Shabdha
Get Started

Privacy Policy

Learn how Shabdha protects your voice and transcription data

Effective Date: December 8, 2025
Company: Urban Folklore Ltd

Our Commitment to Your Privacy

At Shabdha, we understand that when you use speech-to-text services, you're trusting us with your voiceβ€”one of the most personal forms of data. This Privacy Policy explains:

  • What information we collect and why
  • How we process, store, and protect your audio and transcription data
  • Your rights and controls over your data
  • How we handle children's privacy
  • How to contact us with questions or requests

Audio Processing

We do not retain your raw audio on Shabdha servers after transcription. Google Cloud Speech-to-Text does not store input audio; async transcripts may be retained for ~5 days, then deleted.

Key Privacy Principles:

  • 🎀 Your voice, your data: You own your audio and transcriptions
  • πŸ”’ Security first: Audio is encrypted in transit and at rest
  • 🚫 No voice biometrics: We don't create voiceprints or use audio for identification
  • βš™οΈ You control training: Opt in if you want to help improve our AI models (off by default)
  • πŸ—‘οΈ Easy deletion: Delete your data anytime through account settings

1. Information We Collect

A. Information You Provide Directly

Account Information:

  • Email address (required for account creation)
  • Password (hashed and encrypted)
  • Name (optional)
  • Profile information (optional)

Payment Information:

  • Processed by third parties (Paddle for web, Apple for iOS)
  • We do NOT store your credit card numbers or payment details
  • We receive transaction confirmations and subscription status only

Support Communications:

  • Messages you send to support@shabdha.app
  • Feedback, bug reports, or feature requests

B. Information Collected Automatically

Usage Data:

  • Features you use (transcription count, language selections)
  • Session duration and frequency
  • Error logs and crash reports
  • Device type and operating system version (macOS version, iOS version)

Technical Data:

  • IP address (for security and fraud prevention)
  • Browser type and version (web users)
  • App version
  • API usage patterns

We do NOT collect:

  • Precise geolocation (only general region from IP for regional settings)
  • Browsing history outside Shabdha
  • Data from other apps on your device

C. Audio and Voice Data

When You Use Shabdha's Transcription Services:

  • Audio recordings: Voice input you speak into your microphone
  • Transcription outputs: Text generated from your audio
  • Metadata: Timestamp, language, app context (e.g., "transcribing in VSCode")

What We DON'T Collect:

  • ❌ Voiceprints or biometric identifiers: We don't create voice signatures for identification
  • ❌ Ambient audio: We only process audio during active transcription sessions
  • ❌ Audio from other apps: Shabdha only accesses your microphone when you actively initiate transcription

2. What Shabdha Does NOT Do

Important Clarification:

Shabdha is a speech-to-text transcription tool. We do NOT:

  • Generate images or human faces
  • Perform face swaps or deepfakes
  • Create voice impersonations or voice cloning
  • Provide general-purpose chatbot functionality

Our AI is strictly limited to transcribing your speech and formatting the resulting text.

3. How We Use Your Information

We use your information for the following purposes:

A. Providing the Services

Core Functionality:

  • Converting your speech to text using AI/ML models
  • Applying smart formatting, punctuation, and context-aware suggestions
  • Storing transcriptions in your account for future access
  • Syncing data across your devices (if you use multiple devices)

B. Improving the Services

With Your Consent (Opt-In):

  • Using anonymized transcription data to improve speech recognition models
  • Analyzing common transcription errors to enhance accuracy
  • Training AI models for better context detection and formatting

You Control This: See Section 8: Your Privacy Rights to manage training preferences.

Without Consent (Aggregate Only):

  • Analyzing usage patterns (e.g., "most popular languages")
  • Performance monitoring (e.g., "average transcription speed")
  • Feature usage statistics (e.g., "% of users using voice commands")

These aggregate analytics contain NO personally identifiable information or transcription content.

C. Communicating With You

  • Account-related notifications (trial ending, payment confirmation)
  • Customer support responses
  • Security alerts (unusual login, password reset)
  • Product updates and feature announcements (you can opt out)

D. Security and Fraud Prevention

  • Detecting and preventing unauthorized access
  • Identifying abuse or violations of our Terms of Service
  • Complying with legal obligations (e.g., valid subpoenas)

E. Legal Compliance

  • Responding to law enforcement requests (when legally required)
  • Enforcing our Terms of Service
  • Protecting our rights and property

4. Audio and Voice Data Processing

Because Shabdha is a speech-to-text service, understanding how we handle your audio data is critical.

A. Audio Data Lifecycle

1. Capture:

  • You press the transcription button in the Shabdha app
  • Your device's microphone captures audio
  • Audio is immediately encoded (16-bit PCM format)

2. Transmission:

  • Audio is encrypted using TLS/SSL
  • Sent to Shabdha's servers in small chunks (near real-time)
  • Never stored on our servers in raw audio form

3. Processing:

  • Audio chunks are sent to our speech recognition service (Google Cloud Speech-to-Text)
  • Google processes audio and returns text
  • Text is optionally polished using AI formatting models (OpenAI GPT-4 or Google Gemini)
  • Final transcription is stored in your Shabdha account

4. Audio Deletion:

  • Immediate: Audio chunks are deleted from Shabdha's servers immediately after transcription
  • Third-Party Processing: Google Cloud does not store input audio; async transcripts may be retained for ~5 days for retrieval, then deleted (we primarily use streaming recognition which does not persist results)
  • User Control: You can delete transcription text anytime through account settings

B. Audio Storage: What We Keep vs. What We Don't

Data TypeStored?DurationPurpose
Raw audio files❌ NON/ANot stored anywhere
Audio chunks (during session)βœ… TemporarilySecondsBuffering for real-time transcription
Transcription textβœ… YESUntil you deleteYour account history
Metadata (timestamp, language)βœ… YESUntil you deleteOrganizing your transcriptions
Voiceprints❌ NON/AWe don't create biometric identifiers

Bottom Line: We store the text transcriptions, but NOT the audio recordings themselves.

C. Voice Biometrics: What We DON'T Do

Shabdha does NOT:

  • Create voiceprints or voice signatures
  • Use audio for speaker identification or authentication
  • Build voice profiles for behavioral analysis
  • Share audio data with third parties for marketing or analytics
  • Sell or license voice data

We only use audio for transcription. Once transcription is complete, audio is deleted.

D. Third-Party Audio Processing

Google Cloud Speech-to-Text:

  • We use Google Cloud's speech recognition API
  • Google processes audio to generate text
  • Google does NOT use your audio to train their public models (per enterprise API terms)
  • Google does NOT store your input audio. For asynchronous jobs, resulting transcripts may be retained for ~5 days to let you retrieve them, then deleted. (We primarily use streaming recognition, which does not persist results.)
  • See Google Cloud's Data Usage FAQ (opens in new tab)

OpenAI GPT-4 / Google Gemini (for text formatting):

5. Third-Party Services and Data Processors

Shabdha relies on trusted third-party services to provide our features. Here's what data is shared and why:

A. Speech Recognition

Provider: Google Cloud Speech-to-Text
Data Shared: Audio recordings, language preference
Purpose: Converting speech to text
Privacy: Google does not use your data for advertising or training public models
Retention: Audio is not stored; async transcripts retained ~5 days, then deleted
Terms: Google Cloud Privacy (opens in new tab)

B. AI Formatting and Polishing

Providers: OpenAI GPT-4 or Google Gemini (we may use either depending on availability)
Data Shared: Transcription text (not audio), app context
Purpose: Improving punctuation, formatting, and readability
Availability: Available to all users (free and paid plans)
Privacy: No data used for training models
Retention: 30 days max, then deleted
Terms: OpenAI API Data Usage (opens in new tab) | Google Gemini API Terms (opens in new tab)

C. Payment Processing

Web Payments: Paddle
Data Shared: Email, billing address, payment info (handled entirely by Paddle)
Purpose: Subscription billing and management
Terms: Paddle Privacy Policy (opens in new tab)

App Store Payments: Apple In-App Purchase
Data Shared: Apple ID, payment info (handled entirely by Apple)
Purpose: Subscription billing and management
Terms: Apple Privacy Policy (opens in new tab)

D. Infrastructure and Hosting

Cloud Hosting: Vercel
We use Vercel (https://vercel.com/legal/privacy-policy (opens in new tab)) to host our website and marketing pages. Vercel may log IP addresses and request metadata for security, performance, and operational purposes.

Infrastructure and Hosting:

  • Backend Application: Railway.com (United States) or AWS
  • Database: Supabase PostgreSQL (United Kingdom)
  • Authentication: Supabase Auth (United Kingdom)
  • Cache: Upstash Redis (United Kingdom)

6. Data Retention and Deletion

A. How Long We Keep Your Data

Data TypeRetention PeriodReason
Account infoUntil you delete your accountProviding services
Transcription textUntil you deleteYour historical transcriptions
Usage logs90 daysDebugging and security
Payment records7 years (where required by law)Tax and legal compliance
Support messages3 yearsCustomer service history
Audio recordingsImmediately deletedNot retained

B. Deleting Your Data

Delete Individual Transcriptions:

  1. Log in to your Shabdha account
  2. Go to Transcription History
  3. Select transcription(s) to delete
  4. Click "Delete" β†’ Confirm
  5. Deleted immediately from our servers

Delete Your Entire Account:

  1. Log in to shabdha.app
  2. Go to Account Settings β†’ Privacy
  3. Click "Delete My Account"
  4. Confirm deletion
  5. All data deleted within 30 days

What Gets Deleted:

  • All transcription text
  • Account information (email, profile)
  • Usage history
  • Settings and preferences

What We Retain (legal/security only):

  • Payment records (tax/legal requirements: 7 years)
  • Security logs for fraud prevention (90 days)
  • Aggregated, anonymized analytics (no personal identifiers)

7. Data Security

A. How We Protect Your Data

Encryption:

  • In transit: All data encrypted with TLS 1.3
  • At rest: Database encryption using AES-256
  • Audio transmission: Real-time encryption during transcription sessions

Access Controls:

  • Minimum necessary access for employees (need-to-know basis)
  • Two-factor authentication for internal systems
  • Regular security audits and penetration testing

Infrastructure Security:

  • Hosted on providers with SOC 2–certified data centers
  • Regular security patches and updates
  • DDoS protection and rate limiting
  • Intrusion detection systems

B. No Absolute Security

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security against:

  • Sophisticated cyberattacks
  • Data breaches at third-party providers
  • Device compromise (malware on your computer/phone)

Your Responsibility:

  • Use strong, unique passwords
  • Enable two-factor authentication (when available)
  • Keep your device and software updated
  • Don't share your account credentials

C. Data Breach Notification

If a security breach affects your data, we will:

  • Notify you via email within 72 hours (or as required by law)
  • Explain what data was affected
  • Provide steps you can take to protect yourself
  • Report the breach to authorities (where required)

8. Your Privacy Rights

Depending on your location, you may have specific privacy rights under laws like GDPR (EU), CCPA (California), or other regional laws.

A. Universal Rights (All Users)

1. Access: View all personal data we have about you

  • Go to Account Settings β†’ Privacy β†’ Download My Data

2. Correction: Update inaccurate information

  • Edit in Account Settings or email support@shabdha.app

3. Deletion: Delete your account and data

  • Account Settings β†’ Delete My Account

4. Export: Download your data in portable format

  • Account Settings β†’ Privacy β†’ Export Data

5. Opt-Out of Marketing: Unsubscribe from promotional emails

  • Click "Unsubscribe" in any marketing email
  • Or: Account Settings β†’ Email Preferences

B. GDPR Rights (EU/UK/EEA Residents)

If you're in the European Union, United Kingdom, or European Economic Area, you have additional rights:

  • Right to Restriction: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Portability: Receive your data in a machine-readable format
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Lawful Basis for Processing:

  • Contract: Necessary to provide the Services (transcription)
  • Legitimate Interest: Improving services, fraud prevention
  • Consent: Marketing communications, optional model training

Data Controller:

Urban Folklore Ltd
Company Number: 15418082
Registered Address: 2 Tadley Close, Fleet, England, GU51 1DS
Email: support@shabdha.app

To Exercise GDPR Rights: Email privacy@shabdha.app with "GDPR Request" in the subject line.

C. CCPA Rights (California Residents)

If you're a California resident, you have rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Delete your personal information (with exceptions for legal compliance)
  • Right to Opt-Out of "Sale": We do NOT sell personal information, so this doesn't apply
  • Right to Non-Discrimination: We won't discriminate against you for exercising your rights

To Exercise CCPA Rights: Email privacy@shabdha.app with "CCPA Request" in the subject line.

D. Model Training (Opt-In Only)

Control How Your Data Is Used for AI Improvement:

We do not use your transcripts to train Shabdha's models unless you opt in. Our third-party AI provider (OpenAI API) does not use your data to train models, and API logs are deleted after 30 days (unless retention is legally required).

If you want to help improve Shabdha, you can opt in to contribute anonymized transcription data:

  1. Log in to shabdha.app
  2. Go to Account Settings β†’ Privacy β†’ Data Usage
  3. Toggle "Use my data to improve Shabdha" to ON
  4. Changes apply immediately

What Happens When You Opt In:

  • Your transcriptions may be used (in anonymized form) to improve our speech recognition and formatting
  • You can withdraw consent at any time by toggling the setting back to OFF
  • All other features work the same regardless of your choice

9. Children's Privacy

Shabdha is NOT intended for children under 13 (or 16 in some jurisdictions).

We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information:

  1. Email privacy@shabdha.app immediately
  2. Include your child's account email (if known)
  3. We will delete the account and all associated data within 48 hours

Age Verification: We rely on parental consent mechanisms where required by law. If you are under 18, you may need parental consent to use Shabdha depending on your location.

10. International Data Transfers

Data Controller Location: United Kingdom

Server Regions:

  • United Kingdom: Supabase (database, authentication), Upstash (Redis cache)
  • United States: Railway.com (backend application, if used)

Data may be transferred between these regions for processing. All transfers comply with applicable data protection laws including GDPR and UK GDPR.

Where Your Data May Be Processed:

  • Third-party processors (Google Cloud Speech-to-Text, OpenAI, Google Gemini) may process data in multiple countries

Cross-Border Transfers:

  • We use Standard Contractual Clauses (SCCs) for EU-to-US transfers (GDPR-compliant)
  • Third-party processors are vetted for compliance with GDPR, Privacy Shield successor frameworks, or equivalent protections

Your Rights: International transfers do not diminish your privacy rights. You can still access, delete, and control your data regardless of where it's processed.

11. Cookies and Tracking

A. What Cookies We Use

Essential Cookies (Required for Service):

  • Session authentication (keeps you logged in)
  • Security tokens (CSRF protection)
  • Subscription status

Analytics Cookies (Optional):

  • Privacy-focused analytics (Plausible or Fathom, if used)
  • No cross-site tracking
  • No personal data

We do NOT use:

  • ❌ Third-party advertising cookies
  • ❌ Social media tracking pixels (Facebook, Twitter, etc.)
  • ❌ Invasive analytics (Google Analytics, Hotjar, etc.)

B. Managing Cookies

Browser Settings:

  • Most browsers allow you to block or delete cookies
  • See your browser's help documentation

Effect of Blocking Cookies:

  • Essential cookies: Shabdha may not function properly
  • Analytics cookies: No impact on functionality

12. In-App Telemetry & Analytics

The Shabdha Mac and iOS apps can collect product analytics to help us understand how features are used and improve the product. This section explains what we collect, why, and how you control it.

Disabled by Default

Diagnostics are disabled by default. When you first install Shabdha, the "Share diagnostics" toggle is OFF, and no telemetry data is collected until you explicitly enable it during onboarding or in Settings.

A. What We Collect

Event Data:

  • Event types: upgrade prompts viewed, button clicks, checkout flow interactions
  • Event properties: trigger source (e.g., "quota warning"), quota percentage, product ID selected
  • Timestamps of events

User Identifiers:

  • Internal user ID (Supabase UUID) β€” a pseudonymous identifier
  • Subscription tier (free, pro)
  • Build channel (App Store, TestFlight, Direct)

Device & App Metadata:

  • Platform (macOS, iOS)
  • App version
  • Operating system version

B. What We Do NOT Collect

  • ❌ Transcription content: No audio recordings, no transcribed text
  • ❌ Personal identifiers: No names, email addresses, or contact info in telemetry events
  • ❌ Keystroke or clipboard data
  • ❌ Location data
  • ❌ Cross-app tracking

C. Why We Collect This

We use telemetry data to:

  • Understand how users interact with upgrade prompts and subscription flows
  • Identify friction points in the user experience
  • Prioritize product improvements based on actual usage patterns
  • Debug issues and improve app stability

We do NOT use telemetry data for advertising, profiling, or selling to third parties.

D. Where Telemetry Data Is Stored

Telemetry events are stored in our Supabase-hosted PostgreSQL database and processed on our backend infrastructure (Railway). Data is encrypted in transit (TLS) and at rest.

E. How Long We Keep Telemetry Data

We retain telemetry data for up to 1 year for product analytics and improvement purposes. After this period, data is deleted or aggregated into anonymized statistics that cannot be linked back to individual users.

F. Your Control: Opt-In / Opt-Out

Telemetry is disabled by default. During first-run onboarding, you'll be presented with a "Help Improve Shabdha" screen that clearly explains what data is collected and lets you choose whether to opt in. Both "No thanks" and "Yes, help improve" options are presented with equal prominence.

You can change your choice at any time:

  1. Open the Shabdha app
  2. Go to Settings β†’ About
  3. Toggle "Share diagnostics" to ON or OFF

When telemetry is off:

  • No telemetry events are sent
  • Previously collected data remains (contact us if you want it deleted)
  • All app features continue to work normally

G. Legal Basis (GDPR)

We collect telemetry based on consent (Article 6(1)(a) GDPR). Telemetry is disabled by default, and users must explicitly opt in during onboarding or in Settings. You can withdraw your consent at any time by toggling the "Share diagnostics" setting to OFF.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in laws or regulations
  • New features or services
  • Feedback from users or regulators

How We Notify You:

  • Updated policy posted at shabdha.app/privacy
  • "Effective Date" at the top updated
  • For material changes: Email notification to your account address

Your Options:

  • Continue using Shabdha: You accept the updated policy
  • Disagree: Delete your account before the effective date

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Shabdha Support Team

Email: support@shabdha.app
Response time: Within 48 hours

Urban Folklore Ltd
Company Number: 15418082
2 Tadley Close, Fleet, England, GU51 1DS

For EU residents, you have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your privacy concerns.

This policy was last updated on December 8, 2025. View Terms of Service | View Refund Policy