Privacy Policy

Version: 1.0 | Last Updated: 2025-12-22

1. Introduction

This Privacy Policy explains how Envsoft Solutions LLP ("we", "us", "our") collects, uses, shares, and protects your personal data when you use AudioCrux.app ("App", "Service"). It applies to all users of our mobile apps, web apps, browser extensions, and related services worldwide.

AudioCrux.app is an AI-powered application that helps you discover, listen to, transcribe, summarize, and organize content from podcasts, audio, text, web pages, documents, and images.

  • Legal Entity: Envsoft Solutions LLP
  • Registered Address: LA DAFTER, D 178, Ground Floor, Phase 8B, Industrial Area, Sector 74,Sahibzada Ajit Singh Nagar, Punjab 140308
  • Operational Location: SAS Nagar Mohali, Punjab, India
  • Contact Email: privacy@audiocrux.app
  • Contact Phone: +91-8699032616
  • Website: https://audiocrux.app

This policy covers personal data processed when you download or access the App, create an account, use any feature of the Service, visit our website, subscribe to newsletters, or communicate with us via email or other channels.

By using the App, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein, to the extent permitted by applicable law.

2. When We Collect Data

  • When you download, install, or access the App.
  • When you register or sign in (including via Google, Apple, or other identity providers).
  • When you upload or record content (e.g., audio, text, documents, URLs, images).
  • When you interact with features such as search, listening, highlighting, bookmarking, creating notes, or editing playlists or collections.
  • When you make purchases or manage subscriptions.
  • When you contact us via email, support forms, in‑app feedback, or social channels.
  • When the App runs diagnostics, analytics, or receives crash reports from your device.

We may combine data collected from you directly with information generated automatically and with information received from third‑party service providers (e.g., authentication, payment, analytics) to operate and improve the Service.

3. Categories Of Data We Collect

3. 1 Account Information

Information necessary to create and manage your account.

Fields:

  • First name and last name.
  • Email address and, if you choose, phone number for account recovery.
  • Username or display name (if applicable).
  • Profile photo or avatar (including when provided by Google or Apple).
  • Authentication identifiers (e.g., internal user ID, identity provider IDs).

3. 2 Authentication And Social Login

If you sign up or log in using third‑party providers such as Google or Apple, we receive the information you choose to share with us from those services.

Fields:

  • Name and email address from Google or Apple.
  • Profile picture when provided by the identity provider.
  • Authentication tokens and related metadata needed to maintain your login session.

3. 3 User Content

Content you actively provide or generate when using the App.

Examples:

  • Audio files and recordings (e.g., podcast episodes, voice notes).
  • Uploaded documents (e.g., PDFs, text files, slides).
  • Web URLs and captured web page content.
  • Images (e.g., screenshots, document images, or other visual content you upload for processing).
  • Transcriptions, summaries, notes, highlights, and other AI‑generated outputs associated with your content.
  • Playlists, collections, folders, and custom labels you create.
  • Likes, bookmarks, ratings, and other preference indicators.
  • Feedback, support messages, and other communications you send to us.

3. 4 Usage And Interaction Data

Data about how you interact with the App and its features.

Examples:

  • Search queries, viewed screens, and navigation paths.
  • Listening behavior (e.g., play, pause, completion rate, timestamps).
  • Feature usage (e.g., how often you create summaries, notes, or exports).
  • In‑app events (e.g., playlist edits, content saves, share actions).
  • Session information (e.g., session start/end time, session duration).

3. 5 Device And Technical Information

Technical data automatically collected from your device.

Examples:

  • Device type, model, and operating system version.
  • App version and build number.
  • IP address and general (non‑precise) location inferred from IP address.
  • Language, time zone, and region settings.
  • Unique device identifiers and mobile advertising IDs (where not disabled).
  • Push notification tokens and related identifiers.
  • Crash logs, performance metrics, and error diagnostics.

3. 6 Subscription And Payment Information

Information about your subscriptions and purchases, processed via third‑party payment and subscription providers.

Your full payment card details are processed by app stores or payment processors and are not stored by us directly.

Data Points:

  • Subscription status and product tier (e.g., Free, Premium).
  • Transaction history and purchase receipts (managed by App Store / Play Store and RevenueCat or similar).
  • Internal identifiers linking your subscription to your user account.
  • Description: On web properties, we may use cookies, local storage, and similar technologies to keep you logged in, remember your preferences, and measure usage.
  • Description: We do not intentionally collect special categories of personal data (such as health, religion, or political opinions) unless you voluntarily include such information within the content you upload. You are responsible for ensuring you have the right to process and share such data through the App.

3. 9 Mobile App Permissions

Our mobile app requests various device permissions to enable core functionality. Permissions are only requested when necessary for specific features. You can manage these permissions through your device settings at any time.

We only access device features and data that you explicitly authorize through these permissions. Permissions are requested at the time a feature requiring them is used, not when the app is first installed.

Android permissions:

Camera

Optional

Allows you to capture photos for your profile picture or to upload document images for transcription and AI processing.

Storage / Media Access (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, READ_MEDIA_AUDIO)

Optional

Enables you to select audio files, documents, images, and videos from your device's storage for uploading, transcription, and AI processing. Also allows temporary storage of downloaded content.

Microphone (RECORD_AUDIO)

Optional

Required for recording voice notes, audio transcriptions, and podcast content within the app.

Internet

Required

Necessary for connecting to our servers, syncing your data, accessing podcast content, performing AI transcription and summarization, and downloading updates.

Notifications (POST_NOTIFICATIONS)

Optional

Allows the app to send you important notifications about transcription completion, new content, subscription updates, and service announcements.

Foreground Service / Media Playback (FOREGROUND_SERVICE, FOREGROUND_SERVICE_MEDIA_PLAYBACK, WAKE_LOCK)

Required

Enables continuous audio playback in the background while you use other apps or when your screen is off, and displays media controls in your notification bar.

Billing (com.android.vending.BILLING)

Optional

Required for processing in-app purchases and subscription management through Google Play Store.

Permission management:

You can review and modify app permissions at any time through your device's Settings > Apps > AudioCrux > Permissions. Denying certain permissions may limit functionality (e.g., denying microphone access prevents voice recording).

4. Purposes And Legal Basis

4. 1 Provide And Operate The App

To provide, maintain, and operate the App and its core functionality.

Examples:

  • Creating and managing your account and user profile.
  • Processing audio, text, documents, and images to generate transcriptions, summaries, highlights, and AI‑generated content.
  • Syncing your content, preferences, and progress across devices.
  • Managing your subscription, entitlements, and access to features.

Legal Basis:

  • Performance of a contract (providing the Service you requested).
  • Legitimate interests (ensuring effective and reliable service delivery).

4. 2 Improve And Personalize The Service

To understand how the App is used and to improve performance, features, and user experience.

Examples:

  • Analyzing feature usage and user journeys to identify issues and optimize UI/UX.
  • Personalizing recommendations, content ordering, and feature suggestions based on your interactions.
  • Conducting A/B tests and experiments.

Legal Basis:

  • Legitimate interests (developing and improving our services).
  • Consent where required by applicable law (e.g., analytics cookies in certain regions).

4. 3 Ai Processing And Model Improvement

4. 3 1 Third Party Ai Processing

We use third‑party AI providers (such as Deepgram, OpenAI, and Google Cloud) for transcription, summarization, and related AI features.

Legal Basis:

  • Performance of a contract (providing requested AI features).
  • Legitimate interests (offering high‑quality AI capabilities).
  • Consent where required by law (particularly for model‑training use of your audio data).

4. 3 2 Model Training By Deepgram

For audio content processed via Deepgram, and where permitted by your location's privacy laws, your audio data may be used by Deepgram to train and improve their general AI models under their Model Improvement Partnership Program. This helps us provide cost‑effective, high‑quality transcription services.

Safeguards:

  • Deepgram has stated that data in this program is not redistributed as raw data to third parties.
  • Deepgram has stated that this data is not used for marketing or advertising profiling.
  • Deepgram maintains security and compliance standards such as SOC 2 and HIPAA‑related commitments.

Regional Consent Logic:

  • E E A U K: Explicit opt‑in consent will be requested before allowing your audio data to be used for model training. You can change this preference in the app settings at any time.
  • California C C P A: You have the right to opt‑out of the 'sale' or 'sharing' of personal information, which may include such model‑training use. Controls will be available in the app settings.
  • Other Regions: Where explicit consent or opt‑out is not legally required, we may participate in the model‑improvement program by default, while offering additional controls where feasible.
  • Description: We use OpenAI and Google Cloud AI models for text, audio, and multimodal processing (e.g., summarization, content analysis) where your prompts and content are processed but not used to train their general models according to their policies for API/business offerings.
  • Note: According to these providers, prompts and responses sent through their enterprise or API offerings are not used to train general AI models by default.

4. 4 Security Prevention And Compliance

To protect the Service, users, and our company.

Examples:

  • Preventing fraud, abuse, and unauthorized access.
  • Detecting and investigating suspicious activities or technical issues.
  • Enforcing our Terms of Use and other policies.
  • Complying with legal obligations, regulatory requests, and lawful orders.

Legal Basis:

  • Legitimate interests (ensuring security and integrity).
  • Legal obligation (to comply with applicable laws and regulations).

4. 5 Communications And Support

To communicate with you and respond to your requests.

Types:

  • Transactional emails such as account confirmations, password resets, purchase receipts, and service announcements.
  • Security alerts and important updates about changes to the Service or Privacy Policy.
  • Customer support responses to your inquiries and feedback.
  • Optional newsletters and product updates, where you may unsubscribe at any time.

Legal Basis:

  • Performance of a contract (essential service communications).
  • Legitimate interests (keeping you informed of important service‑related matters).
  • Consent for marketing communications where required (e.g., email newsletters).

4. 6 Marketing And Advertising

To promote the App and measure the effectiveness of our campaigns.

Methods:

  • Using mobile advertising IDs and usage data with mobile measurement or attribution partners (e.g., AppsFlyer) to understand which campaigns lead to installs and subscriptions.
  • Using platforms such as Meta Ads, Google Ads, or similar services to reach potential users and optimize ad performance.

Legal Basis:

  • Legitimate interests (growth and promotion of our business).
  • Consent where required under applicable law for advertising identifiers and tracking technologies.

5. Third Parties And Data Sharing

  • Description: We do not sell your personal data. We only share your information with trusted third‑party service providers that are contractually obliged to use it solely on our behalf and to protect it with appropriate security measures.

5. 2 Categories Of Recipients

5. 2 1 Cloud Infrastructure And Storage

Hosting, data storage, and backend infrastructure.

Providers Examples:

  • Our own servers for database and file storage.
  • Cloud infrastructure providers (e.g., Google Cloud,AWS,Azure or equivalent) for hosting and storage.

All types of data necessary for operating the Service, as described in this policy.

5. 2 2 Authentication And Identity

User authentication, social login, and account management.

Providers Examples:

  • Firebase Authentication or similar services (e.g., Google, Apple sign‑in).

Email address, name, social login identifiers, authentication tokens, and related metadata.

5. 2 3 Ai Processing Providers

Transcription, summarization, and other AI‑powered features.

Providers Examples:

  • Deepgram for speech‑to‑text and audio processing.
  • OpenAI for text and audio AI tasks.
  • Google Cloud AI for summarization, analysis, and multimodal processing.

Audio files, text, documents, images, prompts, and associated metadata necessary to perform the requested AI tasks.

5. 2 4 Analytics And Crash Reporting

Usage analytics, performance monitoring, and crash reporting.

Providers Examples:

  • Google Analytics for Firebase or similar analytics platforms.
  • Firebase Crashlytics or similar crash reporting tools.

Device information, IP address, usage events, screen views, and crash logs.

5. 2 5 Subscription And Payments

Subscription management and in‑app purchase validation.

Providers Examples:

  • RevenueCat or similar subscription and entitlement platforms.
  • App Store / Play Store billing services.

User ID, subscription identifiers, transaction history, and product purchase details. Card details remain with payment processors or app stores.

5. 2 6 Communications And Email

Transactional and marketing email delivery, and internal team communication.

Providers Examples:

  • Email service providers such as Mailchimp or similar for newsletters and transactional emails.
  • Email and office suites such as Google Workspace / Gmail for direct communication.

Email address, name, email content, and basic engagement metrics (e.g., opens and clicks).

5. 2 7 User Feedback And Support

Managing user feedback, feature requests, and support tickets.

Providers Examples:

  • Feedback and ticketing tools such as Convas or similar platforms.

Email address, name, feedback content, and related metadata.

5. 2 8 Mobile Measurement And Advertising

Attribution, campaign optimization, and advertising.

Providers Examples:

  • AppsFlyer or similar mobile measurement partners.
  • Meta Ads, Google Ads, and other advertising networks.

Mobile advertising ID (if enabled), IP address, general device information, usage data, and purchase events.

  • Description: We may disclose your information to law enforcement, regulators, public authorities, or other third parties if we believe in good faith that such disclosure is reasonably necessary to comply with legal obligations, protect our rights, prevent fraud or abuse, or ensure the safety of users and the public.
  • Description: In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your information may be transferred as part of that transaction, subject to this Privacy Policy or a policy with substantially similar protections.

6. Data Retention And Deletion

We retain your personal data for as long as your account is active or as long as necessary to fulfill the purposes described in this policy, including legal, accounting, or reporting requirements.

If you delete specific content or your entire account, we will mark the data for deletion from active systems and, after a defined retention window (e.g., 30 days), permanently and irreversibly delete it from production systems and subsequent backup cycles, unless a longer retention period is required or permitted by law.

Where audio data has already been used by third‑party providers (e.g., Deepgram) to improve their models under agreed programs, it may not be technically feasible to remove such information from trained models, although future use can be stopped by revoking consent or opting out where applicable.

Certain data may be retained for longer periods to comply with legal obligations, resolve disputes, or enforce our agreements. In such cases, access to this data is restricted to what is strictly necessary.

7. Data Security

  • Encryption of data in transit using TLS/SSL and at rest using industry‑standard encryption (e.g., AES‑256) where supported by our providers.
  • Access controls and role‑based permissions, following the principle of least privilege.
  • Secure development practices, periodic internal reviews, and vulnerability mitigation.
  • Use of reputable cloud and infrastructure providers with certifications such as SOC 2 and GDPR‑aligned security frameworks.

You are responsible for maintaining the confidentiality of your login credentials, securing your devices, and notifying us promptly if you suspect unauthorized access to your account.

8. International Data Transfers

Because we operate globally and rely on international cloud providers, your data may be processed in countries outside your country of residence, including India, the United States, and countries within the European Economic Area.

Where required by law (e.g., for transfers from the EEA/UK), we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on other lawful transfer mechanisms recognized by applicable data protection regulations.

Regardless of where your data is processed, it will be handled in accordance with this Privacy Policy and with reasonable security measures.

9. Your Rights And Choices

9. 1 General Rights

Subject to applicable law, you have certain rights regarding your personal data.

Rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data under certain conditions.
  • Right to object: Object to certain processing activities based on legitimate interests.
  • Right to withdraw consent: Withdraw consent for processing where we rely on consent, without affecting the lawfulness of processing before withdrawal.

9. 2 Additional Rights Eea Uk

If you are located in the European Economic Area or the United Kingdom, you may have additional rights under GDPR.

Rights:

  • Right to data portability: Receive your personal data in a structured, commonly used, machine‑readable format and transmit it to another controller where technically feasible.
  • Right to restriction of processing: Request that we limit processing of your personal data under certain circumstances.
  • Right to lodge a complaint: File a complaint with your local data protection authority if you believe your rights have been violated.

For users in the EEA/UK, we will seek explicit opt‑in consent before allowing your audio data to be used by Deepgram for general model training, and you can manage this consent at any time in the app settings.

9. 3 Additional Rights California Ccpa

If you are a resident of California, you may have rights under the CCPA/CPRA.

Rights:

  • Right to know: Request information about the categories and specific pieces of personal information collected about you.
  • Right to delete: Request deletion of your personal information, subject to exceptions.
  • Right to opt‑out of sale or sharing: Direct us not to 'sell' or 'share' your personal information, including potential use of your data for third‑party model training or advertising‑related sharing.
  • Right to non‑discrimination: You will not be discriminated against for exercising your CCPA rights.

We will provide in‑app settings or other mechanisms to allow you to opt‑out of certain data uses that may be considered 'sale' or 'sharing' under California law, including participation in third‑party model‑improvement programs where applicable.

  • Description: To exercise any of your rights, you can contact us using the contact details provided in this policy. We may need to verify your identity before responding to your request, and we will respond within the timeframe required by applicable law.
  • Description: Where supported, the App provides settings that allow you to manage whether your audio content may be used by specific third‑party providers (such as Deepgram) for model training, subject to legal and technical limitations.

10. Children Privacy

The App is not directed to and must not be used by children under the minimum age required by applicable law (typically 13 or 16) and, in some jurisdictions, not under 18 years. We do not knowingly collect personal data from children below such age thresholds.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us, and we will take steps to delete that information as required by law.

11. Changes To This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will notify you through the App, by email, or by other reasonable means, and indicate the date of the latest update at the top of this document.

Your continued use of the App after the effective date of an updated Privacy Policy constitutes your acceptance of the changes, to the extent permitted by applicable law.

12. Contact Information

For any questions about this Privacy Policy, your personal data, or to exercise your privacy rights, please contact us using the details above.