Privacy Policy
1. Introduction and scope
This Privacy Policy explains how personal data is processed when you use the Spoken Note mobile application for iOS (the "App") and the website at spokennote.app (the "Website"). It applies to all users of the App and visitors of the Website.
Spoken Note is designed to comply with the Swiss Federal Act on Data Protection (FADP), as revised and in force since 1 September 2023 ("revFADP"), and, where applicable, with Regulation (EU) 2016/679 (the "GDPR"). Where the two frameworks impose different requirements, we apply the standard that gives you the greater protection.
2. Data controller
The data controller responsible for the processing of your personal data is:
Federico Agosta (sole proprietor / ditta individuale)
[REGISTERED ADDRESS]
Switzerland
Email: privacy@spokennote.app
3. Categories of personal data we process
We process the following categories of personal data:
- Audio recordings — captured when you record a meeting or voice note. Audio is stored locally on your iPhone and is never transmitted to our servers or to any third party.
- Transcripts — text generated on-device from your recordings. Transcripts are stored locally on your iPhone and may be sent to a third-party AI processor when you use AI-powered features (summaries, decisions, action items, chat).
- Apple ID identifier — when you choose Sign in with Apple, the App receives a stable, privacy-preserving identifier and optionally an Apple-relay email address. This information is stored on your device and is not transmitted to a server operated by us.
- Apple subscription receipt — App Store purchase information used to verify your active subscription, including eligibility for the one-time complimentary demo summary. This is handled by Apple and validated as required.
- Technical metadata — minimal information necessary for the App to function, stored on your device (e.g. language preference, settings).
We do not collect analytics through third parties, do not use advertising identifiers (IDFA), and do not maintain tracking profiles of our users.
4. Purposes and legal bases
We process personal data for the following purposes and on the following legal bases:
- Providing the core App functionality (recording, on-device transcription, local storage of your notes) — performance of a contract under Art. 6(1)(b) GDPR; lawful processing under Art. 31(2)(a) revFADP.
- Generating AI summaries, decisions, action items and chat responses from transcripts you choose to process — performance of a contract under Art. 6(1)(b) GDPR; lawful processing under Art. 31(2)(a) revFADP.
- Managing your subscription, account and one-time demo entitlement — performance of a contract under Art. 6(1)(b) GDPR; lawful processing under Art. 31(2)(a) revFADP.
- Complying with legal obligations (e.g. tax, accounting) — Art. 6(1)(c) GDPR; Art. 31(1) revFADP (legal duty).
- Responding to your enquiries sent to our support or privacy addresses — legitimate interests under Art. 6(1)(f) GDPR; Art. 31(1) revFADP.
5. How your data flows
Spoken Note has been designed around a "local-first" architecture:
- Audio stays on your device. The raw audio of your recordings is never uploaded to our servers, to the AI processor, or to any other third party.
- Transcription runs on your device. Speech recognition uses NVIDIA Parakeet TDT v3 via the FluidAudio framework, executed locally on your iPhone. Speaker diarization is also performed on-device.
- Only transcript text leaves the device, and only when you request an AI-powered feature. The text is transmitted, encrypted in transit (TLS), to a third-party AI processor that returns summaries, decisions, action items and chat responses. The AI processor acts as our processor under a Data Processing Agreement (DPA) incorporating the European Commission's Standard Contractual Clauses (SCCs).
We do not sell your personal data and do not use it for advertising.
6. Sub-processors
We rely on a small number of carefully selected sub-processors:
- Apple Inc. — distribution of the App through the App Store, Sign in with Apple, subscription billing, and Apple Push Notification service.
- Hugging Face, Inc. — initial download of the open-source Parakeet transcription model when you first set up the App. No personal data is transmitted in connection with this download.
- Third-party AI processor — a third-party AI processor based in the United States, engaged under a data processing agreement with Standard Contractual Clauses, that processes transcript text only to generate summaries, decisions, action items and chat responses on our behalf.
An up-to-date list of sub-processors can be requested at any time at privacy@spokennote.app.
7. International data transfers
Transcript text processed by AI-powered features is transferred to a third-party AI processor whose servers are located in the United States. The United States is not covered by an adequacy decision of the Swiss Federal Council that applies to this processor, and may not be considered to provide an adequate level of protection within the meaning of Chapter V of the GDPR.
To safeguard your data, the transfer takes place under the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914), together with the Swiss addendum recognised by the Federal Data Protection and Information Commissioner (FDPIC), and is backed by a transfer impact assessment. Additional technical and contractual measures apply, including transport encryption and restrictions on data retention by the processor.
A copy of the relevant transfer mechanism can be requested at privacy@spokennote.app.
8. Data retention
Your recordings, transcripts and notes are stored on your iPhone for as long as you keep them. You remain in control:
- You can delete any individual note from inside the App.
- You can delete all data at once from Settings → Storage.
- Uninstalling the App removes all locally stored data.
Transcript text sent to the AI processor is processed transiently for the purpose of generating the requested output and is not retained by the processor for training or other secondary purposes, under our contractual arrangements.
Subscription and billing records held by Apple are retained by Apple in accordance with its own policies and applicable law. Correspondence sent to our support or privacy addresses is retained for as long as necessary to handle your request, and thereafter for the period required by applicable law.
9. Your rights
Under the revFADP and, where applicable, the GDPR, you have the following rights:
- Access — to obtain confirmation of whether we process personal data about you and, if so, a copy of that data.
- Rectification — to have inaccurate or incomplete personal data corrected.
- Erasure — to have your personal data deleted, subject to applicable legal limits.
- Portability — to receive your personal data in a structured, commonly used and machine-readable format, where technically feasible.
- Objection — to object to processing carried out on the basis of legitimate interests.
- Restriction — to obtain a restriction of processing in certain circumstances.
- Withdrawal of consent — where processing is based on consent, to withdraw that consent at any time without affecting prior lawful processing.
- Complaint — to lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). In the EU, this is the data protection authority of your country of residence, place of work or place of the alleged infringement.
To exercise any of these rights, please write to privacy@spokennote.app. We will respond within the timeframes set by applicable law.
10. Security measures
We apply technical and organisational measures appropriate to the risks of the processing, including:
- On-device processing of audio and transcription by default.
- Storage of sensitive items (such as authentication tokens) in the iOS Keychain.
- Encryption in transit (TLS) for all network traffic between the App and the AI processor.
- Minimisation of data sent off-device — only transcript text required to deliver the requested feature is transmitted.
- Contractual security and confidentiality obligations on all sub-processors.
11. Children
Spoken Note is intended for use by professionals and is not directed to children under the age of 16. We do not knowingly process personal data of children under 16. If you believe that a child has provided us with personal data, please contact privacy@spokennote.app and we will take appropriate action.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the App, in our processing activities or in applicable law. The current version is always available at spokennote.app/privacy.html. Material changes will be communicated through the App or through a notice on the Website. Continued use of the App after such changes constitutes acceptance of the updated policy.
13. Contact
For any question, request or complaint relating to this Privacy Policy or to the processing of your personal data, please write to:
14. Version and effective date
Version 1.0 · Effective: Coming soon