Last updated: 12-05-2026
AJ Software Innovation B.V. · Groenendaalkade 1, 2103AA, Heemstede · Netherlands
At Spoken Diary, privacy is not a compliance checkbox — it is a product requirement. Your diary entries, voice recordings, and family photos are among the most personal data you will ever share with any service. This Privacy Policy explains precisely what we collect, why we collect it, who we share it with, and what rights you have over it.
This policy is written to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening Gegevensbescherming, “UAVG”), and other applicable Dutch and EU law.
Data controller:
AJ Software Innovation B.V.
Groenendaalkade 1, 2103AA, Heemstede, Netherlands
Chamber of Commerce (KvK): 42003203
VAT: NL869236568B01
Privacy contact: [email protected]
We only collect data that is necessary to provide the Services. Below is a complete account of what we collect, the legal basis under GDPR Article 6 (and Article 9 where special categories are involved), and the purpose.
What: Email address, chosen display name, password (stored as a one-way hash), account creation date, subscription tier, preferred language.
Why: To create and manage your account and deliver the Services.
Legal basis: Performance of a contract (Article 6(1)(b)).
What: Audio files you record or send via the app or messaging integrations (WhatsApp, Telegram). These may contain your voice, background sounds, and the voices of others present when you record.
Why: To transcribe your recordings into text and generate diary entries.
Legal basis: Performance of a contract (Article 6(1)(b)). Where recordings contain health information, emotional content, or other special-category data as defined by Article 9 GDPR, we rely on your explicit consent, granted at sign-up, to process that content for the purpose of providing the Services.
Retention: For the duration of your account, plus 30 days after closure.
What: The text produced by transcribing your recordings, and the rewritten, formatted diary entries produced by our AI pipeline.
Why: To display, store, and — where you order a printed book — print your diary entries.
Legal basis: Performance of a contract (Article 6(1)(b)).
Retention: For the duration of your account, plus 30 days after closure.
What: Photos you upload through the app or send via messaging integrations. These may include images of children and other individuals.
Why: To include in your diary entries and printed books, and to enable AI-assisted photo selection and layout.
Legal basis: Performance of a contract (Article 6(1)(b)). Photos of identifiable individuals, including children, may constitute biometric or sensitive data depending on context; we rely on your explicit consent for any processing beyond strict service delivery.
Retention: For the duration of your account, plus 30 days after closure.
What: Subscription tier, billing date, payment status. We do not store full payment card details — these are handled directly by our payment processor.
Why: To manage your subscription, process renewals, and handle refund requests.
Legal basis: Performance of a contract (Article 6(1)(b)); legal obligation for transaction records (Article 6(1)(c)).
Retention: Transaction records retained for 7 years to comply with Dutch tax law, regardless of account status.
What: If you use WhatsApp or Telegram integrations: the phone number or account identifier associated with your bot connection, and message timestamps.
Why: To route incoming messages to the correct user account.
Legal basis: Performance of a contract (Article 6(1)(b)).
Retention: For the duration of your account, plus 30 days after closure.
What: Emails or push notifications we send you about your account, subscription renewals, product updates, and support responses.
Why: To keep you informed about your account and the Services.
Legal basis: Performance of a contract (Article 6(1)(b)); legitimate interest (Article 6(1)(f)) for service-related communications.
What: If you consent to crash reporting, our app and backend send error diagnostics to our crash-monitoring provider (Sentry): device identifiers, app and operating-system version, your user ID, error messages, and stack traces. These reports are technically configured and contractually required to exclude your voice recordings, transcripts, diary entries, photos, and other user content.
Why: To detect, diagnose, and fix crashes and errors so the Services remain reliable.
Legal basis: Consent (Article 6(1)(a)). Crash reporting is off unless you opt in during onboarding, and you can turn it off at any time in Settings → Data & Privacy.
Retention: Crash events are retained by our provider for a limited period (typically 90 days) and then deleted.
We do not collect:
We want to be explicit about what we will never do:
We engage the following third-party service providers as data processors. We have entered into a Data Processing Agreement (DPA) with each provider listed below, including Standard Contractual Clauses (SCCs) where applicable for transfers outside the EEA. These DPAs prohibit providers from using your data for any purpose other than providing their service to us, and specifically prohibit using your content to train AI models. We maintain a private register of executed DPAs and are happy to confirm any specific provider's DPA on request to [email protected].
All AI providers listed below are incorporated in the United States. Data transfers to them are governed by Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) GDPR. See Section 5 for details.
Role: Provides our backend infrastructure, including database hosting, authentication, and file storage services.
Data processing and security: Supabase processes data on our behalf and acts as a processor. Data is encrypted in transit using TLS and at rest using industry-standard encryption.
Location: European Economic Area (Ireland, eu-west-1). We have configured Supabase to store data within the EU.
Sub-processors: Supabase uses infrastructure providers such as Amazon Web Services (AWS) to deliver its services.
DPA: Supabase Data Processing Addendum (including Standard Contractual Clauses where applicable).
Privacy information: https://supabase.com/privacy
Role: Hosts our backend services (Amazon ECS in eu-central-1) and provides the underlying infrastructure for Supabase. Our backend services process your audio and text data in transit between the app and our other sub-processors. All data at rest is encrypted using AES-256; all data in transit uses TLS 1.2 or higher.
Location: EU (Frankfurt, eu-central-1 region). Both our backend services and the AWS infrastructure underlying Supabase are located in the EU. No data is stored in AWS regions outside the EEA under normal operation.
DPA: AWS Data Processing Addendum, incorporating SCCs.
Privacy information: https://aws.amazon.com/privacy/
Role: Receives your transcripts for AI rewriting and summarisation. Voice recordings are not sent to OpenAI.
Model training: OpenAI's API terms explicitly prohibit using API-submitted data to train their models. Your content is not used for model training.
Location: United States. Transfer governed by SCCs.
DPA: OpenAI Data Processing Addendum.
Privacy information: https://openai.com/policies/privacy-policy
Role: May receive transcripts or diary text for rewriting, summarisation, or formatting tasks.
Model training: Anthropic's API terms explicitly prohibit using API-submitted data to train their models by default. Your content is not used for model training.
Location: United States. Transfer governed by SCCs.
DPA: Anthropic Data Processing Addendum.
Privacy information: https://www.anthropic.com/privacy
Role: May receive transcripts or diary text for rewriting, summarisation, or formatting tasks via the Gemini API.
Model training: Google's paid Gemini API terms prohibit using API-submitted data to train their models. Your content is not used for model training. We use the paid tier on a billed Google Cloud project; the free AI Studio tier is not used.
Location: United States. Transfer governed by SCCs.
DPA: Google Cloud Data Processing Addendum, auto-incorporated through our paid Google Cloud project.
Privacy information: https://policies.google.com/privacy
Role: Delivers push notifications (e.g. journaling reminders, upload-complete confirmations) from our backend to user devices. Receives a device token and the notification payload (title and body); does not receive diary content, transcripts, or any other user-generated content.
Model training: Google's Firebase terms prohibit using FCM message contents to train their models.
Location: United States and other Google data centres. Transfer governed by SCCs.
DPA: Covered by the Google Cloud Data Processing Addendum (the same DPA that covers our Gemini API usage), auto-incorporated through our paid Google Cloud project.
Privacy information: https://policies.google.com/privacy
Role: Processes voice recordings for transcription as an alternative to other providers.
Data processing and privacy safeguards: Deepgram is configured in privacy mode, which ensures that audio data is processed only for transcription and is not retained beyond what is necessary to provide the service. Deepgram acts as a processor and processes data only on our instructions.
Model training: No. Your data is not used to train or improve Deepgram's models.
Location: United States. Transfer governed by SCCs.
DPA: Deepgram Data Processing Addendum.
Privacy information: https://deepgram.com/privacy
Role: Processes voice recordings for transcription using the Whisper Large Turbo model, and may also receive transcripts for AI rewriting and summarisation tasks.
Data processing and privacy safeguards: Groq acts as a processor and processes data only on our instructions. We configure the service to limit data retention to what is strictly necessary to provide the transcription.
Model training: No. Data submitted via the Groq API is not used to train or improve Groq's models.
Location: United States. Transfer governed by SCCs.
DPA: Groq Data Processing Addendum (auto-incorporated via Services Agreement, effective 15 October 2025).
Privacy information: https://groq.com/privacy-policy
Role: Receives crash reports and error diagnostics from the mobile app and backend, including device IDs, user IDs, error messages, and stack traces. Audio, transcripts, diary entries, and other personal content are explicitly excluded from Sentry events through both technical configuration (sendDefaultPii = false, content-scrubbing layer) and contractual prohibition (Sentry's DPA Section 2.2.2 forbids us from submitting Sensitive Data).
Data subject control: Crash reporting is consent-gated. Users who decline crash reports during onboarding (or turn the toggle off in Settings → Data & Privacy) have no events sent to Sentry from their device.
Model training: Not applicable — Sentry is not an AI service.
Location: United States. Transfer governed by SCCs and the EU-U.S. Data Privacy Framework.
DPA: Sentry Data Processing Addendum (executed; signed copy held in our internal DPA register).
Privacy information: https://sentry.io/privacy/
We do not currently offer paid subscriptions or process payments.
If we introduce paid features in the future, we will use a third-party payment provider. We will update this Privacy Policy to clearly identify that provider and explain how your data is processed before any payment functionality is activated.
We will update this sub-processor list when we add or change providers. Where a new sub-processor involves a material change to how your data is processed, we will notify you in advance.
Telegram and WhatsApp are messaging platforms operated by their respective companies (Telegram FZ-LLC and Meta Platforms Inc.). They are not our sub-processors — they are upstream platforms through which users may choose to send content to Spoken Diary. Their processing of messages on their own platforms is governed by their own privacy policies, not by this one. We receive messages that users forward to our integration accounts and process them as described in Section 1 (Messaging integration metadata) and the rest of Section 3.
If you use Telegram or WhatsApp to send content to us, please also review:
| Data category | Legal basis |
|---|---|
| Account data | Contract (Art. 6(1)(b)) |
| Voice recordings | Contract (Art. 6(1)(b)) + Explicit consent for special-category content (Art. 9(2)(a)) |
| Transcripts and AI outputs | Contract (Art. 6(1)(b)) |
| Photos | Contract (Art. 6(1)(b)) + Explicit consent where sensitive content |
| Billing records | Contract + Legal obligation (Art. 6(1)(c)) |
| Messaging metadata | Contract (Art. 6(1)(b)) |
| Service communications | Contract + Legitimate interest (Art. 6(1)(f)) |
We do not rely on legitimate interest as a legal basis for processing your diary content under any circumstances.
Our core infrastructure (Supabase/AWS) is configured to store data within the EU. However, OpenAI, Anthropic, Google, Deepgram, Groq, and Sentry are US-based companies. When your voice recordings or transcripts are sent to these providers for processing, personal data is transferred to the United States.
The United States does not have a blanket EU adequacy decision covering these providers. We protect these transfers by relying on Standard Contractual Clauses (SCCs) — the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission on 4 June 2021 (Decision 2021/914). We have executed SCCs with each of these providers as part of our Data Processing Agreements.
You may request a copy of the relevant SCCs by contacting us at [email protected].
We keep your data for as long as your account is active and for 30 days after account closure, regardless of the reason for closure. During this 30-day period, you may request a copy of your personal data in a structured, commonly used, machine-readable format at any time by contacting [email protected].
At the end of the 30-day period, your User Content — voice recordings, transcripts, diary entries, photos, and generated outputs — is permanently and irreversibly deleted from our systems and those of our sub-processors.
The following data is retained for longer where required by law:
If you submit a deletion request before the 30-day period expires, we will delete your User Content within 30 days of receiving the request, subject to the legal retention obligations above.
Our Services are not directed at children under 16. We do not knowingly collect personal data directly from children under 16.
However, our Services are used by parents and caregivers who create diary entries about their children, including uploading photos and recording stories that reference children's personal information. In this context:
As a data subject under the GDPR, you have the following rights. You can exercise any of them by contacting us at [email protected].
You can request a copy of all personal data we hold about you, including your voice recordings, transcripts, diary entries, and account data.
You can correct inaccurate personal data. For diary content, you can edit entries directly within the app.
You can request deletion of your personal data. We will delete your User Content within 30 days, subject to legal retention obligations. You can also delete individual entries or your entire account at any time within the app.
You can ask us to restrict processing of your data in certain circumstances, for example while a complaint is being resolved.
You can request your personal data in a structured, commonly used, machine-readable format (JSON and/or PDF). This right applies to data you have provided to us and that we process on the basis of contract or consent. You can also use the in-app export feature at any time.
You can object to processing based on legitimate interest. We do not rely on legitimate interest for processing your diary content, so this right is most relevant to service communications.
Where we process data on the basis of your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) at https://autoriteitpersoonsgegevens.nl, or with the supervisory authority in your EU member state of residence.
We will respond to all rights requests within 30 days. In complex cases we may extend this by a further 60 days, in which case we will notify you of the extension and the reason.
We implement the following technical and organisational measures to protect your personal data:
No system is completely secure. We encourage you to use the in-app export feature regularly as your own backup.
We use only technically necessary cookies and local storage required to operate the app and maintain your session. We do not use advertising cookies, cross-site tracking, or analytics cookies at this time.
If we introduce analytics tools or non-essential cookies in the future, we will update this policy and seek your consent before placing them.
We may update this Privacy Policy from time to time. For material changes — including changes to sub-processors, legal bases, or retention periods — we will notify you by email at least 30 days before the change takes effect. The “Last updated” date at the top of this policy reflects the most recent version.
Your continued use of the Services after the effective date of an updated policy constitutes acceptance of the changes. If you do not accept the changes, you may close your account and request deletion of your data before they take effect.
For any privacy-related questions, rights requests, or complaints:
Email: [email protected]
Post: AJ Software Innovation, Groenendaalkade 1, 2103AA, Heemstede, Netherlands
For disputes you can also use the EU Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr/.
If you are unsatisfied with our response, you have the right to escalate to the Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl.
© 2026 AJ Software Innovation B.V. All rights reserved.