Privacy Policy.

1. What we collect

Account & identity data

When you sign in via Google or Apple, we receive your name, email address, and profile picture URL from the provider. We store only what is needed to identify your account and deliver transactional notifications (e.g. receipt, critical security alerts). We never see your social-provider password.

In-app content you provide

Our apps process content you actively submit — text you paste, images you capture, audio you record, or notes you write — solely to generate the AI-powered feature you requested. Before any such content is transmitted, we apply automated PII redaction (see Section 2 below). We do not store, log, or train on your original content. Redacted content transits our infrastructure only momentarily and is discarded once the AI response is returned.

Personalisation & preference data

Apps that personalise their output store your in-app preferences (such as communication style, dietary goals, or content filters) to tailor results across sessions. These preferences are stored locally on-device and, where applicable, synced to your account. You can reset or delete them at any time from within the app.

Usage & analytics data

We collect anonymised, aggregated events (screen views, feature usage counts, crash reports) via Firebase Analytics and Crashlytics. This data cannot be linked back to you individually and is used solely to improve app stability and inform feature prioritisation.

Purchase & subscription data

Purchases are handled by the App Store (Apple) or Google Play and processed by RevenueCat. We receive purchase status and expiry dates only — never your card number, billing address, or bank details.

Device & technical data

We collect your device model, OS version, app version, and a random installation ID to support crash diagnosis. This is never linked to your name without your explicit consent (e.g. when you file a support request via our contact form).

Data we do not collect

We do not collect precise GPS location, contacts, call logs, SMS, or any background sensor data unless explicitly stated in a specific app's supplemental notice. Microphone access is used only in VoxClone, where voice recording is the core product feature.

2. PII redaction before AI processing

Across all Deployd apps, before any user-submitted content is sent to an AI provider for processing, our apps automatically detect and strip Personally Identifiable Information (PII). This is a technical safeguard enforced on-device — the AI provider never sees your raw personal data.

What gets redacted

• Email addresses
• Phone numbers
• Physical addresses
• Financial identifiers (card numbers, IBANs, account numbers)
• National IDs (SSN, PAN, Aadhaar, passport numbers)
• Dates of birth
• Personal names in identifiable contexts
• URLs and domain names

How it works

Detected PII is replaced with anonymous placeholder tokens (e.g. [EMAIL_1], [PHONE_1]) before the content leaves your device. The AI provider sees only the redacted version. Once the AI response is generated, the tokens are restored in-app so you receive a natural, complete result. The token map is never stored, transmitted, or logged — it exists in memory only for the duration of a single request and is discarded immediately after.

Scope

PII redaction applies to all text-based content submitted to AI APIs across our app portfolio. Where a core feature requires transmitting an image or audio recording (e.g. for visual analysis or voice processing), that content is sent directly to the AI provider without interim storage, is processed transiently, and is deleted from provider infrastructure in accordance with our Data Processing Agreements. We do not permit any AI provider to use submitted content to train their models.

3. How we use it

We use your data exclusively to:

• Deliver and improve the features you use
• Manage your subscription and enforce fair-use limits
• Deliver transactional notifications (receipts, critical security alerts)
• Diagnose crashes and fix bugs
• Comply with legal obligations

We do not sell your data, use it to train AI models, serve behavioural ads, build marketing profiles, or share it with data brokers.

4. Who sees it

We share data only with service providers required to operate the service, in the following categories:

• Authentication & analytics — account sign-in, crash reporting, and anonymised usage events
• AI processing — feature generation using PII-redacted content only; providers are contractually prohibited from using your content to train their models
• Subscription & payments — purchase status and expiry only; we never receive your card details
• Infrastructure & storage — secure hosting of account data, encrypted at rest and in transit
• Contact delivery — messages submitted via our contact form only

We have Data Processing Agreements in place with all sub-processors where required by law. A full list of named sub-processors is available on request via our contact form.

We may also disclose data if required by law (court order, government request) or to protect the safety of our users, and will notify you if legally permitted to do so.

5. Data retention

We keep account data for as long as your account is active, plus 90 days after deletion to resolve disputes and comply with legal obligations. Anonymised analytics data may be retained indefinitely. Content processed by AI APIs is not retained beyond the duration of the API call. User-generated content stored with your explicit opt-in (such as in-app history features) is retained until you delete it or close your account.

6. Your rights

Depending on your jurisdiction (GDPR, CCPA, PDPA, etc.) you may have the right to:

• Access — request a copy of all personal data we hold about you
• Rectification — correct inaccurate data
• Erasure — request deletion of your account and associated data
• Portability — receive your data in a machine-readable format
• Object — object to processing based on legitimate interest
• Withdraw consent — at any time, for consent-based processing

To exercise any right, use our contact form and include the account identifier associated with your request. We will respond within 30 days.

You may also delete your account directly from within any Deployd app via Settings → Delete Account. This triggers immediate anonymisation of your personal data.

7. Children's privacy

Our apps are not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Security

We enforce HTTPS/TLS for all data in transit. Data at rest is encrypted using AES-256 at the infrastructure level (Google Cloud, Supabase). Access to production systems is restricted to the Deployd team and protected by multi-factor authentication.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly via our contact form and we will respond within 48 hours.

9. Changes to this policy

We may update this policy as our products evolve or regulations change. Material changes — such as new categories of data collected or new sharing partners — will be communicated via in-app notice at least 14 days before taking effect. Continued use of any Deployd app after the effective date constitutes acceptance of the revised policy.

The current version is always available at deployd.in/legal/privacy. The "Last updated" date at the top of this page reflects the most recent revision.

10. Questions?

If you have any questions about this Privacy Policy or want to exercise your data rights, please use our contact form ↗. We aim to respond to all privacy-related enquiries within 48 hours.