Privacy Notice
This Privacy Notice for Sovera Labs ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you download and use our mobile application Voxelo, or any other application of ours that links to this Privacy Notice.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at ibrg43@gmail.com.
Summary of Key Points
- We collect account details, learning preferences, app progress, subscription status, and the speaking or text content you choose to submit.
- Microphone recordings are created only when you start a speaking activity and are sent for transcription. We do not use voice recordings to identify you biometrically.
- AI prompts, audio submitted for transcription, transcripts, conversation history, learning level, and generated responses are processed through our protected backend and OpenAI's API to provide lessons, simulations, translations, feedback, and reports.
- Before Voxelo sends personal speaking or learning content to OpenAI-powered AI features, the app asks for your explicit permission and identifies the categories of data shared and the provider involved.
- We use Firebase for authentication and profile storage, RevenueCat and the app stores for subscriptions, Brevo for password-reset email delivery, and Microsoft-operated speech infrastructure for text-to-speech.
- We do not sell personal information, serve third-party advertising, or currently use Google Analytics in the Voxelo mobile application.
- We use organizational and technical measures to protect personal information, but no electronic transmission or storage technology can be guaranteed to be 100% secure.
1. What Information Do We Collect?
Personal Information You Disclose to Us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include your name, email address, authentication provider, account identifier, selected interface language, native and target languages, learning level, goals, interests, teacher preferences, app settings, and subscription status. Password-based authentication credentials are handled by Firebase Authentication; we do not receive or store your plain-text password.
Speaking, Learning, and AI Content. When you use a lesson, simulation, translation, assessment, or report feature, we process the text you enter, temporary microphone recordings, speech transcripts, conversation history, and AI-generated feedback needed to provide that feature. Please do not include sensitive personal information that is not necessary for language practice.
Microphone and Audio. Voxelo requests microphone access only for speaking features. A recording begins only after you activate a recording control. The recording is temporarily stored on your device and securely transmitted through our backend to OpenAI for transcription. Voxelo does not use audio to create voiceprints, identify you, or perform biometric authentication.
Purchases and Subscriptions. If you purchase a subscription, Apple App Store or Google Play processes the payment. Voxelo and RevenueCat receive limited purchase, entitlement, product, receipt, and subscription-status information needed to activate and restore Pro access. We do not receive your complete payment card number.
Data Stored on Your Device. Learning documents, practice history, progress, usage counters, preferences, and temporary audio files may be stored locally on your device. Local data is associated with the signed-in Voxelo account where applicable.
Application Data. If you use our application, we request access to your device's microphone for speaking lessons and simulations. If you wish to change this permission, you may do so in your device's settings. Denying microphone access prevents voice-based features but does not prevent access to features that do not require recording.
This information is primarily needed to maintain the security and operation of our application, for troubleshooting, and for our internal operational purposes. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information Automatically Collected
In Short: Some information, such as your Internet Protocol (IP) address and/or browser and device characteristics, is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity, such as your name or contact information, but may include device and usage information, such as your IP address, browser or device characteristics, operating system, language preferences, request time, endpoint used, network status, and error or diagnostic information. Approximate location may be inferred from an IP address by infrastructure or store providers, but Voxelo does not request precise device location. This information is primarily needed to maintain security, prevent abuse, troubleshoot failures, and operate the Services.
Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, request path, date and time stamps, response status, feature used, service activity, and error information. We do not currently use a mobile advertising identifier or third-party advertising SDK.
Google API
If you choose Google Sign-In, Google provides authentication information such as your account identifier, name, and email address. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. If you choose Sign in with Apple, Apple provides the authentication information you authorize.
2. How Do We Process Your Information?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes only with your prior explicit consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
- To provide personalized language-learning features. We process your selected languages, level, learning profile, progress, speaking content, transcripts, and conversation history to provide lessons, simulations, translations, assessments, reports, and appropriate learning recommendations.
- To provide audio and speech features. We process temporary microphone recordings for transcription and send text for speech synthesis so the app can play teacher responses.
- To provide AI features with your permission. Before sending personal speaking or learning content to OpenAI, Voxelo displays an in-app consent notice that explains the data categories sent, the destination, and the purposes of processing. If you do not allow this sharing, AI lessons, transcription, translation, corrections, and reports that require OpenAI will not run.
- To manage purchases and entitlements. We process product, receipt, subscription, and entitlement information to complete purchases, restore access, and show the correct plan.
- To communicate and support account access. We use your email address to send verification and password-reset messages and to respond to privacy or support requests.
- To secure and operate the Services. We process account identifiers, authentication tokens, IP addresses, request metadata, and error information to prevent abuse, enforce usage limits, diagnose problems, and protect users.
3. What Legal Bases Do We Rely on to Process Your Information?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason under applicable law, such as with your consent, to comply with laws, to provide you with services, to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If You Are Located in the EU or UK
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following legal bases:
- Performance of a Contract. We process information needed to create your account and provide the lessons, speech, AI, subscription, and support features you request.
- Legitimate Interests. We may process limited technical and usage information to secure, maintain, troubleshoot, and improve the Services, where those interests are not overridden by your rights.
- Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If You Are Located in Canada
We may process your information if you have given us specific permission, or in situations where your permission can be inferred. You can withdraw your consent at any time. In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including investigations and fraud detection, business transactions, compliance with subpoenas or court orders, journalistic, artistic, or literary purposes, publicly available information, and approved research or statistics projects subject to ethics oversight and confidentiality commitments.
6. Do We Offer Artificial Intelligence-Based Products?
In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.
Voxelo uses OpenAI's API to generate teacher responses, simulations, translations, evaluations, personalized lessons, and learning reports, and to transcribe microphone recordings. Requests are sent through Voxelo's authenticated backend; the OpenAI API key is not included in the mobile application.
Before Voxelo sends personal speaking or learning content to OpenAI-powered AI features, the app asks for your permission. The notice explains that Voxelo may send audio recordings, speech transcripts, typed messages, conversation history, level, selected language, lesson topic, and learning context to the secure Voxelo backend and OpenAI API services for transcription, AI replies, translation, corrections, and reports.
Depending on the feature, OpenAI receives instructions, your submitted text, relevant conversation history, temporary audio, language and level context, and the generated output. OpenAI states that API data is not used to train its models by default unless the customer explicitly opts in. Under OpenAI's default API controls, limited content may be retained in abuse-monitoring logs for up to 30 days unless a longer period is legally required. We require third-party service providers that process personal information for Voxelo to handle that information under confidentiality, security, and purpose-limited obligations that provide the same or substantially equivalent protection for the data they process on our behalf.
AI output may be incomplete or inaccurate and should not be treated as professional, medical, legal, or financial advice. Avoid including unnecessary sensitive information in speaking exercises or prompts.
7. How Long Do We Keep Your Information?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
Account authentication information and the Voxelo profile stored in Firebase are generally retained while your account remains active and are deleted through the in-app account-deletion process, subject to legal, security, and backup exceptions.
- Microphone recordings: temporarily stored on your device for transcription. Voxelo's backend processes uploaded audio in memory and does not intentionally save it as a permanent audio file.
- OpenAI API content: subject to OpenAI's API retention controls, including default abuse-monitoring retention of up to 30 days unless legally required for longer.
- Generated speech: may be cached in backend memory for up to 24 hours to reduce repeated synthesis requests. Cache entries are not designed as user profiles and expire automatically.
- Local learning data: retained on your device until you delete the account in the app, clear app data, or uninstall the application, depending on the data type and platform behavior.
- Subscription and transaction records: retained by Apple, Google, RevenueCat, or us as required for purchase restoration, accounting, fraud prevention, dispute handling, and applicable law.
- Operational and support records: retained only as reasonably necessary for security, troubleshooting, support, legal compliance, or dispute resolution.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information. If this is not possible, we will securely store your personal information and isolate it from any further processing until deletion is possible.
8. How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of personal information we process. These measures include encrypted HTTPS transport, server-side storage of secret service credentials, Firebase authentication for AI and speech endpoints, per-user request limits, and restricted direct access to backend services. However, no electronic transmission or storage technology can be guaranteed to be 100% secure.
We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
9. What Are Your Privacy Rights?
In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area, United Kingdom, Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.
In some regions, you may have the right to request access and obtain a copy of your personal information, request rectification or erasure, restrict the processing of your personal information, request data portability, and not be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
You may withdraw your consent at any time by contacting us using the contact details provided below. This will not affect the lawfulness of processing before its withdrawal or processing conducted in reliance on lawful grounds other than consent.
Account Information
If you would like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. We may retain some information in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce legal terms, and/or comply with applicable legal requirements.
If you have questions or comments about your privacy rights, you may email us at ibrg43@gmail.com.
10. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.
At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.
California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.
11. Do United States Residents Have Specific Privacy Rights?
In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.
Categories of Personal Information We Collect
The table below shows the categories of personal information we have collected in the past twelve (12) months. It includes illustrative examples and does not reflect every item of personal information we collect from you.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, Firebase user identifier, online identifier, IP address, email address, and account name. | Yes |
| B. California Customer Records personal information | Name and contact information such as email address. | Yes |
| C. Protected classification characteristics | Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data. | No |
| D. Commercial information | Subscription status, product identifiers, entitlement status, and limited transaction or receipt information. | Yes |
| E. Biometric information | Fingerprints and voiceprints. | No |
| F. Internet or similar network activity | Interactions with the application, feature usage, request metadata, and diagnostic events. | Yes |
| G. Geolocation data | Precise device location is not requested; approximate region may be inferred by service providers from IP address. | Limited |
| H. Audio, electronic, sensory, or similar information | Temporary microphone recordings submitted for speech transcription. | Yes |
| I. Professional or employment-related information | Business contact details, job title, work history, and professional qualifications. | No |
| J. Education information | Student records and directory information. | No |
| K. Inferences drawn from collected personal information | Learning level, personalized roadmap, progress assessments, preferences, and AI-generated learning feedback. | Yes |
| L. Sensitive personal information | Sensitive personal information as defined by applicable law. | No |
We may also collect other personal information when you interact with us in person, online, by phone, or by mail in the context of receiving help through customer support channels, participating in surveys or contests, and facilitating delivery of our Services or responding to inquiries.
Retention varies by category as described in Section 7. Account and profile information is generally kept while the account is active, while temporary audio and provider records follow shorter or provider-specific retention periods.
How We Use and Share Personal Information
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. We may use your personal information for our own business purposes, such as internal research for technological development and demonstration. This is not considered to be selling your personal information.
We disclose personal information to the service providers identified in Section 4 for business purposes such as authentication, AI processing, speech generation, email delivery, subscriptions, hosting, and security. We have not sold personal information or shared it for cross-context behavioral advertising in the preceding twelve (12) months, and we do not intend to do so.
Your Rights
You may have the right to know whether we process your personal data, access your personal data, correct inaccuracies, request deletion, obtain a copy of personal data you previously shared with us, exercise your rights without discrimination, and opt out of processing for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
Depending on where you live, you may also have rights to access categories of personal data being processed, obtain lists of categories or specific third parties to which we disclosed personal data, obtain a list of third parties to which we sold personal data, review and correct certain profiling, limit use and disclosure of sensitive personal data, or opt out of collection of sensitive data and personal data collected through voice or facial recognition features.
How to Exercise Your Rights
To exercise these rights, you can contact us by emailing ibrg43@gmail.com or by referring to the contact details at the bottom of this document. Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof of valid authorization.
Request Verification and Appeals
Upon receiving your request, we will need to verify your identity to determine that you are the same person about whom we have information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request.
If we decline to take action regarding your request, you may appeal our decision by emailing ibrg43@gmail.com. We will inform you in writing of any action taken or not taken in response to the appeal. If your appeal is denied, you may submit a complaint to your state attorney general.
12. Children's Privacy
Voxelo is not directed to children under 13, or a higher minimum age where required by local law. We do not knowingly collect personal information from a child who is not legally permitted to provide it. If you believe a child has provided personal information without appropriate authorization, contact us so we can investigate and delete it where required.
13. Do We Make Updates to This Notice?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
14. How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at ibrg43@gmail.com or contact us by post at:
Sovera LabsTekirdag
Tekirdag Corlu
Corlu, Tekirdag 59000
Turkey
15. How Can You Review, Update, or Delete the Data We Collect From You?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.
To request to review, update, or delete your personal information, please contact us at ibrg43@gmail.com or visit our Account and Data Deletion page.