Voicy
Get the Extension
Voicy
Get the Extension
Voicy
Get the Extension
Voicy
Get the Extension
Voicy Data Handling and Security Policy
Last Updated: 31/07/2025
Version: 1.3
1. Overview
This policy outlines how Voicy handles user data, implements security measures, and protects user privacy throughout the transcription process.
2. Data Collection and Processing
2.1 Audio Data
Collection: Audio is recorded locally on the user's device and transmitted securely to Voicy servers
Processing: Audio files are immediately forwarded to Groq.com, which hosts the open-source Whisper V3 transcription model
Retention: No audio recordings are stored by Voicy or Groq - all audio data is permanently deleted immediately after processing
Encryption: All audio data transmission is encrypted using industry-standard protocols
2.2 Transcribed Text Data
Processing: Transcribed text is generated by Groq's Whisper V3 model and returned to the user
Retention: No transcribed text is stored on Voicy servers or by Groq
Deletion: All transcribed content is immediately deleted after delivery to the user
2.3 User Account Information
Billing Data: Only email address and name are collected for billing purposes
Storage Location: User account data is stored locally on the user's device, not in centralized databases
Authentication: Auth tokens are stored locally on user devices for session management
No Database Storage: Voicy does not maintain a centralized user database
2.4 Analytics Data
Service: Anonymous usage analytics via Mixpanel
Data Type: Anonymized usage metrics and application performance data
User Control: Analytics collection can be disabled by users
Purpose: Product improvement and performance monitoring
3. Third-Party Services
3.1 Groq (Speech-to-Text Processing)
Service: Open-source Whisper V3 transcription model hosting
Data Shared: Encrypted audio files only
Retention Policy: Groq does not retain any user data or transcription information
Location: USA-based infrastructure
3.2 Mixpanel (Analytics)
Service: Anonymous usage analytics
Data Shared: Anonymized usage patterns and performance metrics
User Control: Can be opted out by users
Purpose: Product improvement and user experience optimization
4. Technical Security Measures
4.1 Encryption
Standard: TLS 1.3 for all data transmission
Coverage: All communications between user devices, Voicy servers, and third-party services
Implementation: Industry-standard encryption protocols protect data in transit
4.2 Rate Limiting
Protection: Prevents abuse and ensures service stability
Implementation: IP-based request limits and audio file size restrictions
Monitoring: Automated systems monitor for unusual usage patterns
4.3 Input Validation
Audio Files: Validation of file types, sizes, and formats before processing
Security Checks: Prevents malicious file uploads and system exploitation
Error Handling: Secure rejection of invalid or suspicious files
4.4 Authentication Security
Token Management: Secure authentication tokens with expiration periods
Local Storage: Tokens stored locally on user devices, not on servers
Session Security: Automatic token refresh and secure session management
4.5 Infrastructure Security
Environment Variables: API keys and sensitive configuration stored securely
Dependency Management: Regular security updates and vulnerability scanning
Monitoring: Continuous monitoring of system performance and security events
5. Data Infrastructure
5.1 Server Infrastructure
Platform: Heroku cloud hosting
Location: United States
Data Storage: No user data or transcriptions stored on servers
Purpose: Secure relay for encrypted data transmission only
5.2 Data Flow Architecture
Audio recorded locally on user device
Encrypted transmission to Voicy servers (Heroku, USA)
Immediate forwarding to Groq servers (USA) for transcription
Transcribed text returned to user
All data immediately deleted from all systems
6. Privacy and User Rights
6.1 Data Minimization
Principle: Only collect data necessary for service functionality
Implementation: No unnecessary user data collection or storage
Retention: Zero-retention policy for audio and transcription data
6.2 User Control
Analytics Opt-out: Users can disable Mixpanel analytics
Local Data Management: Users control locally stored account information
Service Transparency: Clear information about data processing and third-party services
6.3 Accessibility and Inclusion
Disability Support: 20% discount for users with disabilities affecting keyboard use
Inclusive Design: Accessibility features for users with various physical limitations
Privacy Protection: No collection of health or disability documentation
7. Global Compliance
7.1 International Data Transfers
Service Area: Global user base served worldwide
Data Processing: All processing occurs in USA-based infrastructure
Compliance: Adherence to international data protection standards
8. Security Incident Response
8.1 Incident Management
Detection: Continuous monitoring for security events
Response: Immediate investigation and containment procedures
Communication: Transparent communication with affected users when required
8.2 Business Continuity
Data Protection: Zero data loss risk due to no-storage policy
Service Recovery: Rapid service restoration procedures
User Impact: Minimal user impact due to distributed architecture
9. Policy Updates and Changes
9.1 Version Control
Updates: Regular review and updates to reflect service changes
User Notification: Clear communication of policy changes to users
Effective Date: Changes take effect upon publication with appropriate notice
9.2 Contact Information
Inquiries: Users can contact support for privacy-related questions
Transparency: Open communication about data handling practices
Feedback: User input welcomed on privacy and security matters
10. Technical Implementation Status
10.1 Current Security Measures
✅ TLS 1.3 encryption for all data transmission
✅ Immediate data deletion after processing
✅ Local-only user account storage
✅ Encrypted communication with third-party services
10.2 Enhanced Security Implementation
🔄 Advanced rate limiting and abuse prevention
🔄 Comprehensive input validation systems
🔄 Enhanced authentication token management
🔄 Expanded monitoring and security logging
11. Conclusion
This policy reflects our dedication to accessibility, privacy, and security while enabling users worldwide to benefit from voice-to-text technology without compromising their personal information or privacy.
For questions about this policy or Voicy's privacy practices, please contact us on kourosh@usevoicy.com
Voicy Data Handling and Security Policy
Last Updated: 31/07/2025
Version: 1.3
1. Overview
This policy outlines how Voicy handles user data, implements security measures, and protects user privacy throughout the transcription process.
2. Data Collection and Processing
2.1 Audio Data
Collection: Audio is recorded locally on the user's device and transmitted securely to Voicy servers
Processing: Audio files are immediately forwarded to Groq.com, which hosts the open-source Whisper V3 transcription model
Retention: No audio recordings are stored by Voicy or Groq - all audio data is permanently deleted immediately after processing
Encryption: All audio data transmission is encrypted using industry-standard protocols
2.2 Transcribed Text Data
Processing: Transcribed text is generated by Groq's Whisper V3 model and returned to the user
Retention: No transcribed text is stored on Voicy servers or by Groq
Deletion: All transcribed content is immediately deleted after delivery to the user
2.3 User Account Information
Billing Data: Only email address and name are collected for billing purposes
Storage Location: User account data is stored locally on the user's device, not in centralized databases
Authentication: Auth tokens are stored locally on user devices for session management
No Database Storage: Voicy does not maintain a centralized user database
2.4 Analytics Data
Service: Anonymous usage analytics via Mixpanel
Data Type: Anonymized usage metrics and application performance data
User Control: Analytics collection can be disabled by users
Purpose: Product improvement and performance monitoring
3. Third-Party Services
3.1 Groq (Speech-to-Text Processing)
Service: Open-source Whisper V3 transcription model hosting
Data Shared: Encrypted audio files only
Retention Policy: Groq does not retain any user data or transcription information
Location: USA-based infrastructure
3.2 Mixpanel (Analytics)
Service: Anonymous usage analytics
Data Shared: Anonymized usage patterns and performance metrics
User Control: Can be opted out by users
Purpose: Product improvement and user experience optimization
4. Technical Security Measures
4.1 Encryption
Standard: TLS 1.3 for all data transmission
Coverage: All communications between user devices, Voicy servers, and third-party services
Implementation: Industry-standard encryption protocols protect data in transit
4.2 Rate Limiting
Protection: Prevents abuse and ensures service stability
Implementation: IP-based request limits and audio file size restrictions
Monitoring: Automated systems monitor for unusual usage patterns
4.3 Input Validation
Audio Files: Validation of file types, sizes, and formats before processing
Security Checks: Prevents malicious file uploads and system exploitation
Error Handling: Secure rejection of invalid or suspicious files
4.4 Authentication Security
Token Management: Secure authentication tokens with expiration periods
Local Storage: Tokens stored locally on user devices, not on servers
Session Security: Automatic token refresh and secure session management
4.5 Infrastructure Security
Environment Variables: API keys and sensitive configuration stored securely
Dependency Management: Regular security updates and vulnerability scanning
Monitoring: Continuous monitoring of system performance and security events
5. Data Infrastructure
5.1 Server Infrastructure
Platform: Heroku cloud hosting
Location: United States
Data Storage: No user data or transcriptions stored on servers
Purpose: Secure relay for encrypted data transmission only
5.2 Data Flow Architecture
Audio recorded locally on user device
Encrypted transmission to Voicy servers (Heroku, USA)
Immediate forwarding to Groq servers (USA) for transcription
Transcribed text returned to user
All data immediately deleted from all systems
6. Privacy and User Rights
6.1 Data Minimization
Principle: Only collect data necessary for service functionality
Implementation: No unnecessary user data collection or storage
Retention: Zero-retention policy for audio and transcription data
6.2 User Control
Analytics Opt-out: Users can disable Mixpanel analytics
Local Data Management: Users control locally stored account information
Service Transparency: Clear information about data processing and third-party services
6.3 Accessibility and Inclusion
Disability Support: 20% discount for users with disabilities affecting keyboard use
Inclusive Design: Accessibility features for users with various physical limitations
Privacy Protection: No collection of health or disability documentation
7. Global Compliance
7.1 International Data Transfers
Service Area: Global user base served worldwide
Data Processing: All processing occurs in USA-based infrastructure
Compliance: Adherence to international data protection standards
8. Security Incident Response
8.1 Incident Management
Detection: Continuous monitoring for security events
Response: Immediate investigation and containment procedures
Communication: Transparent communication with affected users when required
8.2 Business Continuity
Data Protection: Zero data loss risk due to no-storage policy
Service Recovery: Rapid service restoration procedures
User Impact: Minimal user impact due to distributed architecture
9. Policy Updates and Changes
9.1 Version Control
Updates: Regular review and updates to reflect service changes
User Notification: Clear communication of policy changes to users
Effective Date: Changes take effect upon publication with appropriate notice
9.2 Contact Information
Inquiries: Users can contact support for privacy-related questions
Transparency: Open communication about data handling practices
Feedback: User input welcomed on privacy and security matters
10. Technical Implementation Status
10.1 Current Security Measures
✅ TLS 1.3 encryption for all data transmission
✅ Immediate data deletion after processing
✅ Local-only user account storage
✅ Encrypted communication with third-party services
10.2 Enhanced Security Implementation
🔄 Advanced rate limiting and abuse prevention
🔄 Comprehensive input validation systems
🔄 Enhanced authentication token management
🔄 Expanded monitoring and security logging
11. Conclusion
This policy reflects our dedication to accessibility, privacy, and security while enabling users worldwide to benefit from voice-to-text technology without compromising their personal information or privacy.
For questions about this policy or Voicy's privacy practices, please contact us on kourosh@usevoicy.com