Voxta Security
How Voxta Cloud handles your data, what's encrypted, who has access, and the subprocessors we use.
Hosting
Voxta Cloud is hosted on Microsoft Azure in United States and Germany datacenters. We use Azure's built-in security features and follow modern software development and hosting practices.
Authentication
User authentication runs through OAuth2 with Google, Patreon, or Discord — we never see or store your password. We store your sign-in provider's user ID, salted and hashed before storage, to recognize your account. Your email address is received from your sign-in provider and used for billing and receipts through our payment provider, but is not stored in our own database.
API keys are hashed using SHA256 with a unique per-user salt. We never store API keys in plaintext. When you generate a new key in the portal, the old one is invalidated immediately.
Storage
- Patreon webhooks are temporarily enqueued in an Azure Storage account. They contain identifying data only long enough to renew your credits — the message is disposed immediately after processing.
- Transactions (hashed API key, credits consumed, model used) are stored in a CosmosDB instance in the United States.
- Prompts and responses are NOT stored at any layer of our stack.
Encryption
- In transit — HTTPS everywhere.
- At rest — Azure's built-in encryption (Azure Cosmos DB uses AES-256).
Because your sign-in provider's user ID is salted and hashed in our database, even Voxta staff cannot trivially link your account to its usage records without the original ID.
Access
Backend access is strictly need-to-know and limited to a small number of individuals (currently two per system). All access is logged.
Subprocessors
We engage these third parties to deliver the service. Each link points to that provider's privacy and security documentation.
Infrastructure
| Provider | Used for | Access to identifying data |
|---|---|---|
| Microsoft Azure | Hosting (Container Apps, CosmosDB, Storage, KeyVault, Log Analytics, CDN, Traffic Manager) | Yes — runs our infra |
| OAuth2 sign-in | Yes — sign-in identity | |
| Patreon | Membership & subscriptions, OAuth2 sign-in | Yes — Patreon ID source of truth |
| Discord | OAuth2 sign-in | Yes — sign-in identity |
Billing and payments are handled by Chargebee (card subscriptions & purchases), NMI / Electronic Merchant Systems (card gateway), ChargeBlast (chargeback prevention), and NOWPayments (cryptocurrency). Card numbers are tokenized by our payment partners — Voxta never receives or stores raw card numbers. See the Privacy Policy for the full subprocessor list.
AI logic & audio
| Provider | Used for | Access to identifying data |
|---|---|---|
| Deepgram | Speech-to-text | No |
| ElevenLabs | Text-to-speech | No (see note below) |
| Cartesia | Text-to-speech (low-latency) | No |
| UnrealSpeech | Text-to-speech | No |
| OpenRouter | Large language model hosting | No (logging disabled) |
| RunPod | Optional LLM hosting backend | No (our images don't log prompts) |
ElevenLabs: their API temporarily stores generated audio in their history. We've implemented immediate, continuous history deletion to counteract this. There is no way to link an audio generation back to a specific user from ElevenLabs's side.
Privacy
For a full description of what data we collect, why, and your rights, see the Privacy Policy.