Privacy Policy

 

Last Updated: 2025.10.24

PrivyEcho is developed and operated by OmniIntelliLink Pte. Ltd., Singapore.

Compliance Commitment

PrivyEcho is designed and operated in compliance with the principles and requirements of the European Union General Data Protection Regulation (GDPR) and other applicable data protection laws. We follow a privacy-by-design approach, ensuring that personal data processing is minimized, transparent, and secure at every stage of operation.

1. Introduction

PrivyEcho (“we”, “our”, or “us”) is developed and operated by OmniIntelliLink Pte. Ltd., Singapore. We are the data controller for the processing activities described in this Policy. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your information.

PrivyEcho is designed around a privacy-by-design architecture, meaning that all core functions — including recording, transcription, speaker separation, and summarization — are processed entirely on your device using local machine learning models. No recordings, transcripts, or summaries are uploaded to our servers as part of normal operation.

However, certain minimal account and subscription-related data may be stored securely on our servers to support authentication, entitlement management, and technical maintenance.

By downloading, installing, or using PrivyEcho, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

2. Scope

This Privacy Policy applies to information collected and processed through the PrivyEcho mobile and desktop applications (“the App”) and related services.

This Policy does not apply to any services, websites or software operated by third parties that may be linked to or from the App. We advise you to review the privacy policies of any third-party services before providing any information to them.

3. Information We Collect

PrivyEcho is built around the principle of minimal data collection. Most functionality is performed locally on your device without transmitting personal data to our servers.

3.1 Information You Voluntarily Provide

    • Authentication & Entitlements: If you sign in or restore purchases, we process limited identifiers and entitlement status necessary to provide access to free or paid features. We do not have access to your Apple ID password or payment card details. We maintain minimal account and entitlement records only to verify feature access and manage user support. These records contain no audio, transcript, or summary data, and are never used for analytics, profiling, or marketing purposes.

    • Payment Information: All purchases and subscriptions are processed by Apple through the App Store. We do not collect or store your payment details.

    • Customer Support Communications: When you contact our support team (e.g., via email), we may process your email address and the details of your inquiry solely to resolve your issue.

3.2 Information Collected Automatically

    • Device & App Telemetry (Minimal): We may process non-content technical data such as device model, operating system version, and app version to ensure compatibility, security, and performance.

    • Crash Reports (Default-On, User-Controllable): PrivyEcho automatically collects limited technical crash logs to help diagnose stability and performance issues. These reports include only non-identifiable diagnostic data (such as error codes, device type, and app version) and never contain audio, transcripts, or summaries. Crash reporting is enabled by default and may be turned off at any time in Settings ▸ Share Crash Logs. The lawful basis for this processing is our legitimate interest in maintaining the reliability and security of the App.

4. How We Use Your Information

We process personal data only for the purposes below and under the corresponding legal bases:

    • Account & Entitlements: verify subscription, restore purchases — Legal Basis: Contract (Art. 6(1)(b)).

    • App Operation & Security: compatibility checks, fraud prevention — Legal Basis: Legitimate Interests (Art. 6(1)(f)).

    • Crash/Error Diagnostics (optional to user via toggle): anonymized crash logs — Legal Basis: Legitimate Interests (Art. 6(1)(f)) with user opt-out.

    • Support: respond to inquiries — Legal Basis: Contract/Legitimate Interests.

    • Legal Compliance: tax, audit, or court orders — Legal Basis: Legal Obligation (Art. 6(1)(c)).

We do not use user content for profiling, advertising, or to train machine learning models.

5. Core Data Processing Guarantees

    • No Cloud Uploads: All recordings, transcripts, and summaries remain on your device.

    • No AI Training: User content is never used to train AI or machine learning systems.

    • Limited Connectivity: Internet access occurs only for license/subscription verification, optional crash log submission, or manual update checks.

    • User Identification: Minimal account information (if any) is stored solely for entitlement verification and support.

    • Crash Data Control: Technical crash reports are enabled by default but can be disabled at any time in settings.

6. Legal Bases for Processing

We only process personal data where there is a legal basis permitted by applicable law. The legal basis depends on the context and purpose for which we process personal data, which may include consent, contract necessity, legal obligation, or our legitimate interests as described in Section 4.

7. Cookies and Similar Technologies

Our App does not use cookies for authentication or tracking. If you visit our website, we and our third-party partners may use cookies or similar technologies to understand website usage and improve marketing effectiveness.

In the EEA/UK, we use a consent mechanism so that non-essential cookies are not set unless you opt in.

Types of cookies used on the website may include:

    • Strictly Necessary Cookies: enable basic website functionality such as load balancing or language preferences.

    • Functional Cookies: recognize you when you return and remember preferences (e.g., language).

    • Analytical or Performance Cookies: analyze usage in aggregate to improve the website and marketing.

You can block cookies in your browser settings. Blocking strictly necessary cookies may impact website functionality.necessary cookies may impact website functionality.

8. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for marketing purposes. Information may be shared only under the following limited circumstances:

    • Operational Infrastructure (Processors). We engage vetted service providers for secure hosting of account/entitlement records and optional crash diagnostics. Providers act under written data processing agreements and cannot access your content.

    • Business Transfers. In the event of a merger, acquisition, or asset sale, your information may be transferred as part of the transaction, provided the receiving party agrees to adhere to this Privacy Policy.

    • Legal Requirements. We may disclose information if required by law, court order, or government request, but only to the extent necessary.

    • With Your Consent. We may disclose information when you request or consent to such disclosure.

9. Third-Party SDKs

PrivyEcho integrates limited third-party SDKs to support the stability and functionality of the App. These SDKs may collect technical information (such as device model, operating system version, or crash reports) to help us improve performance and resolve issues. Importantly, no audio recordings or transcription content are shared with these SDKs.

Currently, we use the following SDKs:

    • Crash Reporting SDK (Sentry): Used to collect anonymized crash logs and technical diagnostics to improve app stability. This data does not include your audio or transcriptions and is processed through Sentry’s secure cloud infrastructure (https://sentry.io/privacy/).

    • Apple In-App Purchase (StoreKit): Provided by Apple to enable subscriptions and purchases. Payment details are processed directly by Apple and are not accessed by us.

    • Apple Push Notification Service (APNs): Provided by Apple to deliver notifications to your device. We do not use third-party push notification providers.

    • Whisper (local speech-to-text model): Runs entirely on your device to enable audio transcription. No data is transmitted to external servers.

10. International Transfer of Data

Although the App processes content locally on your device, we maintain limited server-side records (e.g., account/entitlement status) and may transfer data in the course of our operations.

Where limited personal data is processed outside your country (e.g., account/entitlement records or optional anonymized crash logs), we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs), encryption in transit, access controls, and the use of GDPR-compliant infrastructure providers such as Amazon Web Services (AWS). You may contact us to request a summary of these measures.

11. Data Retention

11.1 On-Device Data

You control how long recordings, transcripts, and summaries remain on your device. They remain until you delete them. We cannot recover deleted local files.

11.2 Server-Side and Support Data

For personal data we collect and control — such as your support email address, authentication data relevant to entitlements, and device/app metadata — we retain such data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Account/entitlement records are generally retained for the duration of active use and up to 24 months thereafter; crash logs are retained for 30–90 days for diagnostics and then deleted or anonymized.

12. Your Rights

Depending on your jurisdiction, you may have the following rights: access, rectification, erasure, restriction, objection, and portability. You may withdraw consent where applicable and may disable crash diagnostics at any time in Settings ▸ Share Crash Logs.

To exercise these rights, contact us at support@privycloudless.com. We will respond in accordance with applicable laws (generally within 30 days).

EEA/UK residents also have the right to lodge a complaint with a supervisory authority in their country of residence.

13. Data Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. In the unlikely event of a data incident, we will act promptly to contain and investigate the issue, and notify affected users or supervisory authorities when legally required.

You are responsible for securing your device (e.g., passcodes, biometric locks). We cannot recover data if it is lost or deleted from your device.

Crash diagnostics are transmitted securely and contain only non-identifiable diagnostic information. You can disable this anytime in Settings ▸ Share Crash Logs.

14. Use by Minors

The Services are not intended for individuals under 16 in the EEA/UK (or a lower age as defined by local law). We do not knowingly process children’s personal data. If you believe a minor has provided data in violation of this Policy, please contact us.

15. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we do, we will revise the “Last Updated” date and post the new policy in the App and on our website. Significant changes will be highlighted. Please review this Policy periodically.

16. Contact Us

For questions, concerns, or requests related to this Privacy Policy, please contact us at: support@privycloudless.com.

If we appoint an EU/UK representative under GDPR Article 27, we will update this Policy with their contact details.