Privacy Policy

1. Introduction

At SpokenWordAI ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice-powered applications and services.

Our core principle: We do not collect, store, or sell your personal data for commercial purposes.

2. Information We Do Not Collect

Unlike many technology companies, SpokenWordAI operates on a privacy-first principle. We do not:

• Collect personal data for advertising purposes
• Sell, rent, or share your personal information with third parties for commercial gain
• Track your behavior across websites or applications
• Store voice recordings beyond what is necessary for service functionality
• Create user profiles for marketing purposes
• Use cookies for tracking or advertising

3. Information We May Collect

We only collect information that is essential for providing our services:

3.1 Technical Information

• Device type and operating system version (for compatibility purposes)
• Application crash reports (anonymized and used only for bug fixes)
• Performance metrics (aggregated and non-identifiable)

3.2 Voice Data

• Voice commands processed locally on your device when possible
• Temporary voice data sent to HIPAA-compliant processing services when cloud processing is required
• Voice data is immediately deleted after processing and is never stored permanently

3.3 Communication Data

• Contact information when you reach out to us for support
• Feedback and inquiries you voluntarily provide

4. How We Use Information

Any information we collect is used solely for:

• Providing and improving our voice-powered applications
• Processing voice commands and delivering requested functionality
• Technical support and customer service
• Ensuring application security and preventing misuse
• Complying with legal obligations

5. HIPAA Compliance and Healthcare Data

When our applications are used in healthcare contexts, we maintain strict HIPAA compliance standards:

• All healthcare-related voice processing is conducted through HIPAA-compliant service providers
• Protected Health Information (PHI) is encrypted in transit and at rest
• Access to healthcare data is strictly limited and logged
• Business Associate Agreements (BAAs) are in place with all relevant service providers
• Regular security audits and compliance assessments are conducted

6. Data Security

We implement industry-standard security measures to protect your information:

• End-to-end encryption for sensitive data transmission
• Secure, encrypted storage systems
• Regular security audits and penetration testing
• Multi-factor authentication for internal access
• Employee training on data protection and privacy
• Incident response procedures for any security events

7. Third-Party Services

We carefully select third-party services that meet our high privacy and security standards:

• All third-party processors are HIPAA-compliant when handling healthcare data
• Data processing agreements are in place with all service providers
• Third parties are prohibited from using your data for their own purposes
• We regularly audit our third-party relationships

8. Data Retention

We follow a minimal data retention policy:

• Voice data is processed and immediately deleted
• Technical logs are retained for no more than 30 days
• Support communications are retained only as long as necessary
• Crash reports are anonymized and retained for up to 1 year for product improvement

9. Your Rights

You have the following rights regarding your personal information:

• Right to access any personal data we may have
• Right to correct inaccurate information
• Right to delete your personal data
• Right to restrict processing of your data
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

10. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it immediately.

11. International Data Transfers

If data needs to be transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Certification schemes where applicable

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification (if you have provided your email)
• In-app notifications for significant changes

Your continued use of our services after any changes constitutes acceptance of the updated policy.

13. Contact Us