Privacy Policy
Last Updated: December 8, 2025
We're committed to protecting your privacy and have designed our app to collect minimal personal information. This Privacy Policy complies with GDPR (EU), CCPA (California), and Apple's App Store requirements.
Privacy-First Design
Convoxa is built with privacy at its core. Unlike most AI-powered apps, we've made deliberate choices to protect your data:
| Privacy Feature | What This Means for You |
|---|---|
| đ Private Mode Available | Complete on-device processingânothing ever leaves your device |
| ⥠Zero Data Retention | Your content is never stored by our AI providerâprocessed and immediately discarded |
| đ No AI Training | Your data is NEVER used to train AI modelsâcontractually guaranteed |
| đ No Account Required | No email, phone number, or personal info needed to use the app |
| đ€ You Own Everything | All recordings, transcripts, and summaries belong to you |
| đ« Zero Tracking | No analytics SDKs, no ads, no cross-app tracking, no data sales |
Your choice, your control: Select Private Mode for complete privacy, or Cloud Mode for best qualityâwe never force you to share data you don't want to share.
Quick Reference
Here's exactly what data goes where, how long it's kept, and who can access it:
| What | Where | How Long | Who Accesses |
|---|---|---|---|
| Your recordings | Your device (+ iCloud if enabled) | Until you delete | Only you |
| Transcripts for AI (Cloud Mode) | Groq AI (Zero Data Retention) | Processing onlyâimmediately discarded | Groq (processing only) |
| Transcripts | Your device (+ iCloud if enabled) | Until you delete | Only you |
| Usage metadata (UUID, mode, duration) | Cloudflare D1 database | 90 days | Convoxa only (service improvement) |
| Preferences | Your device | Until app deletion | Only you |
Bottom line: Your recordings remain yours. You control data sharing. Private Mode ensures complete on-device privacy. Cloud Mode uses Groq AI with Zero Data Retention (ZDR)âyour content is processed and immediately discarded, never stored or used for training. No tracking, no ads, no data sales.
What Information We Collect
Information You Create
Audio Recordings
- Stored locally on your device by default
- Optionally synced to your private iCloud account when enabled
- Never uploaded to our serversâonly transcripts are sent for Cloud Mode summarization
Transcripts and Summaries
- Generated from your audio using Artificial Intelligence
- Stored locally on your device and optionally in your iCloud account
- In Cloud Mode, transcripts are sent to Groq for summarization with Zero Data Retention
- Never used to train AI modelsâcontractually guaranteed
App Preferences
- Processing mode selection (defaults to Cloud Mode):
- Private Mode: All transcription and summarization happens locally on your deviceânothing sent to third parties
- Cloud Mode: Transcription on-device, summarization via Groq AI with Zero Data Retention for optimal quality
- Language preferences
- iCloud sync settings (enabled by default)
- Usage tracking (free tier: 10 hours total, trial: unlimited cloud, Pro: unlimited cloud)
- Subscription status (managed by Apple)
- User token (UUID-based, generated on first use for authentication)
Automatically Collected Information
Diagnostic and Analytics Data
We collect diagnostic information in our database to improve service quality, track usage quotas, and analyze performance:
- User identifier (randomly generated UUID, not linked to personal information)
- Processing metadata (mode, language, duration)
- Performance metrics (success status, processing time)
- Timestamps
Important: This data does NOT include the content of your recordings, transcripts, or summariesâonly metadata about the processing.
Retention: Diagnostic data is retained for 90 days, then automatically deleted.
Purpose: We use this data to monitor service performance, prevent abuse, track subscription quotas, analyze feature usage, and improve the app.
What We Don't Collect
- Email addresses, names, or phone numbers (no account required)
- Location data
- Contacts, photos, or camera access
- Advertising identifiers or tracking data
- Cross-app usage information
How We Use Your Information
Core Functionality
- Store recordings on your device
- Generate AI-powered transcriptions and summaries
- Sync data across your devices via iCloud (when enabled)
- Manage subscriptions through Apple's platform
Service Improvement
- Debug technical issues using anonymous logs
- Analyze feature usage patterns to enhance the app
We don't use your data for advertising, marketing, or third-party analytics.
Automated Decision-Making
Our app uses artificial intelligence (AI) to automatically transcribe and summarize your audio recordings. This automated processing:
- Does not make decisions that significantly affect you legally or similarly
- Is used solely to provide the core functionality you request (transcription and summarization)
- You maintain full control by choosing your processing mode (Private or Cloud)
- You can review, edit, or delete any AI-generated content
You have the right to opt out of automated processing by using Private Mode, which processes everything locally on your device without any cloud AI.
Data Sharing and Third Parties
Service Providers
To provide our Service, we utilize trusted third-party infrastructure providers. We have Data Processing Agreements (DPAs) in place with these vendors to ensure they protect your data to the same high standards that we do.
Infrastructure & Hosting: Cloudflare
- Purpose: Hosts our API backend and database
- Services used: Cloudflare Workers (serverless compute), D1 (SQLite database)
- Data shared: Usage metadata only (no content)
- Security: All data encrypted in transit (HTTPS/TLS) and at rest
- Location: Cloudflare's global edge network
- Privacy policy: https://www.cloudflare.com/privacypolicy/
Artificial Intelligence
We use Groq AI with Zero Data Retention for Cloud Mode summarization.
Provider: Groq
- When used:
- Cloud Mode: Summarization only (transcription happens on-device)
- Private Mode: Not used
- Data shared: Text transcripts only (no audio files)
- Purpose: Generate high-quality summaries
Your Data Privacy with Groq (Zero Data Retention):
- â No Model Training: Your transcripts are NOT used to train Groq's AI models. We use Zero Data Retention (ZDR), which contractually guarantees your data remains isolated and private.
- â Zero Data Retention: With Global ZDR enabled, your content is processed and immediately discarded. Groq does not store, log, or retain any of your transcript dataânot even temporarily. This is enforced at the API level.
- â Strong Security: All data transmitted to Groq is encrypted in transit. Groq complies with SOC 2 Type II and maintains rigorous security standards.
- Privacy policy: https://groq.com/privacy-policy/
Apple Services
- iCloud: Stores your recordings and transcripts (only when sync is enabled) in your private CloudKit container
- StoreKit: Manages subscriptions through the App Store
- Security: All data encrypted in transit and at rest using Apple's encryption standards
- Privacy policy: https://www.apple.com/legal/privacy/
Our Backend
- When used: Only in Cloud Mode (not used in Private Mode)
- Data shared: Text transcripts sent to Groq for summarization, plus user authentication tokens (UUID-based)
- Retention: Transcripts are not storedâpassed directly to Groq with ZDR. Usage logs stored for 90 days.
- Security: All connections use HTTPS/TLS encryption
- Location: Cloudflare's global edge network
Legal Requirements
We may disclose information when legally required by court orders, government requests, or to prevent harm.
Business Transfers
If Convoxa is acquired or merged with another company, your information may be transferred. We'll notify you before your data becomes subject to a different privacy policy.
Data Storage and Security
On Your Device
- Recordings stored in the app's documents folder
- Protected by iOS encryption and App Sandbox security
- Private Mode keeps all processing local to your device
In iCloud (Optional)
- Stored in your private CloudKit container
- Encrypted by Apple
- Under your controlâdelete anytime
On Our Servers
- Transcripts: Never storedâpassed through to Groq with Zero Data Retention
- Usage metadata: Stored in Cloudflare D1, retained 90 days then deleted
Security Measures
- HTTPS/TLS encryption for all internet communications
- API authentication using secure bearer tokens
- Minimal server-side data retention
- Industry-standard security practices
While we implement robust security measures, no system is completely immune to security risks.
Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify affected users via app notification within 72 hours of discovering the breach, in compliance with GDPR and applicable laws. We will also report the breach to relevant supervisory authorities as required.
Your Privacy Rights
Universal Rights
Access: All your data is stored on your deviceâview it anytime in the app
Deletion:
- Delete individual recordings by swiping in the app
- Remove all local data by uninstalling the app
- Disable iCloud sync to remove cloud-stored data
Complete Account Deletion: When you uninstall the app, all local data is removed immediately. Any diagnostic data (usage metadata) stored in our database is automatically deleted after 90 days of retention. If you want immediate removal of all diagnostic data, contact us at privacy@convoxa.com and we will manually delete your user identifier and associated metadata within 30 days.
Control:
- Enable or disable iCloud syncing
- Choose your processing mode:
- Private: Complete privacyânothing leaves your device
- Cloud: Best qualityâsummarization uses Groq AI with Zero Data Retention
EU Users (GDPR Rights)
You have additional rights under GDPR:
- Right to access: Request copies of your personal data
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Request deletion ("right to be forgotten")
- Right to restrict processing: Limit how we process your data
- Right to data portability: Receive your data in a portable format
- Right to object: Object to certain data processing activities
- Right to withdraw consent: Disable optional features anytime
- Right to lodge a complaint: File complaints with your data protection authority
Legal basis for processing:
- Contract performance: Providing app features
- Legitimate interests: Service improvement and fraud prevention
- Consent: Optional features like iCloud sync
Contact privacy@convoxa.com to exercise these rights. We respond within 30 days.
California Users (CCPA Rights)
California residents have these rights:
- Right to know: Request disclosure of collected personal information and how it's used
- Right to delete: Request deletion of your personal information
- Right to opt-out: We don't sell personal information
- Right to non-discrimination: No penalties for exercising your rights
Contact privacy@convoxa.com to exercise these rights. We respond within 45 days.
Identity Verification
To protect your privacy, we may need to verify your identity before fulfilling rights requests. Since we don't collect identifying information, we may request proof of device ownership.
International Data Transfers
Our infrastructure uses Cloudflare's global edge network and Groq's AI services. Your data may be processed on servers in various locations. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data remains protected during these transfers.
Your data may be processed in:
- Your device: Your location
- iCloud: Apple data centers (varies by Apple ID region)
- Our backend: Cloudflare's global edge network
- AI processing: Groq infrastructure (Cloud Mode onlyâwith Zero Data Retention)
EU users: Transfers outside the European Economic Area are protected by:
- EU-approved Standard Contractual Clauses (SCCs)
- Cloudflare's GDPR compliance and data protection measures
- Groq's Zero Data Retention policy (no data is retained to transfer)
- Data Processing Agreements (DPAs) with our service providers
Children's Privacy
Convoxa is not designed for children under 13. We don't knowingly collect data from children under 13. Parents who believe their child has used the app should contact us to delete any collected data.
EU age of consent for data processing varies by member state (typically 13-16 years).
Third-Party Services
We integrate with:
- Cloudflare for infrastructure hosting (Workers, D1 database)
- Groq AI (with Zero Data Retention) for AI summarization (Cloud Mode only)
- Apple services for iCloud sync and subscriptions
These services have their own privacy policies. We're not responsible for their practices.
We don't use:
- Analytics SDKs
- Advertising networks
- Social media tracking
- Third-party cookies or trackers
Policy Updates
We may update this policy periodically. Significant changes will be announced through the app. The "Last Updated" date reflects the most recent revision.
Contact Us
Privacy questions or rights requests?
Email: privacy@convoxa.com
General support: support@convoxa.com
Response times:
- General inquiries: Within 7 days
- GDPR requests: Within 30 days
- CCPA requests: Within 45 days
EU Users: Supervisory Authority
EU residents with data handling concerns can contact their local data protection authority:
https://edpb.europa.eu/about-edpb/board/members_en