1. Information We Collect
Account information: If you register, we store your email address and profile fields you provide (such as display name).
Authentication data: We use authentication to manage identity (including Google sign-in if you choose it). This includes identifiers required to operate authentication securely.
Usage and account data: We store your credit balance, character usage statistics, and operation history (for example, filenames, character/byte counts, timestamps, and status).
Submitted content: Submitted synthesis text is transmitted to our backend infrastructure and to Google Cloud Text-to-Speech services in order to generate audio output.
Custom voice audio: If you create a Custom Voice, we collect audio recordings you upload/record (consent and reference samples).
Voice recordings you submit may be transmitted to Google Cloud Text-to-Speech services to generate a voice cloning key associated with your account.
Security and anti-abuse data: We may collect and store security signals such as IP addresses, rate-limiting counters, device/browser fingerprinting signals and related technical identifiers (used for anonymous trial enforcement), and normalized/hashed email signals to prevent abuse of trials and promotional credits.
2. How We Use Your Data
Service delivery: To convert text to audio, provide downloads, and manage your credit balance and operation history.
Security: To protect our endpoints from abuse using app check (reCAPTCHA), rate limiting, and anti-fraud/anti-abuse checks.
Custom voices: Your custom voice samples are used to generate a unique voice cloning key associated with your account.
Transactions: Payments are processed by Stripe. We store related records used to credit your account and show transaction history.
Feedback, support, and refund requests: If you choose to send us a message, bug report, feedback, or refund request, we may process your submission using a third-party form provider (Tally.so). Your submission is used to respond to you, diagnose issues, verify refund eligibility, and improve the service.
Compliance and protection: We may process and preserve information where reasonably necessary to comply with legal obligations, enforce our Terms, investigate abuse or fraud, protect users, or protect the security and integrity of the service.
3. Storage, Downloads, and Retention
Generated audio storage: Generated audio files are stored in Google Cloud Storage. The app provides download access via signed URLs.
Signed URL expiry: Based on current implementation, signed download links expire after approximately 24 hours. After expiry, the link will no longer work.
Operation history retention: To manage storage, we automatically keep only a limited number of recent operations. Based on current implementation, we keep up to 50 most recent short audio operations and up to 50 most recent long audio operations. The UI may display fewer entries (for example, showing only the most recent 20 long operations).
Security records retention: Certain security/anti-abuse records (for example, registration history signals) may be retained for longer periods, including after account deletion, to prevent fraud and abuse.
Deleting your account or operation history may not immediately remove all generated audio files from underlying cloud storage systems, backups, or provider infrastructure due to technical limitations and retention processes.
4. Third-Party Service Providers
We use third-party infrastructure to operate the app:
Google Cloud Platform & Firebase: Hosting, database, authentication, and audio synthesis APIs.
Stripe, Lemon Squeezy: Payment processing and billing. We do not store your full credit card details on our servers.
reCAPTCHA Enterprise: Used via Firebase App Check to help prevent automated abuse.
Tally.so: Used to collect and process user-submitted messages, feedback, and refund requests. Depending on what you submit, this may include the content of your message, contact details, account email, purchase details, or receipt references you provide. We may also include limited technical context (such as your user ID, email address, page URL, last Stripe Checkout session ID, and basic device/browser information) to help us investigate issues and verify refund requests.
Email Delivery Providers: We may use third-party email delivery and marketing platforms to send verification emails, password reset emails, transactional notices, newsletters, and promotional communications.
Some third-party providers may process or store data in countries outside your jurisdiction, including the United States or other countries where privacy laws may differ from those in your region.
5. Your Rights and Controls
Access: You can view your credit balance, usage, and operation history in the “My Account” page.
Deletion: You can delete your account via “My Account” page. This triggers cleanup of your primary user data (such as your profile, credits balance, operations, custom voices, and related application records), with the exception of certain records that may be retained for legal, tax, accounting, security, fraud-prevention, audit, dispute-resolution, or regulatory compliance purposes.
For example, payment-related records, transaction records, invoices, billing references, chargeback/dispute records, and certain Stripe or payment-provider records may be retained for the period required by applicable law, accounting obligations, contractual requirements, or legitimate business interests. Certain anti-abuse and security records may also be preserved after account deletion.
Anti-abuse exception: To prevent abuse of free trials and promotional credits, we preserve registration history records (for example, email hashes, device fingerprints, and IP records) even after account deletion.
6. Cookies
The app may use browser storage technologies and similar mechanisms required for authentication, security, fraud prevention, session management, payment flows, and core functionality.
These technologies may include localStorage, sessionStorage, browser cache, security tokens, and cookies used by third-party providers such as Firebase Authentication, Stripe Checkout, reCAPTCHA Enterprise, hosting/CDN providers, or related infrastructure services.
We do not currently use advertising cookies or third-party behavioral tracking for targeted advertising within the app itself.
7. Service Communications
We may use your email address to send account verification emails, password reset emails, transactional notices, billing confirmations, security alerts, support responses, technical notices, maintenance announcements, and other service-related communications necessary to operate the service and manage your account.
8. Policy Update
We may update this Privacy Policy from time to time to reflect changes in the service, legal requirements, infrastructure providers, security practices, or operational needs. Continued use of the service after updates become effective constitutes acceptance of the revised policy.