Sovera Labs

Privacy Policy

This Privacy Notice explains how Voxelo collects, uses, shares, and protects personal information when you use the mobile application and related services.

Privacy Notice

This Privacy Notice for Sovera Labs ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you download and use our mobile application Voxelo, or any other application of ours that links to this Privacy Notice.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at ibrg43@gmail.com.

Summary of Key Points

  • We collect account details, learning preferences, app progress, subscription status, and the speaking or text content you choose to submit.
  • Microphone recordings are created only when you start a speaking activity and are sent for transcription. We do not use voice recordings to identify you biometrically.
  • AI prompts, audio submitted for transcription, transcripts, conversation history, learning level, and generated responses are processed through our protected backend and OpenAI's API to provide lessons, simulations, translations, feedback, and reports.
  • Before Voxelo sends personal speaking or learning content to OpenAI-powered AI features, the app asks for your explicit permission and identifies the categories of data shared and the provider involved.
  • We use Firebase for authentication and profile storage, RevenueCat and the app stores for subscriptions, Brevo for password-reset email delivery, and Microsoft-operated speech infrastructure for text-to-speech.
  • We do not sell personal information, serve third-party advertising, or currently use Google Analytics in the Voxelo mobile application.
  • We use organizational and technical measures to protect personal information, but no electronic transmission or storage technology can be guaranteed to be 100% secure.

1. What Information Do We Collect?

Personal Information You Disclose to Us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include your name, email address, authentication provider, account identifier, selected interface language, native and target languages, learning level, goals, interests, teacher preferences, app settings, and subscription status. Password-based authentication credentials are handled by Firebase Authentication; we do not receive or store your plain-text password.

Speaking, Learning, and AI Content. When you use a lesson, simulation, translation, assessment, or report feature, we process the text you enter, temporary microphone recordings, speech transcripts, conversation history, and AI-generated feedback needed to provide that feature. Please do not include sensitive personal information that is not necessary for language practice.

Microphone and Audio. Voxelo requests microphone access only for speaking features. A recording begins only after you activate a recording control. The recording is temporarily stored on your device and securely transmitted through our backend to OpenAI for transcription. Voxelo does not use audio to create voiceprints, identify you, or perform biometric authentication.

Purchases and Subscriptions. If you purchase a subscription, Apple App Store or Google Play processes the payment. Voxelo and RevenueCat receive limited purchase, entitlement, product, receipt, and subscription-status information needed to activate and restore Pro access. We do not receive your complete payment card number.

Data Stored on Your Device. Learning documents, practice history, progress, usage counters, preferences, and temporary audio files may be stored locally on your device. Local data is associated with the signed-in Voxelo account where applicable.

Application Data. If you use our application, we request access to your device's microphone for speaking lessons and simulations. If you wish to change this permission, you may do so in your device's settings. Denying microphone access prevents voice-based features but does not prevent access to features that do not require recording.

This information is primarily needed to maintain the security and operation of our application, for troubleshooting, and for our internal operational purposes. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information Automatically Collected

In Short: Some information, such as your Internet Protocol (IP) address and/or browser and device characteristics, is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity, such as your name or contact information, but may include device and usage information, such as your IP address, browser or device characteristics, operating system, language preferences, request time, endpoint used, network status, and error or diagnostic information. Approximate location may be inferred from an IP address by infrastructure or store providers, but Voxelo does not request precise device location. This information is primarily needed to maintain security, prevent abuse, troubleshoot failures, and operate the Services.

Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, request path, date and time stamps, response status, feature used, service activity, and error information. We do not currently use a mobile advertising identifier or third-party advertising SDK.

Google API

If you choose Google Sign-In, Google provides authentication information such as your account identifier, name, and email address. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. If you choose Sign in with Apple, Apple provides the authentication information you authorize.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes only with your prior explicit consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To provide personalized language-learning features. We process your selected languages, level, learning profile, progress, speaking content, transcripts, and conversation history to provide lessons, simulations, translations, assessments, reports, and appropriate learning recommendations.
  • To provide audio and speech features. We process temporary microphone recordings for transcription and send text for speech synthesis so the app can play teacher responses.
  • To provide AI features with your permission. Before sending personal speaking or learning content to OpenAI, Voxelo displays an in-app consent notice that explains the data categories sent, the destination, and the purposes of processing. If you do not allow this sharing, AI lessons, transcription, translation, corrections, and reports that require OpenAI will not run.
  • To manage purchases and entitlements. We process product, receipt, subscription, and entitlement information to complete purchases, restore access, and show the correct plan.
  • To communicate and support account access. We use your email address to send verification and password-reset messages and to respond to privacy or support requests.
  • To secure and operate the Services. We process account identifiers, authentication tokens, IP addresses, request metadata, and error information to prevent abuse, enforce usage limits, diagnose problems, and protect users.

4. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

  • Google Firebase. Firebase Authentication and Cloud Firestore process account authentication, account identifiers, profile details, and learning preferences.
  • OpenAI. OpenAI processes lesson prompts, conversation text, temporary audio recordings, transcripts, and generated responses to provide AI conversations, transcription, evaluation, translation, and learning reports. These requests may also include your learning level, target language, lesson topic, and relevant conversation context. OpenAI states that API inputs and outputs are not used to train its models by default unless the customer opts in, and it maintains security and privacy safeguards for API data designed to provide protection comparable to the protections described in this notice.
  • Microsoft-operated speech infrastructure. Text that needs to be spoken aloud, the selected voice, and speech-rate settings are processed to generate teacher audio. Voxelo sends text for this feature, not the learner's microphone recording.
  • RevenueCat, Apple, and Google. These providers process app user identifiers, device or platform information, product identifiers, purchase receipts or tokens, subscription status, and entitlement information needed for in-app purchases.
  • Brevo. When you request a password reset, Brevo processes your email address and the reset message solely to deliver that transactional email.
  • Infrastructure and hosting providers. Our hosting, network, certificate, and deployment providers may process IP addresses, request metadata, and service logs as necessary to operate and secure the Services.
  • Legal requirements and business transfers. We may disclose information where required by law, to protect legal rights or safety, or in connection with a merger, financing, acquisition, or sale of business assets.

These providers may process information in countries other than your country of residence, including the United States and European countries. Where required, we rely on appropriate contractual or legal safeguards for international transfers.

5. Do We Use Cookies and Other Tracking Technologies?

In Short: The mobile application does not currently use third-party advertising cookies or Google Analytics.

The privacy-policy website or its hosting provider may use essential technologies and basic server logs needed to deliver the page, maintain security, and prevent abuse. Voxelo stores app preferences and progress in local device storage; these are not advertising cookies.

We do not permit third parties to track Voxelo users for targeted advertising, and we do not sell or share personal information for cross-context behavioral advertising. If this changes, we will update this notice and provide any legally required choices before introducing the new processing.

6. Do We Offer Artificial Intelligence-Based Products?

In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.

Voxelo uses OpenAI's API to generate teacher responses, simulations, translations, evaluations, personalized lessons, and learning reports, and to transcribe microphone recordings. Requests are sent through Voxelo's authenticated backend; the OpenAI API key is not included in the mobile application.

Before Voxelo sends personal speaking or learning content to OpenAI-powered AI features, the app asks for your permission. The notice explains that Voxelo may send audio recordings, speech transcripts, typed messages, conversation history, level, selected language, lesson topic, and learning context to the secure Voxelo backend and OpenAI API services for transcription, AI replies, translation, corrections, and reports.

Depending on the feature, OpenAI receives instructions, your submitted text, relevant conversation history, temporary audio, language and level context, and the generated output. OpenAI states that API data is not used to train its models by default unless the customer explicitly opts in. Under OpenAI's default API controls, limited content may be retained in abuse-monitoring logs for up to 30 days unless a longer period is legally required. We require third-party service providers that process personal information for Voxelo to handle that information under confidentiality, security, and purpose-limited obligations that provide the same or substantially equivalent protection for the data they process on our behalf.

AI output may be incomplete or inaccurate and should not be treated as professional, medical, legal, or financial advice. Avoid including unnecessary sensitive information in speaking exercises or prompts.

7. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

Account authentication information and the Voxelo profile stored in Firebase are generally retained while your account remains active and are deleted through the in-app account-deletion process, subject to legal, security, and backup exceptions.

  • Microphone recordings: temporarily stored on your device for transcription. Voxelo's backend processes uploaded audio in memory and does not intentionally save it as a permanent audio file.
  • OpenAI API content: subject to OpenAI's API retention controls, including default abuse-monitoring retention of up to 30 days unless legally required for longer.
  • Generated speech: may be cached in backend memory for up to 24 hours to reduce repeated synthesis requests. Cache entries are not designed as user profiles and expire automatically.
  • Local learning data: retained on your device until you delete the account in the app, clear app data, or uninstall the application, depending on the data type and platform behavior.
  • Subscription and transaction records: retained by Apple, Google, RevenueCat, or us as required for purchase restoration, accounting, fraud prevention, dispute handling, and applicable law.
  • Operational and support records: retained only as reasonably necessary for security, troubleshooting, support, legal compliance, or dispute resolution.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information. If this is not possible, we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of personal information we process. These measures include encrypted HTTPS transport, server-side storage of secret service credentials, Firebase authentication for AI and speech endpoints, per-user request limits, and restricted direct access to backend services. However, no electronic transmission or storage technology can be guaranteed to be 100% secure.

We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. What Are Your Privacy Rights?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area, United Kingdom, Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

In some regions, you may have the right to request access and obtain a copy of your personal information, request rectification or erasure, restrict the processing of your personal information, request data portability, and not be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

You may withdraw your consent at any time by contacting us using the contact details provided below. This will not affect the lawfulness of processing before its withdrawal or processing conducted in reliance on lawful grounds other than consent.

Account Information

If you would like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. We may retain some information in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce legal terms, and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at ibrg43@gmail.com.

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

11. Do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

Categories of Personal Information We Collect

The table below shows the categories of personal information we have collected in the past twelve (12) months. It includes illustrative examples and does not reflect every item of personal information we collect from you.

Category Examples Collected
A. IdentifiersName, Firebase user identifier, online identifier, IP address, email address, and account name.Yes
B. California Customer Records personal informationName and contact information such as email address.Yes
C. Protected classification characteristicsGender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data.No
D. Commercial informationSubscription status, product identifiers, entitlement status, and limited transaction or receipt information.Yes
E. Biometric informationFingerprints and voiceprints.No
F. Internet or similar network activityInteractions with the application, feature usage, request metadata, and diagnostic events.Yes
G. Geolocation dataPrecise device location is not requested; approximate region may be inferred by service providers from IP address.Limited
H. Audio, electronic, sensory, or similar informationTemporary microphone recordings submitted for speech transcription.Yes
I. Professional or employment-related informationBusiness contact details, job title, work history, and professional qualifications.No
J. Education informationStudent records and directory information.No
K. Inferences drawn from collected personal informationLearning level, personalized roadmap, progress assessments, preferences, and AI-generated learning feedback.Yes
L. Sensitive personal informationSensitive personal information as defined by applicable law.No

We may also collect other personal information when you interact with us in person, online, by phone, or by mail in the context of receiving help through customer support channels, participating in surveys or contests, and facilitating delivery of our Services or responding to inquiries.

Retention varies by category as described in Section 7. Account and profile information is generally kept while the account is active, while temporary audio and provider records follow shorter or provider-specific retention periods.

How We Use and Share Personal Information

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. We may use your personal information for our own business purposes, such as internal research for technological development and demonstration. This is not considered to be selling your personal information.

We disclose personal information to the service providers identified in Section 4 for business purposes such as authentication, AI processing, speech generation, email delivery, subscriptions, hosting, and security. We have not sold personal information or shared it for cross-context behavioral advertising in the preceding twelve (12) months, and we do not intend to do so.

Your Rights

You may have the right to know whether we process your personal data, access your personal data, correct inaccuracies, request deletion, obtain a copy of personal data you previously shared with us, exercise your rights without discrimination, and opt out of processing for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

Depending on where you live, you may also have rights to access categories of personal data being processed, obtain lists of categories or specific third parties to which we disclosed personal data, obtain a list of third parties to which we sold personal data, review and correct certain profiling, limit use and disclosure of sensitive personal data, or opt out of collection of sensitive data and personal data collected through voice or facial recognition features.

How to Exercise Your Rights

To exercise these rights, you can contact us by emailing ibrg43@gmail.com or by referring to the contact details at the bottom of this document. Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof of valid authorization.

Request Verification and Appeals

Upon receiving your request, we will need to verify your identity to determine that you are the same person about whom we have information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request.

If we decline to take action regarding your request, you may appeal our decision by emailing ibrg43@gmail.com. We will inform you in writing of any action taken or not taken in response to the appeal. If your appeal is denied, you may submit a complaint to your state attorney general.

12. Children's Privacy

Voxelo is not directed to children under 13, or a higher minimum age where required by local law. We do not knowingly collect personal information from a child who is not legally permitted to provide it. If you believe a child has provided personal information without appropriate authorization, contact us so we can investigate and delete it where required.

13. Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

14. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at ibrg43@gmail.com or contact us by post at:

Sovera Labs
Tekirdag
Tekirdag Corlu
Corlu, Tekirdag 59000
Turkey

15. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.

To request to review, update, or delete your personal information, please contact us at ibrg43@gmail.com or visit our Account and Data Deletion page.