VOQAL.co
PRIVACY POLICY

Your data belongs to you.
Your community. On the record.

VOQAL was built on three data sovereignty commitments — Iron Laws 22, 23, and 24. Your voice recordings are permanent evidence. Your GPS never gets sold. Your auth data never touches a third party. These are architectural rules, not policies.

Effective: May 31, 2026
Last Updated: May 31, 2026

1. Who We Are

VOQAL™ (Voice Of the Qualified And Local) is a civic intelligence platform operated by 25 Alpha LLC, a Delaware S-Corporation. Platform technology is owned by 25 ACTUAL Holdings LLC and licensed through 25 Alpha LLC.

VOQAL is powered by the X.R.A.Y. Intelligence Exchange Network (IEN) — a proprietary AI infrastructure that processes civic data according to the Iron Laws below. Every data decision in this policy is backed by an architectural enforcement rule, not just a corporate promise.

Contact: info@voqal.co · Platform: app.voqal.co

2. What We Collect

We collect only what is necessary to operate a civic accountability platform.

Civic concern text

The title, description, and category of your submission. This becomes a permanent public record once posted to the community board.

GPS coordinates

Captured when you submit with location verification enabled. Used exclusively for district routing and evidence sealing. See Iron Law 23 — never sold, never shared.

Voice recordings

When you submit by voice. Transcribed by DeepGram via our X.R.A.Y. Integration Hub. The audio is sealed in VAULT. See Iron Law 22 — immutable once sealed.

Authentication data

Phone number or email address if you create a verified account — used only for authentication, never for marketing. See Iron Law 24 — never shared with third-party auth providers.

Votes and engagement

Which issues you voted on, the timestamp, and your district. Used to calculate community priority scores and assign you credit when issues resolve.

What we never collect

We do not use Google Analytics, Facebook Pixel, or any advertising tracking technology. We do not collect device fingerprints, advertising identifiers, or behavioral profiles. Citizens never pay — no payment data is collected from the citizen tier.

3. How We Use Your Data

Your data is used for one purpose: civic accountability.

  • To post your civic concern to the public board and route it to the correct elected official
  • To assign you permanent credit when your issue is resolved by an official
  • To generate district intelligence reports for elected officials — from real community data, not surveys
  • To authenticate your identity when you choose to create a verified account
  • To detect duplicate submissions and merge them into consolidated community records

We never use your data for advertising

We never sell your data. We never share GPS coordinates beyond district routing. We never share authentication data with any third-party provider.

4. The Three Data Sovereignty Iron Laws

These are not policy statements. They are architectural enforcement rules written into the VOQAL platform code and the X.R.A.Y. IEN infrastructure. No employee, no board decision, and no court order can override them without a full system rebuild.

IRON LAW 22Audio Evidence Permanence

Your voice recording, once submitted and sealed in VAULT, is immutable community evidence. No administrator, no elected official, no VOQAL employee, and no system process can delete or alter a sealed audio record. The record belongs to the community, not to the platform.

IRON LAW 23Location Data Sovereignty

Your GPS coordinates are used exclusively for two purposes: routing your concern to the correct district, and sealing it as verified location evidence. Your coordinates are never sold, never shared with advertisers, never used for behavioral profiling, and never transferred to any third party for any reason.

IRON LAW 24Auth Data Sovereignty

Your phone number and email address are stored encrypted in VAULT. They are never shared with any third-party authentication provider, analytics service, data broker, or advertising platform. Our authentication system (CIVIC-AUTH) is proprietary — no third-party SDK ever receives your auth data.

5. Data Retention

ARCEB audit logs7 years, immutable

Cannot be deleted by any party. Permanent accountability record required by our SOC 2 compliance path.

Voice recordings7 years in VAULT

Sealed evidence. Immutable under Iron Law 22.

Civic concernsPermanent public record

Once posted to the public board, civic concerns are permanent. This is the point of the platform.

Authentication dataActive account duration

Deleted within 30 days of a verified account deletion request.

GPS coordinatesPermanent as part of sealed issue record

Coordinates are attached to the civic concern record, which is permanent.

Vote recordsPermanent

Used to compute community priority scores and your permanent Civic Impact Score.

6. Your Rights — GDPR / CCPA

You have the following rights over your data:

Access

Request a copy of all data VOQAL holds about you. Email info@voqal.co with the subject line "Data Access Request."

Export

Use the VDSE one-click export in your account settings to download all your data within 60 seconds.

Deletion

Request deletion at app.voqal.co/account/delete. Note: civic concerns posted to the public board are permanent public records and cannot be removed (Iron Law 17 — citizen credit is permanent).

Correction

Contact info@voqal.co to correct inaccurate authentication data.

Opt-out of sale

We do not sell your data. This right is satisfied by default.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive data — audio recordings, escalation records, and authentication credentials — is stored in VAULT, a dedicated encrypted storage system.

We follow SOC 2 Type II security practices. Authentication is passwordless — no passwords are ever stored. Infrastructure runs on AWS us-east-1 with secrets managed through AWS Secrets Manager.

8. Third-Party Services

All third-party integrations route through the X.R.A.Y. Integration Hub (XIH) — a proprietary adapter layer that prevents third-party services from accessing citizen identity data directly.

DeepGramVoice transcription

Processes audio via XIH. DeepGram never receives raw citizen identity data.

ResendEmail notifications

Processed via XIH. Your email address is never stored in Resend's systems.

StripePaid tier subscriptions only

Applies to Organizer, Campaign Pro, Official, Director, and Civic Alumni tiers. Citizens never pay.

AWSInfrastructure hosting

All data stored in us-east-1. Subject to AWS Data Processing Agreement.

SentryError monitoring

Application errors only. No personally identifiable data is sent to Sentry from citizen-facing flows.

9. Contact

Privacy inquiries, data access requests, and deletion requests:

info@voqal.coData Deletion Request → app.voqal.co/account/delete

25 Alpha LLC · Privacy · voqal.co · Last updated May 31, 2026.

Read our Terms of Service →