Voice Of Self Privacy Policy

Effective Date: 2026-05-17
Version: 1.2.10

This Privacy Policy explains how Voice Of Self (also referred to in some parts of the product as “Closure”) processes personal information when you use the Voice Of Self iOS app, the public website, support channels, and other services that link to this policy.

Voice Of Self is provided by Aleksander Jałtuszyk (“Developer”, “we”, “us”, or “our”).

Contact:

• Email: alekgameshelp2@gmail.com
• Telephone: +48 73 2099027
• Mailing address: Aleksander Jałtuszyk, Skrytka Pocztowa 59, UP Warszawa 93, 02-800, Warszawa
• Support page: https://voiceofself.life/support/
• Country: Poland

Summary Of Key Points

• Voice Of Self is a local-first reflection app. Most journal content is stored on your device by default.
• Local app data can also be copied into export files, Files/iCloud locations, or device backups if you create or enable them.
• In limited developer/testing configurations, optional diagnostic capture of AI interactions may be available to help investigate failures. These diagnostics are intended for temporary troubleshooting and are not intended to be persisted as backend account records.
• If you use account, subscription, managed AI, live-question, or support features, some information leaves your device so those features can work.
• Journal content may include sensitive topics such as health, religion, philosophical beliefs, political opinions, sexual orientation, race, or other personal information you choose to speak or write.
• Our backend is designed not to retain raw audio, transcript text, or AI output as persistent backend account records for managed AI requests. We do retain limited account, subscription, security, diagnostic, and usage/accounting metadata such as token counts, workflow labels, timestamps, processing duration, and derived cost.
• If you use your own provider API key, requests go directly from your device to that provider, and that provider’s policy governs its handling of the data.
• Apple handles billing, RevenueCat handles subscription syncing, Firebase / Google handles authentication and backend infrastructure, and GitHub Pages hosts the public site.
• If you grant notification permission, the app may schedule local device reminders, including reminders before an account-mode free trial ends or before a paid App Store subscription period ends. These reminders are generated on your device.
• If you use the in-app support or issue-report flow, the email draft may include recent app logs plus device, app-version, and error details that you choose to send.
• We do not sell personal data, and we do not use your personal content to train our own models.
• Voice Of Self is not an ad-supported app. We do not display third-party ads, sponsored placements, or ad-network content inside the Voice Of Self app.
• We may advertise Voice Of Self by buying ads on services such as Meta, Instagram, TikTok, Apple Search Ads, Google, or similar platforms. Those platforms process ad interactions under their own policies.
• Buying ads does not mean we send your journal content, audio, transcripts, AI outputs, support-message text, or account email address to ad platforms.
• We do not currently use Meta Pixel, TikTok Pixel, Google advertising tags, third-party advertising SDKs, server-side conversion APIs, custom audience uploads, or similar ad-tracking or retargeting tools in the Voice Of Self app or website.
• If we later add an advertising pixel, app event SDK, server-side conversion API, custom audience upload, or similar measurement tool, we will update this policy and use required consent or choice controls before activating that tool.
• Depending on where you live, you may have rights to access, correct, delete, or object to some processing. Most local journal content remains under your direct control on your device.

Table Of Contents

1. What information do we collect?
2. How do we process your information?
3. What legal bases do we rely on to process your personal information?
4. When and with whom do we share your personal information?
5. Do we offer artificial intelligence-based products?
6. How do we handle sign-in and social login features?
7. Is your information transferred internationally?
8. How long do we keep your information?
9. How do we keep your information safe?
10. What are your privacy rights?
11. Advertising, tracking, and campaign measurement
12. Controls for Do Not Track features
13. Do United States residents have specific privacy rights?
14. Do we make updates to this policy?
15. How can you contact us about this policy?
16. How can you review, update, or delete data?

1. What Information Do We Collect?

1.1 Information stored on your device

Voice Of Self is designed so most journal content stays local unless you choose features that require off-device processing. The app may store the following on your device:

• Audio recordings
• Transcripts
• AI-generated reflections, summaries, notes, relics, milestones, closing messages, and related metadata
• Safety-status, repair, and related processing metadata tied to your entries
• App settings, reminder preferences, and other preferences
• Custom provider API keys you choose to store locally in the iOS Keychain
• Local export and import files you create or use

Depending on your Apple or device settings, local app data may also appear in device backups, Finder/iTunes backups, iCloud backups, or other storage locations you choose when exporting or sharing files.

1.2 Account and sign-in information

If you create or use an account, we may process:

• Your email address
• Your Firebase Authentication user ID
• Authentication and session data for email/password sign-in
• Sign-in method data from Google Sign-In or Sign in with Apple
• Limited profile data returned by the provider, such as your email address, stable provider identifier, and, in the case of Sign in with Apple, your name if Apple provides it during the sign-in flow

1.3 Subscription, access, and backend usage records

If you use account mode or paid features, we may process backend-linked records such as:

• Subscription and entitlement status managed through Apple and RevenueCat
• RevenueCat customer and event records synced into our backend
• Manual entitlement overrides or extra usage grants if we apply them to your account
• Usage and accounting records tied to your account, such as token counts, input/output token splits, workflow labels, total calls, timestamps, processing duration, pricing metadata, and derived cost
• Aggregate usage summaries for billing-period, day-level, or app-level operational tracking

Our backend usage and accounting records are intended to track access, limits, cost, fraud prevention, and service operations. They are not intended to store raw transcript text, raw audio, or AI response content as account records.

1.4 Website support and contact submissions

If you contact us through support or email channels, we may process:

• Your email address
• Your name or nickname if you provide one
• Your message or optional notes
• Basic submission metadata such as the submission time or source page
• If you use the app’s issue-report flow, device model, iOS version, app version, timestamps, recent diagnostic logs, popup text, raw error text, analysis-step context, and similar troubleshooting details included in the drafted email

Support or direct contact emails may be processed through your email provider and ours. Please avoid sending more personal information than needed when contacting support.

1.5 Sensitive information

Your journal content may contain sensitive personal information if you choose to include it. This may include information about:

• Health or mental-health-related topics
• Religious or philosophical beliefs
• Political opinions
• Race or ethnic origin
• Sex life or sexual orientation
• Other sensitive topics voluntarily included in recordings, transcripts, notes, support messages, or AI-generated reflections

We do not ask you to create a separate sensitive-profile record for our backend. Instead, sensitive information may appear inside the content you create in the app or send to us. Most of that content stays on your device by default. If you use AI-connected features, exports, backups, or support flows, relevant content may also be processed or copied where those features require.

1.6 Payment information

Paid subscriptions are sold through Apple’s in-app purchase system. Apple handles payment card or billing instrument details. We may receive limited subscription and transaction status information from Apple or RevenueCat, such as product identifiers, entitlement status, renewal state, and related timestamps, but we do not receive or store your full payment card number.

The app may use subscription status already available to it to schedule a local device reminder about 24 hours before an account-mode free trial ends or before a paid App Store subscription period ends. This reminder uses the app’s existing notification permission, is generated on your device, and does not add new backend data collection, retention, deletion, or third-party sharing.

1.7 Information processed automatically

When you use the website, sign in, call backend features, or use subscription or AI-connected services, we and our service providers may automatically process limited technical information such as:

• IP address
• Request timestamps
• Device, browser, OS, or app-version metadata
• Authentication and session metadata
• App Check, App Attest, DeviceCheck, or similar integrity / access-control signals
• Request identifiers, status codes, model/workflow labels, and similar service-operation diagnostics
• Standard server, security, fraud-prevention, and diagnostic log data
• Advertising and campaign information if you interact with our ads or campaign links, such as ad click metadata processed by the ad platform, referral source, campaign parameters, landing-page request metadata, and aggregated campaign reports from ad platforms

If you use the app, it may also request access to features such as:

• Your microphone
• Speech recognition or transcription-related capabilities
• Local storage used for recordings, exports, imports, and app data
• Notifications, so the app can schedule local reminders and local processing-status notifications, including reminders about an account-mode free trial or paid App Store subscription period ending when notification permission is available, even if you have not enabled a daily reminder feature

You can control device permissions in iOS Settings.

1.8 Information from other sources

We do not buy personal data from data brokers, public databases, or marketing partners.

We may receive limited information from third parties that help us deliver the service, including:

• Google or Apple sign-in providers
• Apple App Store billing systems
• RevenueCat subscription systems
• Website hosting or email providers

1.9 Children

Voice Of Self is not intended for children under 16, and we do not knowingly seek to collect personal data from children under 16. If you believe a child under 16 has provided personal information through the app or support channels, contact us and we will investigate and, where appropriate, delete the information.

2. How Do We Process Your Information?

We may process personal information to:

• Provide the app, website, and support channels
• Authenticate users and secure accounts
• Provide managed AI-assisted reflections, summaries, live questions, and related features
• Route managed requests to the configured AI provider and enforce account usage limits so the service stays financially and operationally viable
• Sync subscription state and entitlement access
• Track token usage, pricing, and derived cost for account-mode billing, budgeting, rate-limiting, or abuse prevention
• Maintain app integrity, backend security, fraud prevention, and operational reliability
• Prepare issue-report and troubleshooting support emails with technical context if you choose to use those flows
• Apply safety checks and limit, defer, or block some AI features when content appears to present safety or policy risks
• Respond to support requests
• Measure, understand, and improve our own advertising campaigns where lawful, using the limited campaign measurement practices described in Section 11
• Send account, billing, security, safety, legal, or policy notices
• Comply with law, defend legal rights, and protect users or the service

We do not sell personal data. We do not use your registered email address for optional marketing or giveaway campaigns without a separate consent flow.

3. What Legal Bases Do We Rely On To Process Your Personal Information?

If you are in the EEA, UK, Switzerland, or another jurisdiction that requires us to identify a legal basis, we generally rely on one or more of the following:

• Contract or steps at your request: to create your account, provide the app, manage subscriptions, deliver support, and fulfill features you ask us to run
• Consent: where you choose to use certain optional features, provide sensitive content, or otherwise authorize processing that depends on consent
• Legitimate interests: to secure the service, prevent abuse, manage cost, enforce usage limits, troubleshoot incidents, and improve reliability without overriding your rights
• Legal obligations: to comply with tax, accounting, fraud, consumer, safety, or other legal requirements
• Vital interests: where needed to protect someone’s safety

Where sensitive personal information is processed, we rely on your actions, instructions, consent, or other grounds permitted by applicable law.

4. When And With Whom Do We Share Your Personal Information?

We may share information with service providers or infrastructure partners when needed to operate the service. Categories include:

• Firebase / Google for authentication, backend functions, infrastructure, and App Check related protection
• Google Vertex AI / Gemini and Groq for managed account-mode AI processing
• Apple for Sign in with Apple, App Store billing, DeviceCheck / App Attest, and transcription-related services when Apple services are used
• RevenueCat for subscription syncing and entitlement management
• GitHub Pages / GitHub for website hosting
• Your selected custom AI provider when you choose to use your own API key, including OpenAI, Google AI Studio, Vertex AI, or Anthropic
• Other apps, Files locations, or storage providers you choose if you export or share a .vos backup file
• Email providers involved in delivering or receiving support or direct contact email
• Advertising platforms when they show or measure Voice Of Self ads on their own platforms and provide campaign reports
• Future advertising measurement providers only if the relevant pixel, SDK, conversion API, custom audience, or similar tool is added with required notice and compliance controls before activation

We may also disclose personal information when reasonably necessary to:

• Comply with law, court orders, or valid legal requests
• Protect the rights, safety, or property of users, us, or others
• Investigate fraud, abuse, or security incidents
• Complete a merger, sale, financing, acquisition, or similar business transfer

We do not sell personal data, and we do not share personal data for cross-context behavioral advertising.

5. Do We Offer Artificial Intelligence-Based Products?

Yes. Voice Of Self includes AI-assisted features such as:

• Transcription-related processing
• Structured summaries and reflections
• Memory-like updates and milestone or relic generation
• Live questions during or after reflection
• Text analysis and related insight generation

5.1 Managed account-mode AI

If you use account mode, content needed to fulfill the request may pass through our Firebase backend to the managed AI provider selected by our backend configuration for that workflow, such as Google Vertex AI / Gemini or Groq. This may include transcript text and, in some flows, live transcript excerpts while a recording session is still in progress.

Our systems are designed so raw audio, raw transcript text, and AI output are not stored as persistent backend account records after the request is fulfilled. We do, however, retain limited security, subscription, diagnostic, and usage/accounting metadata such as token counts, workflow labels, timestamps, processing duration, and derived cost. Transient handling, provider-side processing, retries, abuse/security tooling, and short-lived logs or caches may still occur as part of ordinary service operation. Where a managed provider offers privacy or retention controls, such as reduced or disabled retention settings, we may enable those operational controls, but third-party provider handling is still governed by that provider’s service, privacy, and infrastructure terms.

5.2 Custom-provider mode

If you use your own API key and select a custom provider, content is sent directly from your device to that provider. We do not control how that provider processes or retains the data. Review that provider’s own policies before using the feature.

5.3 On-device and Apple-assisted processing

Depending on the feature and your device capability:

• Transcription may run on-device or with Apple speech / transcription services.
• Live-question AI normally uses the provider route you selected in the app, such as managed account mode or your custom provider.
• If Apple Intelligence is enabled in app settings and available on your device, live-question requests may retry on-device as a fallback after the selected provider fails.

5.4 How to limit or avoid AI processing

You can reduce or avoid off-device AI processing by:

• Staying in local-only mode instead of account mode
• Avoiding live questions or other AI-connected features
• Managing or deleting your custom provider settings
• Deleting local journal content or your backend-linked account where applicable

We do not use your personal content to train our own models. Third-party AI providers process data under their own API terms, privacy policies, and service settings.

6. How Do We Handle Sign-In And Social Login Features?

Voice Of Self currently supports:

• Email and password
• Google Sign-In
• Sign in with Apple

If you use Google or Apple sign-in, we receive only the limited account information needed to authenticate and operate your account. We do not currently support Facebook, X, or other general social-media login systems.

Third-party sign-in providers control their own processing of your data under their own policies.

7. Is Your Information Transferred Internationally?

Yes. Depending on the feature you use and the provider involved, your information may be processed in countries other than your own, including the United States, European regions used by Google infrastructure, and other regions where our service providers operate. If you use custom-provider mode or export/share files, transfer and storage locations also depend on the providers, apps, and storage destinations you choose.

If you are in the EEA, UK, or Switzerland, these countries may not always have privacy laws identical to those in your jurisdiction. Where applicable, we rely on the safeguards, contractual commitments, or transfer mechanisms offered by our service providers under their terms and data-processing commitments.

8. How Long Do We Keep Your Information?

We keep personal information for as long as reasonably necessary for the purposes described in this policy, unless a longer period is required by law.

8.1 Local data

Local journal data remains on your device until you delete it, remove the app, or otherwise clear it yourself. Copies may also remain in exported .vos files, Files/iCloud locations, email drafts, sent-mail folders, or device backups until you delete those copies too.

8.2 Recordings

Recordings may be retained locally for playback, transcript repair, or re-transcription.

• If Keep Recordings is enabled, recordings may remain until you delete them.
• If Keep Recordings is disabled, recordings are intended to be removed after they are no longer needed, generally around 24 hours later, although removal may be delayed if the recording is still needed for transcript completion, transcript repair, or until the cleanup routine next runs.

8.3 Backend-linked account data

Backend-linked records may remain until you delete your account, ask us to delete applicable data, or we remove the records for support, fraud, moderation, security, or legal reasons. These records may include:

• Firebase Authentication account records
• RevenueCat customer and event records synced to our backend
• customers/{uid} profile records
• Manual entitlement overrides
• Extra usage grants
• Usage aggregates and usage-event records tied to your account
• User-owned Cloud Storage objects stored under your user prefix

8.4 Diagnostic, security, and deletion-request records

Operational, security, anti-abuse, troubleshooting, and deletion-request records may persist for as long as reasonably necessary to detect incidents, debug failures, enforce limits, document requests, and satisfy legal or compliance obligations. These records are intended to be limited in content and are not intended as a journal archive, but they may contain identifiers, timestamps, request metadata, error messages, file paths, or other technical context.

8.5 Raw managed-AI content

For managed account-mode AI requests, our backend is designed not to retain raw audio, transcript text, or AI response content as persistent backend account records after fulfilling the request. Limited transient processing, in-memory handling, provider-side processing, retries, or short-lived system-level logs or caches may still occur as part of ordinary service operation.

8.6 Support data

Support submissions may remain until we no longer need them for support follow-up, service-related replies, or legal/business recordkeeping, unless you ask us to delete them sooner and we are not legally required to keep them.

9. How Do We Keep Your Information Safe?

We use commercially reasonable technical and organizational measures, including where applicable:

• iOS file protection for local app-managed files
• Local app data stored inside the app sandbox with platform-level file protection
• Keychain storage for locally stored custom provider API keys
• TLS for network transport
• Firebase App Check and related access-control or app-integrity protections on backend traffic
• Data-minimization practices intended to avoid storing raw journal content on our backend when it is not needed as a persistent record

No system can guarantee absolute security. Local-first storage reduces exposure, but it does not eliminate risk if your unlocked device, exported files, backups, email account, or third-party provider accounts are compromised.

10. What Are Your Privacy Rights?

Depending on where you live, you may have rights to:

• Access personal information we hold about you
• Correct inaccurate personal information
• Request deletion of personal information
• Object to or restrict some processing
• Withdraw consent where processing depends on consent
• Receive a portable copy of some data where applicable
• Ask about automated decision-making and request human review where applicable law grants that right

Because most journal content is stored locally on your device, you already control much of that data directly. For backend-linked account data or support-request data, contact us using the details below.

We do not currently use solely automated decision-making to make legal or similarly significant decisions about you in the sense used by privacy law. However, automatic entitlement, rate-limit, integrity, and safety checks may still enable, disable, delay, or block some app features.

If you are in the EEA, UK, Switzerland, Canada, or another jurisdiction that grants it, you may also have the right to complain to your local privacy or data protection regulator.

If processing depends on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal or processing based on another lawful basis.

11. Advertising, Tracking, And Campaign Measurement

Voice Of Self may be promoted through paid or organic campaigns on third-party platforms such as Meta, Instagram, TikTok, Apple Search Ads, Google, or similar services. We may choose campaign settings inside those platforms, such as region, language, placement, keyword, interest, app-category, campaign objective, budget, schedule, creative, and similar platform-provided targeting or optimization settings, where lawful.

For clarity, advertising Voice Of Self on external platforms is different from showing ads inside the app. Voice Of Self is not an ad-supported app: we do not display third-party ads, sponsored placements, ad-network content, or paid promotions inside the Voice Of Self app.

If you see, click, view, save, share, comment on, install from, or otherwise interact with a Voice Of Self ad on one of those platforms, the platform may process information about that interaction under its own terms and privacy policy. We may receive campaign reports from those platforms, such as impressions, clicks, installs, video views, engagement, spend, and other aggregated or campaign-level performance information.

We may use non-sensitive campaign links or parameters, such as UTM parameters, referral source, landing-page path, and aggregated platform reports, to understand whether a campaign is working. Website hosting, browser, and security systems may also receive ordinary request metadata such as IP address, user agent, request time, and the page requested.

Today, the Voice Of Self app and website do not include Meta Pixel, TikTok Pixel, Google advertising tags, third-party ad SDKs, server-side conversion APIs, or similar ad-tracking code. We do not currently upload customer lists, account email addresses, support email addresses, device advertising identifiers, app activity, website activity, journal text, raw audio, transcripts, AI outputs, or similar user data to ad platforms for custom audiences, lookalike audiences, retargeting, attribution, or conversion measurement.

If we later add a website pixel, app event SDK, server-side conversion API, custom audience upload, retargeting audience, lookalike audience, or similar advertising measurement tool, we will treat that as a material advertising-data practice. Before activating that tool, we will update this policy and App Store privacy disclosures, use legally required cookie or tracking consent controls, and comply with Apple App Tracking Transparency where the iOS app tracks users across other companies’ apps or websites.

We will not intentionally send journal text, raw audio, transcripts, AI outputs, live-question content, support-message text, children’s data, or other sensitive app content to Meta, TikTok, Google, Apple Search Ads, or similar ad platforms for targeting or campaign measurement. We also will not upload support lists or account email addresses for custom-audience advertising unless we have a lawful basis, required notice, and any required consent.

12. Controls For Do Not Track Features

Some browsers offer a Do Not Track (“DNT”) setting. Because there is no consistent industry standard for recognizing and enforcing DNT signals, we do not currently respond to them.

13. Do United States Residents Have Specific Privacy Rights?

If you live in a US state with a privacy law that applies to us, you may have rights to know, access, correct, delete, or obtain a copy of certain personal information, and to opt out of some kinds of processing where applicable.

13.1 Categories of personal information we may process

Depending on how you use the service, we may process categories such as:

• Identifiers, such as email address, Firebase user ID, provider identifiers, and IP address
• Customer-record information, such as contact details and support submissions
• Commercial information, such as subscription status, entitlements, and purchase-related metadata
• Internet or network activity information, such as request metadata, app version, device/browser characteristics, and security logs
• Audio or electronic information, such as recordings, transcripts, AI outputs, and related content created through the app
• Inferences or derived records, such as summaries, reflections, milestones, relics, and other structured outputs generated from your content
• Sensitive personal information, to the extent you choose to include it in recordings, transcripts, support messages, or related content

Audio recordings may contain your voice, but we do not use those recordings to create biometric identity templates or voiceprints for identity verification.

13.2 Sale, sharing, and sensitive information

We do not sell personal data. We do not currently share personal data from our app or website for targeted or cross-context behavioral advertising. We use sensitive personal information only as needed to provide the service, secure it, comply with law, or for other purposes permitted by applicable law.

If we add a practice that qualifies as sale, sharing, targeted advertising, or cross-context behavioral advertising under an applicable law, we will provide the legally required notice and opt-out or consent mechanism.

13.3 Exercising your rights

To exercise applicable rights, contact us using the details in Section 15.

13.4 Verification, authorized agents, and appeals

We may ask for information needed to verify your identity before responding to an access, correction, deletion, or similar privacy-rights request. Where applicable law allows, you may use an authorized agent to submit a request on your behalf, and we may ask for proof of that authorization.

If we deny a request and applicable law gives you an appeal right, you may appeal by emailing alekgameshelp2@gmail.com or by using the other contact details in Section 15.

We do not currently disclose personal information to third parties for their own direct-marketing purposes.

14. Do We Make Updates To This Policy?

Yes. We may update this Privacy Policy from time to time. The current version and effective date are published in the hosted legal manifest and surfaced in the app when a new acceptance is required.

15. How Can You Contact Us About This Policy?

If you have questions or comments about this Privacy Policy, you may contact us at:

• Email: alekgameshelp2@gmail.com
• Telephone: +48 73 2099027
• Mailing address: Aleksander Jałtuszyk, Skrytka Pocztowa 59, UP Warszawa 93, 02-800, Warszawa
• Support page: https://voiceofself.life/support/
• Country: Poland

16. How Can You Review, Update, Or Delete Data?

16.1 Local app data

You can delete local journals, transcripts, recordings, exports, and related content directly on your device. Standard .vos exports can include transcripts, episodes, AI notes, relics, and optionally settings, but do not normally include custom provider API keys stored in the iOS Keychain. Removing the app may remove some local app data, but it may not remove copies in export files, Files/iCloud locations, email drafts, sent-mail folders, or device backups.

16.2 Backend-linked account data

The app includes an in-app delete-account flow. When completed, it is intended to remove:

• Your Firebase Authentication account
• Your RevenueCat customer record associated with your app user ID
• Backend-linked account records such as customers/{uid}
• RevenueCat extension event records associated with your user
• Manual entitlement overrides
• Extra usage grants
• Usage records and usage-event records tied to your account
• Any user-owned Cloud Storage objects stored under your user prefix, if such objects exist

If a backend, storage, or provider deletion step cannot be completed after retrying, the app may leave your sign-in account in place, tell you which cleanup steps still need a retry, and let you try the delete-account flow again later instead of silently finalizing account removal while cleanup is still incomplete.

Deleting your account does not remove journals, transcripts, recordings, or other content that already exists only on your device. Deleting your account also does not automatically cancel an App Store subscription, and it does not necessarily remove transaction records, provider-side logs, or legally required records kept by Apple, RevenueCat, Google, email providers, or other third parties under their own obligations.

16.3 Support data

To request review, correction, or deletion of backend-linked data or support-request data, contact us using the details in Section 15. If you contacted us by email, you may also need to delete copies from your own mailbox, sent-mail folder, or other email systems you used.