripe customer IDs, invoices, and subscription status.

Legal basis for processing

  • Contract performance for account creation, authentication, subscriptions, and core communications.
  • Consent for acceptance of the Terms of Service, Privacy Policy, and browser storage preferences.
  • Legitimate interest for platform security, abuse prevention, service reliability, and auditability.

Data retention periods

  • Account profile data is retained until deletion of the account or a valid erasure request.
  • Location history is scheduled for deletion after 90 days.
  • Messages are planned to be retained for 12 months by default, then purged automatically.
  • Inactive auth sessions are planned for cleanup after 90 days, with revoked sessions removed earlier.
  • Billing records may be retained longer where legal, tax, or accounting obligations apply.

Third-party processors

  • Stripe for subscription billing and payment operations.
  • Firebase / Google services for push notifications and related infrastructure.
  • Railway-hosted S3-compatible storage for profile and media asset hosting.
  • Mapbox for map rendering and geospatial interface features.
  • Railway for backend hosting and platform operations.

Data subject rights

Users can request access, rectification, erasure, restriction, portability, or objection in line with GDPR Articles 15 to 21. Existing product features are being expanded so users can manage exports, deletion, and consent history directly.

Right to lodge a complaint

If you believe your data has been processed unlawfully, you may lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO). If you are resident in the EU, you may instead contact your local supervisory authority — for example, the CNIL in France.

International data transfers

Some processors used by Vopway operate from, or transfer data to, the United States. Where required, transfers from the United Kingdom rely on the UK Extension to the EU-US Data Privacy Framework, or on Standard Contractual Clauses together with the UK International Data Transfer Addendum (IDTA). Transfers from the EU rely on the EU-US Data Privacy Framework or Standard Contractual Clauses. These safeguards apply while the processor review is completed.

Cookie and localStorage usage

Vopway uses browser storage for authentication persistence, language and theme preferences, and invitation handoff. Users can accept or decline persistent storage through the in-app consent banner.

Contact for GDPR requests

For privacy, erasure, export, or objection requests, contact privacy@vopway.com.