Privacy Policy

Last updated: April 16, 2026

Quick Jump

1. Data Collection
2. Third-Party Processors
3. Data Retention
4. Your Rights
5. International Transfers
6. Children's Privacy
7. Changes to Policy
8. Contact Us

At Convoxa, we believe privacy is not a feature—it is a fundamental right. We have architected our service to collect only the absolute minimum data required to function. This policy outlines our commitment to your data security in compliance with GDPR (EU), CCPA (California), and the EU AI Act.

1. Data Collection & Processing

Convoxa is designed to give you full control over your data. You can choose between On-Device (Offline) or Cloud (Online) processing for both transcription and note generation.

A. Transcription

On-Device Mode: Audio is transcribed entirely on your iPhone. No audio or text leaves your device.
Cloud Mode: Audio is processed using enterprise-grade infrastructure for maximum accuracy. Audio is deleted immediately after transcription, following strict automated cleanup protocols. It is never used for training.

B. Note Generation

On-Device Mode: Summaries are generated entirely on your iPhone using Apple Intelligence. No text leaves your device.
Cloud Mode: Transcripts are processed using secure cloud-based AI models to provide high-quality meeting notes. Processing occurs entirely in memory—transcripts are never written to disk, stored, or used for training.

Note: To maintain a seamless workflow, Cloud-based transcription must be paired with Cloud-based note generation. In all cases, your final recordings and notes are stored in your personal iCloud, not on our servers.

C. Account & Metadata

To operate and secure the service, we collect:

Anonymous Identification: We do not require an email or traditional sign-in. Instead, we use a random unique identifier (UUID) stored in your iCloud Keychain to manage your account and subscription. This identifier contains no personal information and cannot be used to identify you outside of our service.
Account Identifiers: Your random account UUID links to your subscription tier and quota management. For transaction processing, we also use an anonymous transaction identifier.
Usage Logs: Timestamp, duration of recording, locale, processing mode (Cloud/On-Device), and success/failure status.
Technical Data: Processing time, language locale, and token counts for subscription quota management.

The Golden Rule: These logs never contain the content of your audio, any part of your transcripts, or your generated notes.

D. Zero Tracking & No Ads

Convoxa is built for you, not for advertisers. We provide an ad-free experience and do not engage in invasive tracking:

No Ad SDKs: We do not include any advertisement SDKs or trackers.
No Marketing Pixels: We do not use Meta Pixels, Google Analytics, or social media tracking.
No Data Brokering: We never sell, rent, or trade your data to third parties.

2. Third-Party Processors

We partner with industry-leading infrastructure providers who adhere to strict security standards. Our cloud partners maintain SOC 2 Type II, HIPAA, and ISO 27001 compliance programs.

Provider	Service	Data Policy
Apple	App Distribution, iCloud Keychain & Payments	Securely stores your account identifier in iCloud Keychain, hosts the app, processes all payments, and manages encrypted data sync. We never see your payment details.
Soniox	Audio Transcription (Cloud Mode)	No Permanent Storage. Audio is processed and immediately deleted. Audio is not retained beyond processing. Our cloud partners maintain SOC 2 Type II and HIPAA compliance programs. No training allowed.
Google Cloud Vertex AI	AI Note Generation (Cloud Mode)	In-Memory Processing Only. Transcripts are processed for note generation and discarded immediately. No data is written to disk or retained. Our cloud partners maintain SOC 2 Type II, HIPAA, and ISO 27001 compliance programs. No training allowed.
Cloudflare	Cloud Infrastructure	Processes encrypted traffic and provides temporary storage infrastructure. Audio is deleted immediately after transcription, following strict automated cleanup protocols.

3. Data Retention

Content: We do not retain your content. In Cloud Mode, audio is processed transiently by our infrastructure and deleted right after processing, following strict automated cleanup protocols. Transcripts sent for cloud note generation are processed entirely in memory and discarded immediately—they are never written to disk.
Account Data: Your account UUID and associated usage metadata are retained while your account is active. You can delete your account at any time through the app. Upon deletion request, all server-side account data is permanently removed within 30 days.
Metadata: Usage logs (duration, timestamps) are retained for up to 90 days for security monitoring and resource optimization, after which they are deleted.
Device Data: You control the data on your device. Deleting the app removes all local data immediately. Note that deleting your account does not delete recordings, transcripts, or notes stored in your personal iCloud—these remain under your control.

4. Your Rights (GDPR & CCPA)

You have the right to access, rectify, or delete your data. You can exercise these rights using your random account UUID found in the app settings.

Right to Erase: You can delete any recording within the app. You can also delete your entire account through the app settings, which will permanently remove all server-side account data (account UUID, usage logs, metadata) within 30 days. Your recordings, transcripts, and notes stored in your personal iCloud remain under your control.
Right to Object: You can use On-Device Mode to prevent any content from being processed externally.
Export: Your data is yours. You can export transcripts and notes directly from the app.

To exercise these rights, contact: hello@convoxa.com

5. International Transfers

Our infrastructure is distributed globally. When using Cloud Mode, data may be processed in the United States by our primary cloud infrastructure and AI partners, supported by our strict data deletion policies and the security standards outlined above.

6. Children's Privacy

Convoxa is not intended for use by anyone under the age of 13. We do not knowingly collect information from children.

7. Changes to This Policy

We may update this policy as our app evolves. Changes are indicated by the "Last Updated" date at the top of this page. For material changes, we will provide notice through our website or within the App interface as appropriate. We recommend checking this policy regularly to stay informed about our data practices.

8. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@convoxa.com
Operator: Karam Al-Askar (Convoxa)
Address: Vaci ut 133, Budapest 1044, Hungary

↑ Back to top