Privacy Policy

At Convoxa, we believe privacy is not a feature—it is a fundamental right. We have architected our service to collect only the absolute minimum data required to function. This policy outlines our commitment to your data security in compliance with GDPR (EU), CCPA (California), and the EU AI Act.

1. Data Collection & Processing

A. Data Governance by Phase

• Phase 1: Transcription: Whether you use On-Device or Cloud Mode, your raw audio is your own. On-device processing stays local; Cloud processing is transient and deleted immediately. In all cases, the final recording is stored in your personal iCloud.
• Phase 2: Note Generation: Transcripts are analyzed based on your personal configuration. Local analysis uses Apple Intelligence; Cloud analysis uses enterprise-grade models for deeper detail. We do not persist transcripts on our servers beyond the moment of generation.

B. Processing Modes

You have full control over how your data is processed for both transcription and note generation. These modes can be mixed and matched to suit your privacy preferences, with the exception that Cloud-based transcription (Cycle 1) must be paired with Cloud-based note generation (Cycle 2) to maintain a seamless, high-performance workflow.

Cycle 1: Transcription

• On-Device Mode (Offline): Audio is transcribed locally on your device. No audio or text leaves your iPhone.
• Cloud Mode (Online): For maximum accuracy, audio is temporarily processed using enterprise-grade infrastructure. Audio is deleted immediately after transcription, with a failsafe removal within 15 minutes. It is never used for training.

Cycle 2: Note Generation

• On-Device Mode (Offline): Summaries are generated entirely on your iPhone using Apple Intelligence. No text leaves your device.
• Cloud Mode (Online): Transcripts are processed using secure cloud-based AI models to provide high-quality meeting notes. Processing occurs entirely in memory—transcripts are never written to disk, stored, or used for training.

C. Metadata & Analytics

To operate and secure the service, we collect minimal technical metadata:

• User ID: A random UUID used to manage your subscription quota and link anonymous technical metadata and usage logs for analytics. This ID is synced via iCloud to preserve your identity across your devices.
• Usage Logs: Timestamp, duration of recording, locale, processing mode (Cloud/On-Device), and success/failure status.
• Technical Data: Processing time, language locale, and token counts for subscription quota management.

The Golden Rule: These logs never contain the content of your audio, any part of your transcripts, or your generated notes.

D. Zero Tracking & No Ads

Convoxa is built for you, not for advertisers. We provide an ad-free experience and do not engage in invasive tracking:

• No Ad SDKs: We do not include any advertisement SDKs or trackers.
• No Marketing Pixels: We do not use Meta Pixels, Google Analytics, or social media tracking.
• No Data Brokering: We never sell, rent, or trade your data to third parties.

2. Third-Party Processors

We partner with industry-leading infrastructure providers who adhere to strict security standards. Our cloud partners maintain SOC 2 Type II, HIPAA, and ISO 27001 compliance programs.

3. Data Retention

• Content: We do not retain your content. In Cloud Mode, audio is processed transiently by our infrastructure and deleted right after processing, with a failsafe cleanup within 15 minutes. Transcripts sent for cloud note generation are processed entirely in memory and discarded immediately—they are never written to disk.
• Metadata: Usage logs (duration, timestamps) are retained for up to 90 days for security monitoring and resource optimization, after which they are deleted.
• Device Data: You control the data on your device. Deleting the app removes all local data immediately.

4. Your Rights (GDPR & CCPA)

You have the right to access, rectify, or delete your data. Because we do not collect personal identifiers (email/name), we cannot identify you without your specific User ID found in the app settings.

• Right to Erase: You can delete any recording within the app. To delete your account metadata, please contact us with your User ID.
• Right to Object: You can use On-Device Mode to prevent any content from being processed externally.
• Export: Your data is yours. You can export transcripts and notes directly from the app.

To exercise these rights, contact: hello@convoxa.com

5. International Transfers

Our infrastructure is distributed globally. When using Cloud Mode, data may be processed in the United States by our primary cloud infrastructure and AI partners, supported by our strict data deletion policies and the security standards outlined above.

6. Children's Privacy

Convoxa is not intended for use by anyone under the age of 13. We do not knowingly collect information from children.

7. Changes to This Policy

We may update this policy as our app evolves. Changes are indicated by the "Last Updated" date at the top of this page. For material changes, we will provide notice through our website or within the App interface as appropriate. We recommend checking this policy regularly to stay informed about our data practices.

8. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: hello@convoxa.com
• Operator: Karam Al-Askar (Convoxa)
• Address: Vaci ut 133, Budapest 1044, Hungary