Voley
SolutionsPricingContact

Privacy Policy

Last updated: February 2026

Introduction

Voley, LLC ("Voley," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business communication platform designed for insurance agencies (the "Services").

Our Services enable insurance agencies to communicate with clients via SMS, MMS, and voice calls, collaborate internally through team chat, and integrate with agency management systems like HawkSoft. This policy covers how we handle data across all these features.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

Information We Collect

Account Information

When you create an account, we collect:

  • Name (first and last)
  • Email address
  • Phone number
  • Agency or company name
  • Password (stored securely hashed)
  • Role within your organization (admin or agent)

Client and Contact Information

To provide messaging services, we store information about your clients:

  • Contact names and phone numbers
  • Email addresses (when provided)
  • Tags and notes you add to contacts
  • External identifiers (e.g., HawkSoft client IDs) for integration purposes

Communication Content

We process and store communication data including:

  • SMS and MMS messages: Text content, media attachments (images, files up to 10MB), timestamps, and delivery status
  • Voice calls: Call metadata including duration, timestamps, and caller/recipient information. Call recordings are only stored if explicitly enabled by your organization.
  • Team chat messages: Internal messages between team members in channels and direct messages
  • Internal notes: Notes added to client conversations visible only to your team

Message encryption: Client message content is encrypted at rest in our database. Messages in transit are protected via TLS encryption.

Integration Data

If you connect third-party services like HawkSoft:

  • API credentials (stored encrypted)
  • Client data synced from your AMS (names, phone numbers, client IDs)
  • Logging records sent to your AMS

We only access data from integrated systems as directed by you and necessary to provide the Services. For HawkSoft specifically, we read client information but never modify your HawkSoft data except when logging conversations as you direct.

Payment Information

We use third-party payment processors (such as Stripe) to handle billing. We do not store full credit card numbers on our servers. We retain:

  • Billing contact information
  • Transaction history and invoices
  • Subscription plan details
  • Message credit usage

Automatically Collected Information

  • Usage data: Features used, pages visited, actions taken, message volumes
  • Device information: Browser type, operating system, device type, screen resolution
  • Log data: IP addresses, access times, error logs, referring URLs
  • Cookies: Session cookies to maintain your login state and preferences

How We Use Your Information

We use collected information to:

  • Provide the Services: Send and receive messages on your behalf, facilitate calls, enable team collaboration
  • Process transactions: Bill your subscription, track message credit usage, handle overage charges
  • Maintain integrations: Sync contacts with HawkSoft, log conversations to client records
  • Improve the platform: Analyze usage patterns, fix bugs, develop new features
  • Communicate with you: Send service announcements, respond to support requests, notify you of important changes
  • Ensure compliance: Meet carrier requirements for A2P messaging registration, maintain records for regulatory purposes
  • Protect the Services: Detect fraud, prevent abuse, enforce our terms

Third-Party Service Providers

We work with trusted third parties to provide the Services:

Twilio (Messaging and Voice)

We use Twilio to send and receive SMS/MMS messages and handle voice calls. When you send a message or make a call through Voley, that communication is processed by Twilio. Twilio's privacy policy governs their handling of this data. We have a Data Processing Agreement with Twilio.

Cloud Infrastructure

Our Services run on cloud infrastructure providers (including AWS and Railway) that host our servers and databases. These providers have robust security certifications and practices.

Authentication

We use Stytch for secure authentication, including login, password management, and session handling.

Payment Processing

Payment information is processed by Stripe. We never see or store your full credit card number.

Information Sharing

We do not sell your personal information or your clients' information.

We may share information in these circumstances:

  • With service providers: As described above, to parties that help us deliver the Services
  • With integrations you enable: When you connect HawkSoft or other services, we share data as needed for those integrations to function
  • Within your organization: Team members in your Voley account can see conversations, contacts, and related data based on their permissions
  • For legal reasons: When required by law, subpoena, or legal process, or to protect rights and safety
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections

Data Security

We implement multiple layers of security:

  • Encryption: Message content encrypted at rest; all data encrypted in transit via TLS
  • Access controls: Role-based permissions (admin vs. agent), secure authentication
  • Infrastructure security: Hosted on SOC 2 compliant cloud providers with physical security
  • Monitoring: Automated security monitoring and logging
  • Credential protection: Passwords hashed, third-party integration credentials (e.g., HawkSoft) encrypted with AES-256

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

Data Breach Notification

In the event of a security breach that results in unauthorized access to your personal information, we will:

  • Investigate and take steps to contain the breach promptly
  • Notify affected users and, where required, applicable regulatory authorities within the timeframes mandated by law (no later than 60 days from discovery, per Utah Code § 13-44-202, or sooner if required by other applicable state laws)
  • Provide a description of the information involved, the steps we are taking in response, and recommendations for protecting yourself

We maintain incident response procedures to ensure timely detection, investigation, and notification of security incidents.

HIPAA and Protected Health Information (PHI)

The Voley platform is not designed for the transmission, storage, or processing of Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA").

Important disclaimers:

  • Voley is not a "covered entity" or "business associate" under HIPAA
  • We do not offer HIPAA-compliant messaging services
  • SMS and MMS messaging are inherently insecure communication channels
  • You should not use Voley to transmit PHI or sensitive medical information

While insurance agencies may handle health-related information in certain contexts, you are responsible for determining what information is appropriate to communicate via text messaging and for complying with all applicable privacy laws.

Compliance Tools and Assistive Features

Voley provides various compliance-supporting features:

  • Consent tracking: We track consent status for contacts to help you manage messaging permissions
  • Opt-out detection: We automatically detect opt-out keywords (STOP, etc.) and suppress further messages
  • Content warnings: Our compliance checker may flag potentially risky phrases in messages
  • Audit logging: We maintain logs of messaging activity for compliance review

These features are assistive in nature. They are designed to help you manage compliance but do not guarantee compliance with any law or regulation. We do not:

  • Independently verify that you have obtained proper consent
  • Scrub phone numbers against the National Do Not Call Registry
  • Determine whether any specific message is permissible under applicable law
  • Provide legal advice regarding your messaging practices

You remain solely responsible for compliance with TCPA, DNC rules, state laws, and other applicable regulations.

Data Retention

We retain data as follows:

  • Account data: Retained while your account is active and for a reasonable period after closure for legal and business purposes
  • Message content: Retained according to your organization's settings. Many insurance agencies require message retention for compliance purposes. Default retention is indefinite unless you request deletion.
  • Call records: Metadata retained indefinitely; recordings (if enabled) retained per your settings
  • Team chat: Retained while your account is active
  • Billing records: Retained as required for tax and accounting purposes (typically 7 years)

You can request data export or deletion by contacting us. Note that we may need to retain certain data to comply with legal obligations or resolve disputes.

Your Rights and Choices

Access and Correction

You can access and update your account information through the Settings section of Voley. For data we hold that isn't directly editable, contact us.

Data Export

You can export your conversations and contact data from within Voley.

Deletion

You can request deletion of your account and associated data. Some data may be retained as required by law or for legitimate business purposes.

Opt-Out of Marketing

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or contacting us. Note that you will still receive transactional and service-related communications.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know: Request information about the categories and specific pieces of personal information we've collected
  • Right to delete: Request deletion of your personal information, subject to exceptions
  • Right to opt-out of sale: We do not sell personal information
  • Non-discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at support@voley.us.

Children's Privacy

Our Services are designed for business use and are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Our Services are operated in the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S. By using the Services, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy and updating the "Last updated" date. For significant changes, we may also send an email notification. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, please contact us:

Voley, LLC

1555 Freedom Blvd 200 W

Provo, UT 84604

Email: support@voley.us

Back to HomeTerms of Service