Privacy Policy

1. Introduction

Welcome to SummarizeX, an AI-powered application developed by SoftRadix Technologies Pvt Ltd ("we," "us," "our"). Our App is designed to help you transcribe and summarize content from audio, text, web pages, documents, and images.

This Privacy Policy explains how we collect, use, share, and protect your Personal Data when you use our App. We are committed to protecting your privacy and handling your data with transparency and care. SoftRadix Technologies Pvt Ltd is a Private Limited company with office in India.

2. Information We Collect

We collect data to provide and improve our service. This includes:

Information You Provide to Us:

Account Information: When you register, we collect your first name, last name, and email address. If you register via Google or Apple, we receive your name, email, and profile picture from that service. You may also voluntarily add a phone number for account recovery or a profile picture to personalize your account.

User Content: To provide our services, we necessarily process the content you upload, including audio files, text, web URLs, document files (PDFs), and images, along with associated metadata like file size or duration.

Information Collected Automatically:

Device and Technical Information: We collect your device type, operating system, app version, and push notification tokens to send you service-related updates. We also collect anonymized error logs via Firebase Crashlytics to diagnose and fix problems with the App.

Subscription Information: We use RevenueCat to process in-app purchases and manage subscriptions. This involves collecting transaction data related to your purchases.

3. How We Use Your Information and Our Lawful Basis

We process your Personal Data for specific purposes and only when we have a lawful basis to do so under regulations like GDPR.

To Provide and Operate the App (Performance of a Contract): We use your data to create your account, process your content for transcription and summarization, sync your data across devices, and manage your subscription.

To Improve Our Services (Legitimate Interests): We analyze usage patterns and error logs to troubleshoot issues and develop new features. This may include the use of aggregated and anonymized data for statistical analysis.

To Enhance and Afford Our Core Services (Legitimate Interests): For audio content processed via Deepgram, and where permitted by your location's privacy laws, we allow Deepgram to use this data to train and improve their general AI models as part of their Model Improvement Partnership Program. This enables us to provide our high-quality transcription and summarization services more cost-effectively to you. We balance this interest against your privacy rights by ensuring this program does not involve redistribution of your raw data by Deepgram to other third parties, nor is it used for marketing or advertising profiling, as per Deepgram's policies.

To Ensure Security (Legitimate Interests): We use your information to protect the security of our App, prevent fraud, and enforce our terms.

To Communicate With You (Legitimate Interests): We may send you important service updates, security alerts, and administrative messages.

To Comply with the Law (Legal Obligation): We may process your data to comply with applicable laws, regulations, or legal processes.

4. How We Share Your Information

We do not sell your Personal Data. We only share your information with trusted third-party service providers who are contractually obligated to protect it and only use it to provide services to us, subject to the specific considerations for AI model training detailed below.

The third-party services we use include:

Deepgram (Audio Transcription):

We send your recorded audio to Deepgram for accurate audio transcription.

Please be aware that for users outside of regions where explicit consent or opt-out is legally required for such use (e.g., the European Economic Area, UK, or California), your audio data submitted for transcription may be used by Deepgram to train and improve their general AI models as part of their Model Improvement Partnership Program.

We have chosen not to opt out of this program by default to help us provide our services more affordably.

For users in regions requiring specific consent or opt-out, we implement controls as described in Section 7 to manage this data usage.

Deepgram has stated that this program does not involve redistributing your raw data to other third parties, nor is it used for marketing or advertising profiling.

Deepgram is SOC 2 Type 2 certified and committed to GDPR compliance.

https://deepgram.com/privacy

OpenAI (AI Processing):

We utilize OpenAI's API for various AI processing tasks, including audio transcription (from audio and video content), summarization, and other AI-powered text generation features.

As per OpenAI's policies for their API/business offerings, the content you submit through our App is not used to train or improve their general AI models by default.

OpenAI is committed to data security and complies with GDPR.

They also offer a Business Associate Agreement (BAA) to support HIPAA compliance requirements for eligible use cases.

https://openai.com/en-GB/policies/row-privacy-policy/

Google (AI Processing):

We use Google's AI models (via Google Cloud) for various AI processing tasks, including summarization, content analysis, and handling multimodal inputs (text, images from documents/web content).

Google has stated that for their AI models accessed via Google Cloud (which we use), your prompts and responses are not used to train their models.

Google Cloud is SOC 2 Type 2 certified and compliant with both HIPAA and GDPR.

https://cloud.google.com/privacy

Supabase (Database and Storage):

We use Supabase for securely storing and managing your data, including user profiles, uploaded content, and processed data.

Supabase is SOC 2 Type 2 certified and compliant with HIPAA and GDPR regulations, ensuring your data is protected with industry-standard security measures.

https://supabase.com/privacy

Firebase (Authentication, Push Notifications, Crash Reporting):

We use Firebase for user authentication (including Google and Apple social logins), push notifications, and crash reporting (via Firebase Crashlytics).

Firebase is part of the Google Cloud Platform, which is SOC 2 Type II certified and complies with GDPR.

While Firebase itself isn't directly HIPAA compliant, it can be configured for HIPAA compliance if we handle Protected Health Information (PHI) and have a Business Associate Agreement (BAA) with Google.

https://firebase.google.com/support/privacy

RevenueCat (Subscription Management):

We integrate with RevenueCat to manage your premium subscriptions.

RevenueCat processes transaction data related to your purchases and is committed to data security and privacy.

https://www.revenuecat.com/privacy/

5. Data Security

We implement robust technical and organizational measures to protect your data, including:

• Encryption: Data is encrypted in transit (using TLS/SSL) and at rest (using AES-256).
• Access Controls: Access to your data is strictly limited to authorized personnel based on the principle of least privilege.
• Secure Development: We follow secure coding practices and conduct internal reviews to prevent vulnerabilities.

6. Data Retention

We retain your Personal Data and uploaded content for as long as your account is active. If you delete content or your entire account, it is marked for immediate deletion from our active systems. We provide a 30-day recovery window in case of accidental deletion, after which the data is permanently and irreversibly deleted from our production systems and subsequent backup cycles.

7. Your Data Rights and Choices

You have specific rights regarding your Personal Data, in compliance with laws like GDPR and CCPA.

Your General Rights:

• Right to Access: Request a copy of the Personal Data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): Request deletion of your Personal Data. While we will cease sending your data to Deepgram for model training upon your request, please understand that data already integrated into Deepgram's pre-existing training models may be technologically difficult or impossible to fully "unlearn" or erase from those models.
• Right to Object: Object to the processing of your data under certain circumstances.
• Right to Withdraw Consent: Withdraw consent at any time where we rely on it for processing.

Additional Rights for EEA/UK Residents (GDPR):

• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Restriction of Processing: Request that we limit the processing of your Personal Data.

Specific Consent for Deepgram Model Training:

To comply with data protection laws in the European Economic Area and UK, if our systems indicate you are located in one of these regions (e.g., based on your IP address), we will seek your explicit consent (opt-in) during onboarding to allow your audio data to be used by Deepgram for training their general AI models.

You will have the ability to manage this consent at any time in your app settings. If you do not provide this consent, or if you withdraw it, your audio data will not be used for Deepgram's model training purposes.

You also have the right to lodge a complaint with a data protection authority.

Additional Rights for California Residents (CCPA):

• Right to Know: Request to know the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request the deletion of your personal information.
• Right to Opt-Out of Sale/Sharing: As described in Section 4, your audio data may be used by Deepgram to train their general AI models for their commercial benefit, which may be considered "sharing" or "selling" under California law. You have the right to direct us not to sell or share your personal information. You can exercise this right by using the toggle in your app settings. If you exercise this right, your audio data will not be used for Deepgram's model training purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

How to Exercise Your Rights:

To exercise any of these rights, please contact us at info@summarizex.ai. We will respond to your request in accordance with applicable law. For the Deepgram model training consent/opt-out, you can manage your preference within the app's settings section.

8. International Data Transfers

As we operate in India and the United States and use global cloud providers, your data may be processed in countries outside of your country of residence. These countries may have different data protection laws. We ensure your data is treated securely and in accordance with this policy by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) where required for GDPR compliance.

9. Children's Privacy

Our App is not intended for children under the age of 13, and we do not knowingly collect their data. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete it.

10. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of any significant changes by posting the new policy here and updating the "Last Updated" date. Your continued use of the App after such changes constitutes your acceptance of the new terms.

11. Contact Us

If you have any questions, please contact us: