Privacy Policy
Last updated: May 15, 2026
This Privacy Policy describes how RecordMind ("we", "us", "our"), collects, uses, and protects information when you use the RecordMind mobile app and related services.
1. Information We Collect
1.1 Account information
- Email address
- Display name and optional profile photo
- Authentication credentials via Apple Sign In, Google Sign In, or Firebase email OTP
1.2 Content you create
- Audio recordings captured through the microphone
- Transcribed text generated from your audio
- AI-generated summaries and mind maps derived from your transcripts
- Notes and annotations you add manually
1.3 Technical and usage data
- Device model, OS version, app version, language
- IP address and approximate country
- Vendor identifier (IDFV) for internal analytics — never shared with advertisers
- Crash reports and performance diagnostics
- Push notification token (when enabled)
1.4 Subscription data
- Apple In-App Purchase receipts and transaction IDs
- Subscription tier and remaining usage quota
- We do not collect credit-card or payment-method details. All payments are processed by Apple.
2. How We Use Your Information
| Purpose | What we do |
|---|---|
| Provide core features | Process audio to produce transcripts, summaries, and mind maps |
| Authenticate you | Verify identity via Firebase Auth, Apple, or Google |
| Sync your data | Store your content so you can access it across sessions |
| Send notifications | Push alerts for task completion or account events |
| Improve our Service | Analyze aggregated, anonymized usage patterns |
| Process payments | Verify Apple in-app purchases and update entitlements |
| Comply with law | Respond to lawful requests from authorities |
3. Third-Party Service Providers
We rely on the following providers. Each receives only the minimum data needed:
| Provider | Data sent | Purpose |
|---|---|---|
| OpenAI | Audio (Whisper), text prompts (GPT-4o-mini) | Transcription, summary, mind-map generation |
| Firebase (Google) | Email, OAuth tokens | User authentication |
| Cloudflare R2 | Encrypted audio file blobs | Object storage |
| OneSignal | Push token, device ID | Push notifications |
| Apple | IAP transaction data | In-app purchase verification |
4. Data Retention
| Data type | Retention |
|---|---|
| Audio recordings | Until you delete them, or up to 30 days after account closure |
| Transcripts, summaries, mind maps | Same as audio recordings |
| Account information | Until account deletion is requested |
| Crash and analytics logs | 90 days, then anonymized |
| Subscription records | 7 years (legal requirement) |
5. Your Rights
You have the right to:
- Access the data we hold about you
- Correct inaccurate information
- Delete your account and all data
- Export a copy of your content
- Withdraw consent or object to processing
To exercise these rights: in-app via Settings → Account, or email support@recordmind.me (we respond within 30 days).
6. Children's Privacy
RecordMind is not directed at children under 13 (16 in EEA). We do not knowingly collect data from children. If we learn we have, we will delete it promptly. Parents may contact support@recordmind.me.
7. International Data Transfers
Your data may be processed in the United States (OpenAI, Firebase, OneSignal) and through Cloudflare's global network. We rely on Standard Contractual Clauses or equivalent safeguards.
8. Security
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption at rest on Cloudflare R2
- Role-based access control and audit logging
- Regular security reviews
If a data breach occurs, we will notify affected users within 72 hours.
9. Changes to This Policy
We may update this Policy. Material changes will be announced in-app and via email at least 30 days before they take effect.
10. Contact
RecordMind
Email: support@recordmind.me
Website: recordmind.me