Privacy Policy

Welcome to Spoken, an AI-powered voice notes application designed to help you capture, organize, and transform your thoughts with unprecedented ease. We understand that when you speak your mind into our app, you are trusting us with something deeply personal. That trust is not something we take lightly.

This Privacy Policy has been crafted to give you complete transparency about how we collect, use, store, and protect your personal information. We believe you deserve to know exactly what happens to your data, and we have written this document in plain language rather than dense legal jargon so that you can make informed decisions about using our service.

By downloading Spoken from the Google Play Store, creating an account, or using any of our services, you are agreeing to the practices described in this policy. If you disagree with any aspect of this policy, we respectfully ask that you discontinue using our application. However, we are confident that once you understand our commitment to your privacy, you will feel comfortable trusting Spoken with your voice notes, ideas, and daily tasks.

This policy applies to all users of the Spoken mobile application, our website at spoken.app, and any related services we provide. Whether you are using our free tier or enjoying the enhanced features of Spoken Pro, the same privacy protections apply to you.

We collect information to provide you with the best possible experience. We are committed to collecting only what is necessary and being transparent about every piece of data we gather.

Every piece of information we collect serves a specific purpose in making Spoken work for you. We do not collect data simply because we can. Instead, we are intentional about what we gather and how we use it.

Providing Core Services: We use your account information to authenticate you and keep your account secure. Your voice recordings are processed to generate accurate transcriptions using advanced AI technology. Your text content is stored to enable cloud synchronization, ensuring your notes, tasks, and transcriptions are available on all your devices whenever you need them.

Powering AI Features: The intelligence behind Spoken relies on processing your content through AI services. When you request a summary of your note, extract action items, translate content, or rewrite text in a different style, your content is sent to our AI processing services. These services analyze your content to deliver the requested feature and then discard the data. We do not use your personal content to train AI models.

Improving the Application: Aggregated and anonymized usage data helps us understand which features are most valuable to our users and where we should focus our development efforts. Crash reports and error logs allow our engineering team to identify and fix issues quickly, ensuring a stable and reliable experience for everyone.

Communication: We use your email address to send essential account notifications, such as password reset requests, security alerts, and important updates about our terms or privacy practices. If you are a Pro subscriber, we may also send you information about your subscription status. We do not send promotional emails unless you explicitly opt in to receive them.

Security and Fraud Prevention: We analyze login patterns, device information, and IP addresses to detect and prevent fraudulent activity, unauthorized access attempts, and other security threats. This helps us protect your account and maintain the integrity of our platform.

Security is not an afterthought at Spoken. It is built into every layer of our infrastructure. We understand that your voice notes may contain sensitive information, from personal reflections and journal entries to important business ideas and confidential discussions. Protecting this content is our top priority.

Voice Recording Storage: Your original audio recordings are stored exclusively on your device. They never leave your phone unless you explicitly choose to share them. This local-first approach means that even if our servers were compromised, your voice recordings would remain safe on your personal device.

Cloud Data Encryption: All text-based content, including your transcriptions, notes, tasks, and account information, is encrypted both in transit and at rest. Data transmitted between your device and our servers is protected using TLS 1.3, the latest and most secure transport layer protocol available. Once stored in our database, your content remains encrypted using industry-standard AES-256 encryption.

Infrastructure Security: Our backend infrastructure is hosted on Google Cloud Platform, which provides enterprise-grade security, including advanced threat detection, regular security audits, and compliance with numerous international security standards. We use Google Firebase for authentication and data storage, benefiting from Google's extensive security expertise and infrastructure.

Access Controls: Access to user data within our organization is strictly limited to employees who require it for their job responsibilities, such as providing customer support or maintaining our systems. All access is logged and monitored, and employees undergo background checks and security training.

Data Retention: Your data remains in your account for as long as you choose to use Spoken. Items you move to the trash are automatically deleted after 30 days. If you delete your account, we initiate a complete data purge that removes all your personal information from our systems within 30 days, except for any data we are legally required to retain.

To provide you with the best possible experience, we partner with carefully selected third-party services. Each partner has been evaluated for their security practices and commitment to privacy. Below is a complete list of the third-party services we use and how they interact with your data.

Google Firebase: We use Firebase for user authentication, database storage, and cloud functions. Firebase is part of Google Cloud Platform and adheres to Google's strict privacy and security standards. Your account credentials are handled by Firebase Authentication, which means we never have direct access to your password. Your transcriptions, notes, and tasks are stored in Firebase Firestore, a secure NoSQL database with automatic encryption.

Google Gemini AI: Our AI-powered features, including transcription, summarization, translation, and text rewriting, are powered by Google's Gemini AI. When you use these features, the relevant content is sent to Google's AI services for processing. Google processes this data in accordance with their AI data usage policies, which include commitments not to use customer data to train their models without consent.

Google Analytics: We use Google Analytics to understand how users interact with our app. This service collects anonymized usage data, including screen views, feature usage patterns, and session duration. You can opt out of analytics collection through the app settings.

Google Play Services: For Android users, we integrate with Google Play Services for features such as in-app purchases, subscription management, and app distribution. Google Play processes subscription payments and handles billing-related communications.

We do not sell your personal information to any third party. We do not share your personal content with advertisers. The third-party services listed above receive only the minimum data necessary to perform their specific functions.

We believe you should have full control over your personal information. Regardless of where you live, we extend the following rights to all Spoken users because we believe they represent the right way to treat your data.

Right to Access: You can request a complete copy of all personal data we hold about you. This includes your account information, transcriptions, notes, tasks, and usage data. You can access most of this information directly within the app, or you can contact us for a comprehensive data export.

Right to Deletion: You can delete your account and all associated data at any time through the app settings. When you request deletion, we remove your personal information from our active systems within 30 days. Backup copies are purged during our regular backup rotation cycles.

Right to Data Portability: You can export your notes, transcriptions, and tasks in standard formats, allowing you to take your data with you if you choose to stop using Spoken. We believe your data belongs to you, and you should never feel locked into our service.

Right to Correction: If any of your personal information is inaccurate, you can update it directly in the app settings or by contacting our support team.

Right to Opt Out: You can disable analytics collection in the app settings if you prefer not to share usage data with us. This will not affect the core functionality of Spoken.

Right to Withdraw Consent: Where we rely on your consent to process data, you can withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing that occurred before the withdrawal.

Spoken is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us immediately through our contact page. We will work with you to ensure the information is removed promptly.

For users between 13 and 18 years of age, we recommend that a parent or guardian review this Privacy Policy and supervise the use of the application to ensure the information shared is appropriate.

Spoken is used by people around the world, and your data may be transferred to and processed in countries other than your own. Our servers and third-party service providers are primarily located in the United States and other countries where Google Cloud Platform operates data centers.

When we transfer your data internationally, we ensure that appropriate safeguards are in place to protect your information. These safeguards include using services that comply with international data protection frameworks and ensuring that our data processing agreements meet the requirements of applicable privacy laws.

If you are located in the European Economic Area, United Kingdom, or other jurisdictions with data protection laws, we ensure that any international transfers of your personal data are made with appropriate safeguards in accordance with applicable legal requirements.

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security practices are continuously reviewed and updated to address emerging threats.

Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3. Data stored in our databases is encrypted at rest using AES-256 encryption. This means your information is protected both in transit and while stored.

Secure Authentication: We use Google Firebase Authentication, which provides robust security features including secure password hashing, protection against brute force attacks, and support for two-factor authentication through your Google account.

Regular Security Audits: We conduct regular security assessments of our systems and code to identify and address potential vulnerabilities. Our infrastructure on Google Cloud Platform benefits from Google's continuous security monitoring and threat detection.

Incident Response: In the unlikely event of a security breach, we have procedures in place to respond quickly and effectively. We will notify affected users and relevant authorities in accordance with applicable laws.

While we take all reasonable precautions to protect your data, no system is completely immune to security risks. We encourage you to use a strong, unique password for your account and to keep your device's operating system and the Spoken app updated to the latest versions.

As Spoken evolves and as privacy regulations change, we may need to update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this document.

For significant changes that materially affect how we handle your personal information, we will provide prominent notice through the app, such as an in-app notification, or by sending an email to the address associated with your account. We will always give you the opportunity to review changes before they take effect.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of Spoken after any changes indicates your acceptance of the updated policy.

We are committed to being transparent and responsive about our privacy practices. If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, we genuinely want to hear from you.

Whether you want to exercise your data rights, report a privacy concern, request clarification about our practices, or simply share feedback about how we can improve, our team is ready to assist you.

Privacy Inquiries

Get in Touch →

We typically respond to privacy-related inquiries within 48 hours.

Thank you for trusting Spoken with your voice notes and ideas. We are honored by that trust and committed to protecting your privacy every step of the way.