Our Commitment to Your Privacy
At Shabdha, we understand that when you use speech-to-text services, you're trusting us with your voiceβone of the most personal forms of data. This Privacy Policy explains:
- What information we collect and why
- How we process, store, and protect your audio and transcription data
- Your rights and controls over your data
- How we handle children's privacy
- How to contact us with questions or requests
Audio Processing
We do not retain your raw audio on Shabdha servers after transcription. Google Cloud Speech-to-Text does not store input audio; async transcripts may be retained for ~5 days, then deleted.
Key Privacy Principles:
- π€ Your voice, your data: You own your audio and transcriptions
- π Security first: Audio is encrypted in transit and at rest
- π« No voice biometrics: We don't create voiceprints or use audio for identification
- βοΈ You control training: Opt in if you want to help improve our AI models (off by default)
- ποΈ Easy deletion: Delete your data anytime through account settings
1. Information We Collect
A. Information You Provide Directly
Account Information:
- Email address (required for account creation)
- Password (hashed and encrypted)
- Name (optional)
- Profile information (optional)
Payment Information:
- Processed by third parties (Paddle for web, Apple for iOS)
- We do NOT store your credit card numbers or payment details
- We receive transaction confirmations and subscription status only
Support Communications:
- Messages you send to support@shabdha.app
- Feedback, bug reports, or feature requests
B. Information Collected Automatically
Usage Data:
- Features you use (transcription count, language selections)
- Session duration and frequency
- Error logs and crash reports
- Device type and operating system version (macOS version, iOS version)
Technical Data:
- IP address (for security and fraud prevention)
- Browser type and version (web users)
- App version
- API usage patterns
We do NOT collect:
- Precise geolocation (only general region from IP for regional settings)
- Browsing history outside Shabdha
- Data from other apps on your device
C. Audio and Voice Data
When You Use Shabdha's Transcription Services:
- Audio recordings: Voice input you speak into your microphone
- Transcription outputs: Text generated from your audio
- Metadata: Timestamp, language, app context (e.g., "transcribing in VSCode")
What We DON'T Collect:
- β Voiceprints or biometric identifiers: We don't create voice signatures for identification
- β Ambient audio: We only process audio during active transcription sessions
- β Audio from other apps: Shabdha only accesses your microphone when you actively initiate transcription
2. What Shabdha Does NOT Do
Important Clarification:
Shabdha is a speech-to-text transcription tool. We do NOT:
- Generate images or human faces
- Perform face swaps or deepfakes
- Create voice impersonations or voice cloning
- Provide general-purpose chatbot functionality
Our AI is strictly limited to transcribing your speech and formatting the resulting text.
3. How We Use Your Information
We use your information for the following purposes:
A. Providing the Services
Core Functionality:
- Converting your speech to text using AI/ML models
- Applying smart formatting, punctuation, and context-aware suggestions
- Storing transcriptions in your account for future access
- Syncing data across your devices (if you use multiple devices)
B. Improving the Services
With Your Consent (Opt-In):
- Using anonymized transcription data to improve speech recognition models
- Analyzing common transcription errors to enhance accuracy
- Training AI models for better context detection and formatting
You Control This: See Section 8: Your Privacy Rights to manage training preferences.
Without Consent (Aggregate Only):
- Analyzing usage patterns (e.g., "most popular languages")
- Performance monitoring (e.g., "average transcription speed")
- Feature usage statistics (e.g., "% of users using voice commands")
These aggregate analytics contain NO personally identifiable information or transcription content.
C. Communicating With You
- Account-related notifications (trial ending, payment confirmation)
- Customer support responses
- Security alerts (unusual login, password reset)
- Product updates and feature announcements (you can opt out)
D. Security and Fraud Prevention
- Detecting and preventing unauthorized access
- Identifying abuse or violations of our Terms of Service
- Complying with legal obligations (e.g., valid subpoenas)
E. Legal Compliance
- Responding to law enforcement requests (when legally required)
- Enforcing our Terms of Service
- Protecting our rights and property
4. Audio and Voice Data Processing
Because Shabdha is a speech-to-text service, understanding how we handle your audio data is critical.
A. Audio Data Lifecycle
1. Capture:
- You press the transcription button in the Shabdha app
- Your device's microphone captures audio
- Audio is immediately encoded (16-bit PCM format)
2. Transmission:
- Audio is encrypted using TLS/SSL
- Sent to Shabdha's servers in small chunks (near real-time)
- Never stored on our servers in raw audio form
3. Processing:
- Audio chunks are sent to our speech recognition service (Google Cloud Speech-to-Text)
- Google processes audio and returns text
- Text is optionally polished using AI formatting models (OpenAI GPT-4 or Google Gemini)
- Final transcription is stored in your Shabdha account
4. Audio Deletion:
- Immediate: Audio chunks are deleted from Shabdha's servers immediately after transcription
- Third-Party Processing: Google Cloud does not store input audio; async transcripts may be retained for ~5 days for retrieval, then deleted (we primarily use streaming recognition which does not persist results)
- User Control: You can delete transcription text anytime through account settings
B. Audio Storage: What We Keep vs. What We Don't
| Data Type | Stored? | Duration | Purpose |
|---|---|---|---|
| Raw audio files | β NO | N/A | Not stored anywhere |
| Audio chunks (during session) | β Temporarily | Seconds | Buffering for real-time transcription |
| Transcription text | β YES | Until you delete | Your account history |
| Metadata (timestamp, language) | β YES | Until you delete | Organizing your transcriptions |
| Voiceprints | β NO | N/A | We don't create biometric identifiers |
Bottom Line: We store the text transcriptions, but NOT the audio recordings themselves.
C. Voice Biometrics: What We DON'T Do
Shabdha does NOT:
- Create voiceprints or voice signatures
- Use audio for speaker identification or authentication
- Build voice profiles for behavioral analysis
- Share audio data with third parties for marketing or analytics
- Sell or license voice data
We only use audio for transcription. Once transcription is complete, audio is deleted.
D. Third-Party Audio Processing
Google Cloud Speech-to-Text:
- We use Google Cloud's speech recognition API
- Google processes audio to generate text
- Google does NOT use your audio to train their public models (per enterprise API terms)
- Google does NOT store your input audio. For asynchronous jobs, resulting transcripts may be retained for ~5 days to let you retrieve them, then deleted. (We primarily use streaming recognition, which does not persist results.)
- See Google Cloud's Data Usage FAQ (opens in new tab)
OpenAI GPT-4 / Google Gemini (for text formatting):
- We send transcription *text* (not audio) to AI models for formatting/polishing
- Available to all users (free and paid plans)
- These providers do NOT use your data to train their models (per API terms)
- Data is deleted within 30 days
- See OpenAI API Data Usage (opens in new tab) and Google Gemini API Terms (opens in new tab)
5. Third-Party Services and Data Processors
Shabdha relies on trusted third-party services to provide our features. Here's what data is shared and why:
A. Speech Recognition
Provider: Google Cloud Speech-to-Text
Data Shared: Audio recordings, language preference
Purpose: Converting speech to text
Privacy: Google does not use your data for advertising or training public models
Retention: Audio is not stored; async transcripts retained ~5 days, then deleted
Terms: Google Cloud Privacy (opens in new tab)
B. AI Formatting and Polishing
Providers: OpenAI GPT-4 or Google Gemini (we may use either depending on availability)
Data Shared: Transcription text (not audio), app context
Purpose: Improving punctuation, formatting, and readability
Availability: Available to all users (free and paid plans)
Privacy: No data used for training models
Retention: 30 days max, then deleted
Terms: OpenAI API Data Usage (opens in new tab) | Google Gemini API Terms (opens in new tab)
C. Payment Processing
Web Payments: Paddle
Data Shared: Email, billing address, payment info (handled entirely by Paddle)
Purpose: Subscription billing and management
Terms: Paddle Privacy Policy (opens in new tab)
App Store Payments: Apple In-App Purchase
Data Shared: Apple ID, payment info (handled entirely by Apple)
Purpose: Subscription billing and management
Terms: Apple Privacy Policy (opens in new tab)
D. Infrastructure and Hosting
Cloud Hosting: Vercel
We use Vercel (https://vercel.com/legal/privacy-policy (opens in new tab)) to host our website and marketing pages. Vercel may log IP addresses and request metadata for security, performance, and operational purposes.
Infrastructure and Hosting:
- Backend Application: Railway.com (United States) or AWS
- Database: Supabase PostgreSQL (United Kingdom)
- Authentication: Supabase Auth (United Kingdom)
- Cache: Upstash Redis (United Kingdom)
6. Data Retention and Deletion
A. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Account info | Until you delete your account | Providing services |
| Transcription text | Until you delete | Your historical transcriptions |
| Usage logs | 90 days | Debugging and security |
| Payment records | 7 years (where required by law) | Tax and legal compliance |
| Support messages | 3 years | Customer service history |
| Audio recordings | Immediately deleted | Not retained |
B. Deleting Your Data
Delete Individual Transcriptions:
- Log in to your Shabdha account
- Go to Transcription History
- Select transcription(s) to delete
- Click "Delete" β Confirm
- Deleted immediately from our servers
Delete Your Entire Account:
- Log in to shabdha.app
- Go to Account Settings β Privacy
- Click "Delete My Account"
- Confirm deletion
- All data deleted within 30 days
What Gets Deleted:
- All transcription text
- Account information (email, profile)
- Usage history
- Settings and preferences
What We Retain (legal/security only):
- Payment records (tax/legal requirements: 7 years)
- Security logs for fraud prevention (90 days)
- Aggregated, anonymized analytics (no personal identifiers)
7. Data Security
A. How We Protect Your Data
Encryption:
- In transit: All data encrypted with TLS 1.3
- At rest: Database encryption using AES-256
- Audio transmission: Real-time encryption during transcription sessions
Access Controls:
- Minimum necessary access for employees (need-to-know basis)
- Two-factor authentication for internal systems
- Regular security audits and penetration testing
Infrastructure Security:
- Hosted on providers with SOC 2βcertified data centers
- Regular security patches and updates
- DDoS protection and rate limiting
- Intrusion detection systems
B. No Absolute Security
While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security against:
- Sophisticated cyberattacks
- Data breaches at third-party providers
- Device compromise (malware on your computer/phone)
Your Responsibility:
- Use strong, unique passwords
- Enable two-factor authentication (when available)
- Keep your device and software updated
- Don't share your account credentials
C. Data Breach Notification
If a security breach affects your data, we will:
- Notify you via email within 72 hours (or as required by law)
- Explain what data was affected
- Provide steps you can take to protect yourself
- Report the breach to authorities (where required)
8. Your Privacy Rights
Depending on your location, you may have specific privacy rights under laws like GDPR (EU), CCPA (California), or other regional laws.
A. Universal Rights (All Users)
1. Access: View all personal data we have about you
- Go to Account Settings β Privacy β Download My Data
2. Correction: Update inaccurate information
- Edit in Account Settings or email support@shabdha.app
3. Deletion: Delete your account and data
- Account Settings β Delete My Account
4. Export: Download your data in portable format
- Account Settings β Privacy β Export Data
5. Opt-Out of Marketing: Unsubscribe from promotional emails
- Click "Unsubscribe" in any marketing email
- Or: Account Settings β Email Preferences
B. GDPR Rights (EU/UK/EEA Residents)
If you're in the European Union, United Kingdom, or European Economic Area, you have additional rights:
- Right to Restriction: Limit how we process your data
- Right to Object: Object to processing based on legitimate interests
- Right to Portability: Receive your data in a machine-readable format
- Right to Lodge a Complaint: File a complaint with your local data protection authority
Lawful Basis for Processing:
- Contract: Necessary to provide the Services (transcription)
- Legitimate Interest: Improving services, fraud prevention
- Consent: Marketing communications, optional model training
Data Controller:
Urban Folklore Ltd
Company Number: 15418082
Registered Address: 2 Tadley Close, Fleet, England, GU51 1DS
Email: support@shabdha.app
To Exercise GDPR Rights: Email privacy@shabdha.app with "GDPR Request" in the subject line.
C. CCPA Rights (California Residents)
If you're a California resident, you have rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Delete your personal information (with exceptions for legal compliance)
- Right to Opt-Out of "Sale": We do NOT sell personal information, so this doesn't apply
- Right to Non-Discrimination: We won't discriminate against you for exercising your rights
To Exercise CCPA Rights: Email privacy@shabdha.app with "CCPA Request" in the subject line.
D. Model Training (Opt-In Only)
Control How Your Data Is Used for AI Improvement:
We do not use your transcripts to train Shabdha's models unless you opt in. Our third-party AI provider (OpenAI API) does not use your data to train models, and API logs are deleted after 30 days (unless retention is legally required).
If you want to help improve Shabdha, you can opt in to contribute anonymized transcription data:
- Log in to shabdha.app
- Go to Account Settings β Privacy β Data Usage
- Toggle "Use my data to improve Shabdha" to ON
- Changes apply immediately
What Happens When You Opt In:
- Your transcriptions may be used (in anonymized form) to improve our speech recognition and formatting
- You can withdraw consent at any time by toggling the setting back to OFF
- All other features work the same regardless of your choice
9. Children's Privacy
Shabdha is NOT intended for children under 13 (or 16 in some jurisdictions).
We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information:
- Email privacy@shabdha.app immediately
- Include your child's account email (if known)
- We will delete the account and all associated data within 48 hours
Age Verification: We rely on parental consent mechanisms where required by law. If you are under 18, you may need parental consent to use Shabdha depending on your location.
10. International Data Transfers
Data Controller Location: United Kingdom
Server Regions:
- United Kingdom: Supabase (database, authentication), Upstash (Redis cache)
- United States: Railway.com (backend application, if used)
Data may be transferred between these regions for processing. All transfers comply with applicable data protection laws including GDPR and UK GDPR.
Where Your Data May Be Processed:
- Third-party processors (Google Cloud Speech-to-Text, OpenAI, Google Gemini) may process data in multiple countries
Cross-Border Transfers:
- We use Standard Contractual Clauses (SCCs) for EU-to-US transfers (GDPR-compliant)
- Third-party processors are vetted for compliance with GDPR, Privacy Shield successor frameworks, or equivalent protections
Your Rights: International transfers do not diminish your privacy rights. You can still access, delete, and control your data regardless of where it's processed.
12. In-App Telemetry & Analytics
The Shabdha Mac and iOS apps collect product analytics to help us understand how features are used and improve the product. This section explains what we collect, why, and how you can opt out.
A. What We Collect
Event Data:
- Event types: upgrade prompts viewed, button clicks, checkout flow interactions
- Event properties: trigger source (e.g., "quota warning"), quota percentage, product ID selected
- Timestamps of events
User Identifiers:
- Internal user ID (Supabase UUID) β a pseudonymous identifier
- Subscription tier (free, pro)
- Build channel (App Store, TestFlight, Direct)
Device & App Metadata:
- Platform (macOS, iOS)
- App version
- Operating system version
B. What We Do NOT Collect
- β Transcription content: No audio recordings, no transcribed text
- β Personal identifiers: No names, email addresses, or contact info in telemetry events
- β Keystroke or clipboard data
- β Location data
- β Cross-app tracking
C. Why We Collect This
We use telemetry data to:
- Understand how users interact with upgrade prompts and subscription flows
- Identify friction points in the user experience
- Prioritize product improvements based on actual usage patterns
- Debug issues and improve app stability
We do NOT use telemetry data for advertising, profiling, or selling to third parties.
D. Where Telemetry Data Is Stored
Telemetry events are stored in our Supabase-hosted PostgreSQL database and processed on our backend infrastructure (Railway). Data is encrypted in transit (TLS) and at rest.
E. How Long We Keep Telemetry Data
We retain telemetry data for up to 1 year for product analytics and improvement purposes. After this period, data is deleted or aggregated into anonymized statistics that cannot be linked back to individual users.
F. Your Control: Opt-Out
You can disable telemetry at any time:
- Open the Shabdha app
- Go to Settings β About
- Toggle "Share anonymous diagnostics" to OFF
When you opt out:
- No new telemetry events are sent
- Previously collected data remains (contact us if you want it deleted)
- All app features continue to work normally
G. Legal Basis (GDPR)
We collect telemetry based on legitimate interest (Article 6(1)(f) GDPR) to improve our products and services. You can object to this processing by opting out using the toggle described above.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in laws or regulations
- New features or services
- Feedback from users or regulators
How We Notify You:
- Updated policy posted at shabdha.app/privacy
- "Effective Date" at the top updated
- For material changes: Email notification to your account address
Your Options:
- Continue using Shabdha: You accept the updated policy
- Disagree: Delete your account before the effective date
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Shabdha Support Team
Email: support@shabdha.app
Response time: Within 48 hours
Urban Folklore Ltd
Company Number: 15418082
2 Tadley Close, Fleet, England, GU51 1DS
For EU residents, you have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your privacy concerns.
This policy was last updated on November 26, 2025. View Terms of Service | View Refund Policy