Data Privacy Policy for TellMe

1. Data Controller Information

Data Controller: Ferdinand Werner

Contact Email: ferdinand.werner@wonderfulmystical.com

Location: Germany

The Data Controller is responsible for ensuring your data is processed lawfully, fairly, and transparently.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual Necessity: To provide the App's core services you have requested (recording, transcription, storage)
• Legitimate Interests: To improve the App, ensure security, and provide technical support
• Consent: For optional features like AI-powered title generation
• Legal Obligation: To comply with applicable laws and regulations

3. Data Collection

3.1 Data You Provide

You provide the following data when using the App:

• Audio Recordings: Voice recordings you create using the App
• Transcripts: Text content generated from your audio recordings
• Metadata: Information associated with your recordings, such as titles and timestamps

3.2 Data Collected Automatically

The App may collect information about your device and operating system for technical purposes. If such information is stored only on your device, the App does not technically collect it.

4. Purpose of Data Processing

We process your data to:

• Provide the App's core functionality, including recording, transcription, and storage services
• Synchronize your recordings across your Apple devices
• Provide technical support and improve app performance
• Comply with legal obligations and protect our rights

5. Third-Party Services and Data Sharing

Your data is shared with the following third-party services to provide App functionality:

5.1 Apple Services

iCloud / iCloud Documents Container

• Purpose: Store and synchronize your recordings and metadata across your Apple devices
• Data Shared: All audio recordings, transcripts, metadata files, and titles
• Data Location: Apple's iCloud data centers (global, including outside EU)
• Privacy Policy: https://www.apple.com/legal/privacy/

Note: Data stored in iCloud Documents container is automatically synced across your devices signed in with the same Apple ID. You can disable iCloud sync in iOS Settings.

5.2 OpenAI API

• Data Location: OpenAI servers (United States)
• Privacy Policy: https://openai.com/privacy/

6. Data Storage

6.1 Primary Storage Location

Your recordings and metadata are stored in:

• iCloud Storage: Your audio recordings, transcripts, and metadata are stored securely in iCloud and automatically synced across all your Apple devices signed in with the same Apple ID. You can disable iCloud sync in iOS Settings if you prefer local-only storage.

6.2 Local Storage Fallback

If iCloud is unavailable or disabled:

• Recordings are stored locally on your device
• Data remains on your device only and does not sync across devices

6.3 Storage Organization

Recordings are organized and stored securely on your device or in iCloud. Each recording includes both the audio content and associated metadata, which are kept together to ensure proper functionality.

6.4 User Preferences

Onboarding completion status is stored locally on your device using system storage and is not synced or transmitted.

7. Data Retention

7.1 Your Recordings

• Retention Period: Your recordings and transcripts are retained until you delete them
• Deletion: You can delete recordings at any time through the App
• iCloud Deletion: When you delete a recording, it is removed from iCloud and all synced devices
• Permanent Deletion: Deleted recordings are permanently removed and cannot be recovered

7.2 Third-Party Data Retention

• OpenAI: Audio files and transcripts sent to OpenAI are processed but not stored long-term. See OpenAI's privacy policy for their specific data retention practices.
• Apple iCloud: Data stored in iCloud follows Apple's data retention policies. When you delete data from the App, it is removed from iCloud within Apple's standard deletion timeframe.

8. Your Rights

Under GDPR and applicable privacy laws, you have the following rights:

8.1 Right of Access

You have the right to access all personal data we hold about you, including:

• Your recordings and transcripts
• Recording metadata
• Any other data associated with your use of the App

8.2 Right to Rectification

You can edit and modify your recordings, transcripts, and titles at any time within the App.

8.3 Right to Erasure (Right to be Forgotten)

You can delete your recordings at any time through the App. Deletion removes:

• Audio files
• Transcripts
• Metadata
• All associated data from iCloud and your devices

8.4 Right to Data Portability

You can export your recordings and transcripts:

• Audio files can be accessed through the App or via iCloud
• Transcripts are stored as text within the App and can be copied or exported
• Metadata can be accessed through the App or via iCloud

8.5 Right to Restrict Processing

You can stop using features that process your data:

• Disable iCloud sync in iOS Settings to prevent cloud storage

8.6 Right to Object

You can object to processing of your data by:

• Deleting the App
• Disabling iCloud sync
• Not using features that require third-party processing

8.7 Right to Withdraw Consent

If processing is based on consent, you can withdraw consent by:

• Disabling optional features (e.g., AI title generation)
• Adjusting App settings to minimize data sharing

8.8 How to Exercise Your Rights

To exercise any of these rights, please:

1. Use the App's built-in features (delete recordings, edit content)
2. Adjust iOS Settings (disable iCloud sync)
3. Contact us using the contact information provided in Section 13

9. Data Security

9.1 Security Measures

We implement the following security measures to protect your data:

• Encryption: Data stored in iCloud is encrypted using Apple's encryption standards
• Secure Transmission: Data transmitted to OpenAI uses HTTPS encryption
• Access Control: Data is accessible only through the App on your authenticated devices
• Local Security: iOS security features protect data stored locally on your device

9.2 iCloud Security

Data stored in iCloud Documents container benefits from:

• End-to-end encryption (when enabled in your iCloud settings)
• Apple's security infrastructure
• Authentication via Apple ID

9.3 Third-Party Security

• OpenAI: Uses industry-standard security measures for API communications
• Apple: Follows Apple's security and privacy standards

10. International Data Transfers

10.1 Data Transfer Locations

Your data may be transferred to and stored in:

• Apple iCloud: Data centers worldwide (including outside the EU)
• OpenAI: Servers located in the United States

10.2 Safeguards

Appropriate safeguards are in place for international transfers:

• Apple iCloud: Apple provides appropriate safeguards for international data transfers. See Apple's privacy policy for details.
• OpenAI: OpenAI complies with applicable data protection laws and provides appropriate safeguards for international transfers.

10.3 Your Rights

You have the right to:

• Understand where your data is stored
• Restrict data transfers by disabling iCloud sync

11. Children's Privacy

The App is not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Effective Date" at the top of this policy
• We will create a new versioned document (e.g., 1.1.0.md)
• You will be prompted to review and accept the updated policy within the App
• Continued use of the App after changes indicates acceptance of the updated policy

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Data Controller: Ferdinand Werner
Email: ferdinand.werner@wonderfulmystical.com
Location: Germany

14. Supervisory Authority

If you are located in the EU and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. In Germany, this is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: https://www.bfdi.bund.de