Privacy Policy

Last updated: April 22, 2026

This Privacy Policy describes how Voxbrief ("we," "us," "our") collects, uses, shares, and protects information when you use the Voxbrief iOS application (the "App") and the website at https://www.getvoxbrief.com (the "Website," and together with the App, the "Service").

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Subscription and Payment Information

When you purchase a subscription through Apple In-App Purchase:

We receive a transaction receipt from Apple that confirms your purchase, including the product purchased, transaction ID, and purchase date.
We do not receive or store your credit card number, billing address, or other payment details. All payment processing is handled by Apple.
We store your subscription status (plan type, start date, expiration date) to provide you with access to paid content.

1.2 Content and Usage Information

When you use the App, we collect:

Listening activity: which summaries you listen to, playback progress, and bookmarks.
Search queries: terms you search for within the App.
Wish list: books you add to your wish list.
App interactions: screens viewed, features used, and actions taken (e.g., tapping play, opening a summary).

1.3 Device and Technical Information

When your device connects to our servers, we automatically receive:

Device identifier: an anonymous device identifier (IDFV) used to associate your subscription. This is not your advertising identifier and cannot be used to track you across other apps.
Device information: device model, operating system version, app version, language and region settings.
Network information: IP address and connection type.
Server logs: timestamps, requested content identifiers, and standard server log data used for reliability and security.

1.4 Diagnostics and Crash Reports

We collect crash reports and performance diagnostics through:

Firebase Crashlytics: Automatically collects crash logs, stack traces, and device state at the time of a crash to help us identify and fix bugs. This data is anonymized and does not include personal identity information.
Apple Diagnostics: If you have enabled sharing device analytics with developers in iOS settings, we may also receive basic performance diagnostics through Apple's mechanisms.

1.5 Information We Do NOT Collect

Precise GPS location
Contacts, photos, or health data
Credit card or banking details (handled entirely by Apple)
Biometric data
Email addresses, names, or other personal identity information (the App does not require an account)

2. How We Use Information

We use the information we collect to:

Purpose	Legal Basis (GDPR)
Provide and maintain the Service (streaming audio, search, playback, subscription access)	Performance of contract
Process subscription purchases	Performance of contract
Improve the Service, fix bugs, and analyze usage trends	Legitimate interest
Measure advertising effectiveness and attribute app installs to advertising campaigns (we do not display ads in the App or build personal advertising profiles)	Legitimate interest
Prevent fraud, abuse, and unauthorized access	Legitimate interest
Respond to your support requests	Performance of contract
Comply with legal obligations	Legal obligation

We do not use your information to display advertising. The App does not contain ads.

3. How We Share Information

We do not sell your personal information. We never have and never will.

We may share limited information only in these circumstances:

3.1 Service Providers

We use trusted third-party service providers to operate the Service:

Provider Category	Purpose	Data Shared
Cloud hosting and infrastructure	Store and deliver content	Server logs, encrypted device and subscription data
Analytics	Understand usage patterns and improve the Service	Anonymized or pseudonymized usage data, device information
Apple StoreKit (In-App Purchase)	Subscription purchases	Transaction receipt (no payment card data)

These providers process information only to provide services to us, under contractual obligations consistent with this Privacy Policy and applicable data protection laws.

3.2 Legal and Safety

We may disclose information if reasonably necessary to:

Comply with applicable law, regulation, legal process, or governmental request.
Enforce our Terms of Service.
Protect the rights, safety, and security of our users and the Service.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via a prominent notice in the App of any change in ownership or uses of your personal information.

4. Data Retention

Data Type	Retention Period
Device identifier (IDFV) and subscription records	Retained while a subscription is associated with the device, plus 7 years for financial and tax compliance.
Listening history, wish list, search history	Stored locally on your device and on our servers associated with your device identifier. Server records are retained while the device is active.
Server logs (IP address, request logs)	Retained for up to 90 days, then deleted or anonymized.
Support communications	Retained as long as needed to resolve your inquiry and for reasonable record-keeping.
On-device data (playback state, preferences)	Stored locally on your device. Removed when you uninstall the App.

5. Your Rights and Choices

5.1 All Users

You can:

Uninstall the App: Remove all locally stored data by uninstalling the App.
Control diagnostics: Limit diagnostic sharing in iOS Settings → Privacy & Security → Analytics & Improvements.
Request data deletion: Although the App does not have accounts, you may contact us at maggiemei757@gmail.com to request deletion of any server-side data associated with your device identifier.

5.2 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You can request the categories and specific pieces of personal information we have collected about you.
Right to Delete: You can request deletion of your personal information by contacting us.
Right to Correct: You can request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise your rights, contact us at maggiemei757@gmail.com. We will verify your identity before processing requests. We aim to respond within 45 days.

Categories of personal information collected in the preceding 12 months:

Category (CCPA)	Examples	Collected	Sold	Shared for Cross-Context Behavioral Advertising	Shared for Ad Measurement*
Identifiers	Device identifier (IDFV), IP address	Yes	No	No	Yes
Commercial information	Subscription purchase history	Yes	No	No	Yes
Internet or network activity	Listening history, search queries, interactions	Yes	No	No	No
Geolocation data	IP-based approximate location (country/region level only)	Yes	No	No	No
Inferences	None	No	No	No	No

*Ad Measurement: We share anonymized app install and purchase events with Google via Firebase Analytics solely to measure advertising campaign performance (attribution). This data is not used to target ads to you personally or to build an advertising profile.

5.3 European Economic Area, UK, and Swiss Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Right of Access: Obtain a copy of your personal data.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data by contacting us.
Right to Restriction of Processing: Request that we limit how we use your data.
Right to Data Portability: Receive your personal data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interest.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact us at maggiemei757@gmail.com. We aim to respond within 30 days.

Data Controller: Voxbrief, contactable at maggiemei757@gmail.com.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.

6. Third-Party SDKs and Services

The App integrates the following third-party services:

SDK / Service	Purpose	Data Accessed	Privacy Policy
Apple StoreKit (In-App Purchase)	Subscription purchases	Transaction receipt (no payment card data)	Apple Privacy Policy
Google Firebase Analytics	Usage analytics, event tracking, app performance monitoring, and advertising measurement	Anonymized/pseudonymized usage events, device information (model, OS version, app version), IDFV, IP address (used for approximate geolocation and then discarded)	Firebase Privacy · Google Privacy Policy
Google Firebase Crashlytics	Crash reporting and stability monitoring	Crash logs, stack traces, device state at time of crash, device model, OS version	Firebase Privacy

Firebase operates as a data processor on our behalf. Firebase data is processed in accordance with Google's Firebase Data Processing and Security Terms. Firebase has completed ISO 27001 and SOC 1/2/3 evaluations.

Advertising measurement: We use Firebase Analytics to measure the effectiveness of our advertising campaigns (e.g., Google Ads). This means certain anonymized events (such as app installs and subscription purchases) may be shared with Google to help us understand which ads led users to install our App. This data is used for advertising attribution and campaign optimization only — it is not used to build a personal advertising profile about you, and we do not serve ads within the App. The App does not display ads.

For more information about how Google uses data from apps that use Firebase, please see How Google uses information from sites or apps that use our services.

7. Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including:

Encryption of data in transit (TLS/HTTPS) and at rest.
Access controls limiting employee access to personal data on a need-to-know basis.

No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately at maggiemei757@gmail.com.

8. Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you believe that a child under 13 has provided us with personal information, please contact us at maggiemei757@gmail.com. We will promptly delete such information.

9. International Data Transfers

If you use the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other locations where our servers or service providers operate.

We rely on the following mechanisms for international data transfers:

Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
Your consent to this Privacy Policy constitutes acknowledgment of such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last Updated" date at the top of this page.
We will notify you via a prominent notice in the App.
Continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: maggiemei757@gmail.com
Website: https://www.getvoxbrief.com/privacy