MyDiary AI Voice Journal

Privacy Policy for MyDiary AI

Last Updated:22 August 2025

Table of Contents

Introduction

Our Commitment to Your Privacy

At MyDiaryAI ("we," "our," or "us"), privacy is not just a legal requirement—it's a core belief that drives everything we do. We understand that your voice journal contains your most personal thoughts, experiences, and emotions. Protecting this deeply intimate data is our highest priority and fundamental responsibility.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application MyDiaryAI (the "App") and related services. We believe in complete transparency about our data practices because your trust is essential to our mission.

Legal Compliance

This policy applies to all users of MyDiaryAI and complies with applicable privacy laws including:

  • General Data Protection Regulation (GDPR) for EU residents
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents
  • Google Play Developer Policy Requirements
  • UK Data Protection Act 2018 for UK residents

Company Information

Legal Entity: RemoteKaro LLC
Registered Address: 312 W 2nd St Unit #A1528, Casper, WY 82601
Data Controller: RemoteKaro LLC

Information We Collect

1. Account Information

When you create an account using Google Sign-In, we collect:

  • Google Account Data: Email address, name, profile picture (if provided)
  • Authentication Tokens: Secure tokens to verify your identity
  • Account Creation Date: When you first signed up
  • User ID: Unique identifier for your account

2. Voice and Audio Data (Sensitive Personal Information)

  • Voice Recordings: Audio files you record within the app (considered highly sensitive personal data)
  • Recording Metadata: Duration, timestamp, file size, audio quality settings
  • Audio Processing: Temporary audio data for transcription purposes

Special Protection: Voice recordings contain your most personal thoughts and are treated as sensitive personal information under GDPR Article 9, requiring explicit consent and enhanced protection measures.

3. Transcription and Text Data

  • Speech-to-Text Transcripts: Text converted from your voice recordings using ElevenLabs Speech-to-Text services
  • AI-Processed Content: Cleaned transcripts, generated headings, follow-up questions using OpenRouter APIs
  • Daily Suggestions: Personalized writing prompts based on your journal history

AI Provider Guarantee: Our AI processing partners (including OpenRouter, OpenAI and other services) are contractually bound to NOT use your personal data for training their models or any other purposes beyond providing transcription and analysis services to you.

4. Usage and Analytics Data

  • App Usage Statistics: Number of entries, total recording time, streak counts using our app
  • Technical Data: Device information, app version, crash reports using Firebase Crashlytics
  • Performance Data: App loading times, error logs (no personal content) using Firebase Crashlytics
  • Anonymous Analytics: Aggregated usage patterns that cannot identify individual users using Firebase Crashlytics

Privacy-First Analytics: We use privacy-focused analytics that do not track individual behavior or create user profiles for advertising. We also never ever sell any kind of ads either outside or inside our app.

5. Device Information

  • App Permissions: Microphone access for audio recording
  • Network Information: Connection status (for cloud sync)

6. Billing Information

  • Subscription Data: Plan type, billing cycle, subscription status
  • Payment Information: Processed through secure third-party providers (RevenueCat/Stripe)
  • Transaction History: Purchase receipts, renewal dates, refund records

How We Use Your Information

Primary Purposes

  • Core App Functionality: Enable voice recording, transcription, and journal management
  • AI Features: Generate cleaned transcripts, headings, and follow-up questions
  • Cloud Sync: Backup and synchronize your data across devices

Secondary Purposes

  • Customer Support: Respond to your inquiries and technical issues
  • App Improvement: Analyze anonymous usage patterns to enhance features
  • Security: Protect against fraud, abuse, and security threats
  • Legal Compliance: Meet legal obligations and enforce our terms

Google Sign-In Data Usage

We use Google Sign-In data solely for:

  • Authentication: Verifying your identity securely
  • Profile Information: Displaying your name, email, and profile picture in the app
  • Account Management: Linking your journal data to your Google account

We do NOT use Google data for:

  • Advertising or marketing purposes
  • Sharing with third parties for their own use
  • Any purpose beyond core app functionality

Data Processing and Storage

Local Storage

  • Primary Storage: Your voice recordings and transcripts are stored locally on your device
  • Encryption: Sensitive data is encrypted using industry-standard methods
  • App Sandbox: Data is protected within the app's secure storage area

Cloud Storage (Supabase)

  • Backup Purpose: Cloud storage for data recovery and device synchronization
  • Encryption: All data encrypted in transit and at rest

AI Processing

  • Transcription Services: Audio processed by secure speech-to-text services (ElevenLabs)
  • AI Enhancement: Text processed for cleaning and insight generation using OpenRouter, OpenAI and similar services
  • Data Minimization: Only necessary data sent for processing
  • No Model Training: AI providers are contractually prohibited from using your data for model training
  • Temporary Processing: AI services do not retain your data beyond processing completion
  • Processing Guarantees: All AI providers must delete your data immediately after processing
  • Encryption in Transit: All data sent to AI services is encrypted using TLS 1.3

Explicit AI Provider Commitments:

  • OpenAI: Does not use API data for model training (per their API Terms)
  • ElevenLabs: Processes audio only for transcription, no data retention
  • All providers: Bound by Data Processing Agreements (DPAs) with deletion requirements

Data Sharing and Disclosure

We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing for Service Provision

We may share data only in these specific circumstances:

Third-Party Service Providers

  • Supabase: Cloud database and storage services
  • Speech-to-Text Services: For audio transcription
  • AI Processing: For content enhancement and suggestions
  • Payment Processors: For subscription billing through RevenueCat and Google Play In-App Purcahses

All service providers are bound by strict data protection agreements.

Legal Requirements

We may disclose information when required by law, but we are committed to protecting your privacy:

  • Court Orders: Only when legally compelled by valid court orders
  • Government Requests: We will challenge overly broad or inappropriate government requests
  • Transparency: We will notify users of requests unless legally prohibited
  • User Safety: Only when necessary to protect user safety or prevent illegal activities
  • Minimal Disclosure: We provide only the minimum information legally required

Our Commitment: We will fight for your privacy rights and challenge any government or legal requests that we believe are excessive, inappropriate, or violate your fundamental privacy rights.

Data Transfers

  • International Transfers: Data may be processed in countries with adequate protection
  • Safeguards: Appropriate safeguards ensure data protection during transfers

Your Privacy Rights

Access and Control

  • Data Access: Request copies of your personal data
  • Data Portability: Export your journal data in standard formats
  • Account Management: Update or delete your account information

Data Deletion

  • Individual Entries: Delete specific voice recordings or journal entries
  • Complete Export: Download all your data before deletion
  • Account Deletion: Permanently delete your account and associated data

Regional Rights

GDPR Rights (EU and UK Users)

  • Right to Access: Request copies of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we process your personal data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Withdraw Consent: Withdraw consent for any processing based on consent
  • Right to Lodge Complaints: File complaints with supervisory authorities

Supervisory Authority Contacts:

  • EU Users: Your local Data Protection Authority
  • UK Users: Information Commissioner's Office (ICO) - https://ico.org.uk
  • Contact ICO: Phone: 0303 123 1113, Email: casework@ico.org.uk

CCPA Rights (California Users)

  • Right to Know: What personal information is collected
  • Right to Delete: Delete personal information
  • Right to Opt-Out: Opt-out of data sales (Note: We don't sell data)
  • Right to Non-Discrimination: Non-discrimination for exercising privacy rights

Data Security

Technical Safeguards

  • Encryption: AES-256 encryption for data at rest
  • Secure Transmission: TLS 1.3 for data in transit
  • Access Controls: Multi-factor authentication and role-based access
  • Regular Audits: Security assessments and vulnerability testing

Organizational Measures

  • Staff Training: Privacy and security training for all team members
  • Data Minimization: Collect only necessary information
  • Retention Limits: Automatic deletion of unnecessary data
  • Incident Response: Procedures for handling security breaches

Data Retention

Active Accounts

  • Journal Data: Retained as long as your account is active
  • Usage Analytics: Aggregated data retained for 2 year anonymously
  • Support Data: Customer service records kept for 3 years

Account Deletion

  • Immediate Removal: Personal identifiers removed immediately
  • Backup Deletion: Complete removal from backups within 30 days
  • Legal Holds: Data may be retained longer if required by law

Children's Privacy

MyDiaryAI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

Third-Party Services

Google Services

  • Google Sign-In: Authentication service governed by Google's Privacy Policy
  • Google Play Services: App distribution and updates
  • Limited Data Access: We only access essential profile information

Analytics and Crash Reporting

  • Usage Analytics: Anonymized data for app improvement using privacy-focused tools
  • No Tracking Cookies: We do not use cookies or browser tracking technologies
  • Minimal Analytics: Only essential usage statistics collected
  • Crash Reports: Technical information to fix bugs and improve stability
  • Third-Party Analytics: Limited use of privacy-compliant services (e.g., anonymous Firebase Analytics events)
  • Opt-Out: You can disable all analytics in app settings
  • No Cross-App Tracking: We do not track users across other apps or websites

International Data Transfers

We operate globally and may transfer data across borders to provide our services. All transfers include appropriate safeguards:

Transfer Mechanisms

  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contracts for international transfers
  • Data Processing Agreements: Comprehensive protection obligations for all recipients
  • Additional Safeguards: Technical and organizational measures beyond legal requirements

Specific Transfer Details

  • Supabase (Cloud Storage): Data centers in EU/UK regions with GDPR compliance
  • AI Processing: Temporary transfers to US-based providers with SCCs and immediate deletion
  • Payment Processing: Regional payment providers to minimize international transfers

Your Control

  • Data Residency Options: Choose preferred regions for data storage (where technically feasible)
  • Transfer Notifications: We will inform you of any new international transfers
  • Objection Rights: You can object to transfers to specific countries

Changes to This Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • User feedback and industry best practices

Notification of Changes

  • In-App Notifications: Important changes communicated within the app
  • Email Updates: Significant changes sent to registered users
  • Version History: Previous policy versions available upon request

Contact Information

Privacy Inquiries

For questions about this Privacy Policy or our data practices:

Privacy Email: remotekarollc@gmail.com
General Email: remotekarollc@gmail.com
Postal Address:
RemoteKaro LLC
312 W 2nd St Unit #A1528
Casper, WY 82601

Response Time: We respond to privacy inquiries within 30 days (1 month) as required by GDPR

Data Subject Requests

To exercise your privacy rights:

  • In-App: Use the "Profile" and "Export My Data" or "Delete My Account" options
  • Email: Send requests to remotekarollc@gmail.com
  • Required Information: Account email, specific request type, identity verification

Data Protection Officer

For GDPR and data protection inquiries:

  • Email: Send requests to remotekarollc@gmail.com
    • Role: Responsible for ensuring GDPR compliance and handling data protection concerns

    Supervisory Authorities

    If we cannot resolve your privacy concerns, you can contact:

    • UK Users: Information Commissioner's Office - https://ico.org.uk
    • EU Users: Your local Data Protection Authority
    • California Users: California Privacy Protection Agency - https://cppa.ca.gov

    Compliance and Certifications

    Industry Standards

    • SOC 2 Type II: Security and availability compliance (when applicable)
    • ISO 27001: Information security management
    • Privacy Shield: For US-EU data transfers (if applicable)

    Regular Audits

    We conduct regular privacy and security audits to ensure ongoing compliance with:

    • Google Play Developer Policies
    • Platform-specific privacy requirements
    • International privacy regulations
    • Industry best practices

    Google Play Developer Policy Compliance

    This app complies with Google Play Developer Policy requirements including:

    • Prominent Disclosure: Clear explanation of data collection and use
    • User Consent: Explicit consent for sensitive data access
    • Data Handling: Secure collection, use, and sharing practices
    • Children's Protection: Age-appropriate content and data practices