Privacy Policy
Effective date: February 24, 2026
Last updated: February 24, 2026
1. Introduction
Vocalog ("we," "us," or "our") operates the Vocalog web application at app.vocalog.io and the Vocalog iOS application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By creating an account or using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you create an account we collect your email address and a hashed password. We do not store your password in plain text.
2.2 Audio Recordings
When you use the recording feature, your device captures audio of your voice describing job-site activity. The audio file is transmitted to our servers for transcription and processing, then stored in encrypted cloud storage associated with your account.
2.3 Photos
If you capture photos during a recording session, those images are uploaded and stored in encrypted cloud storage associated with your account.
2.4 Generated Reports
Transcripts and AI-generated structured reports (including summaries, field notes, and property summaries) are stored in our database and linked to your account.
2.5 Payment Information
Subscription payments are processed by Stripe, Inc. We do not store your credit card number or full payment details on our servers. Stripe's use of your data is governed by the Stripe Privacy Policy.
2.6 Usage & Device Data
We may collect basic usage information such as pages visited, feature usage, browser type, operating system, and device identifiers to improve the Service. We do not use third-party tracking or advertising SDKs.
3. How We Use Your Information
- To provide, operate, and maintain the Service
- To transcribe your audio recordings into text using our transcription provider
- To generate structured reports from your transcripts using AI processing
- To store and organize your reports, recordings, and photos
- To process your subscription payments
- To communicate with you about your account, updates, or support requests
- To detect, prevent, and address technical issues or security threats
- To comply with legal obligations
4. Third-Party Service Providers
We share your data with the following third-party processors solely to provide the Service:
| Provider | Data Shared | Purpose |
|---|---|---|
| Deepgram | Audio recordings | Speech-to-text transcription |
| Anthropic | Transcripts, photos | AI report generation |
| Supabase | All stored data | Database & file storage |
| Stripe | Payment details | Subscription billing |
| Apple | App distribution data | iOS app distribution |
Important: Your data is not used to train AI models. Anthropic's commercial API terms prohibit using input and output data for model training. Deepgram processes audio in real time and does not retain recordings after transcription.
5. Audio & Voice Data
Your voice recordings are classified as sensitive personal information. We collect audio recordings only with your explicit consent, obtained when you create your account and again via your device's microphone permission prompt.
- Audio is transmitted via encrypted HTTPS connections
- Audio is stored in encrypted cloud storage (Supabase Storage)
- Audio is sent to Deepgram solely for transcription — they do not retain it
- We do not create voiceprints, perform speaker identification, or extract biometric identifiers from your audio
- You can delete your recordings at any time from the app
6. Data Retention
We retain your data for as long as your account is active. When you delete your account, we will delete your personal data, recordings, photos, and reports within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records retained for tax compliance).
You may delete individual reports, recordings, and photos at any time through the app.
7. Data Security
We implement industry-standard security measures including encrypted data transmission (TLS/HTTPS), encrypted storage at rest, row-level security policies on our database, and secure authentication via Supabase Auth. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data and account
- Portability: Request your data in a portable format
- Restriction: Request that we limit how we process your data
- Objection: Object to processing of your data
- Withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at privacy@vocalog.io. We will respond within 30 days (or sooner as required by applicable law).
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information we collect, use, and disclose
- Right to delete your personal information
- Right to opt out of the sale or sharing of personal information
- Right to non-discrimination for exercising your privacy rights
- Right to limit the use of sensitive personal information
We do not sell or share your personal information as defined by the CCPA/CPRA. We do not use your data for cross-context behavioral advertising.
10. International Data Transfers
Our Service is operated in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy.
11. Children's Privacy
The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@vocalog.io and we will delete it promptly.
12. Cookies
We use essential cookies and local storage to maintain your authentication session and preferences. We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify individual users.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date. For significant changes, we may also notify you via email or in-app notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us: