Privacy Policy

Privacy Policy

Last updated: February 27, 2026

This Privacy Policy describes how Inner Dispatch ("we", "our", "us") collects, uses, and protects personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR").

By using Inner Dispatch, you agree to this Privacy Policy.

1. Data Controller

Inner Dispatch is the data controller responsible for your personal data.

Contact:
Email: support@innerdispatch.com

2. Personal Data We Collect

2.1 Account Information

When you sign in using Google authentication, we collect:

  • Name
  • Email address
  • Google account identifier (OAuth ID)

This information is provided directly by Google OAuth.

2.2 Voice Recordings, Transcriptions, and Emotion Analysis

We collect and store:

  • Voice recordings you create (up to 10 seconds each)
  • Transcriptions of your recordings (generated via OpenAI Whisper API)
  • Emotion analysis results derived from your recordings (tone, pace, and energy — generated via OpenAI API)
  • Date and timestamp of each recording
  • Audio duration

Transcriptions and emotion analysis results are stored in our database and used to provide in-app insights about your recordings. Voice recordings and their derived data may contain personal data depending on what you choose to say.

Emotion analysis infers characteristics such as tone, pace, and energy from your voice. While we do not intentionally process special category data (e.g., health or mental state), voice recordings may incidentally reflect such information. This data is used solely to provide in-app features and is not shared with third parties beyond the processors listed in Section 5.

2.3 Usage Data

We collect:

  • Dates when you created recordings
  • Streak information (consecutive days recorded)
  • IP address (for security and fraud prevention)
  • Browser type and device information
  • Access logs (for system security)

2.4 Payment Information

If you subscribe to Memory Plan ($4.99/month), we collect:

  • Payment method details (processed by Stripe)
  • Billing information
  • Subscription status and history

We do not store credit card numbers. All payment processing is handled by Stripe, Inc.

2.5 Generated Videos (Rewinds)

If you purchase a Rewind (a compiled video of your recordings), we temporarily store the generated video file on our servers solely for the purpose of delivery. The file is permanently deleted within 7 days of generation, or immediately upon confirmed download, whichever comes first. After download, the video exists only on your local device.

3. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

3.1 Performance of a Contract (Article 6(1)(b) GDPR)

To provide:

  • Voice recording, transcription, and storage
  • Emotion analysis and in-app insights
  • Account authentication
  • Subscription management
  • Rewinds video generation and delivery

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

To:

  • Maintain service security
  • Prevent fraud and abuse
  • Improve system reliability
  • Analyze usage patterns (anonymized)

3.3 Consent (Article 6(1)(a) GDPR)

Where required for optional features (if introduced in the future).

4. How We Use Your Data

We process personal data to:

  • Provide the service: Store, retrieve, and play back your voice recordings
  • Transcribe recordings: Generate and store transcriptions via OpenAI Whisper to support playback and future features
  • Analyze emotions: Derive emotional insights (tone, pace, energy) from voice recordings via OpenAI API to provide in-app features
  • Authenticate your account: Verify your identity via Google OAuth
  • Process payments: Manage subscriptions via Stripe
  • Generate Rewinds: Compile recordings into downloadable video files upon purchase
  • Maintain security: Detect and prevent fraud, abuse, and unauthorized access
  • Enforce our Terms: Ensure compliance with service terms
  • Communicate with you: Send service-related notifications (e.g., freeze alerts)

We do not:

  • Sell personal data
  • Use voice recordings, transcriptions, or emotion analysis results to train AI models
  • Share recordings with third parties (except processors listed below)
  • Use data for advertising or marketing purposes

5. Data Processors and Third Parties

We use the following trusted service providers who process data on our behalf:

5.1 Supabase, Inc.

  • Purpose: Database, authentication, file storage
  • Data location: United States (AWS US-East)
  • Data processed: Account info, recordings, transcriptions, metadata
  • Safeguards: Standard Contractual Clauses (SCCs), SOC 2 Type II certified
  • Privacy Policy: https://supabase.com/privacy

5.2 OpenAI, Inc.

  • Purpose: Voice transcription (Whisper API) and emotion analysis
  • Data location: United States
  • Data processed: Voice recordings (transmitted for transcription and emotion analysis only)
  • Safeguards: Data Processing Addendum (DPA) + Standard Contractual Clauses (SCCs). OpenAI does not use API inputs to train its models.
  • Privacy Policy: https://openai.com/privacy

5.3 Stripe, Inc.

  • Purpose: Payment processing
  • Data location: United States
  • Data processed: Payment method, billing information
  • Safeguards: PCI DSS Level 1 certified, Standard Contractual Clauses (SCCs)
  • Privacy Policy: https://stripe.com/privacy

5.4 Google LLC

  • Purpose: Authentication (OAuth)
  • Data processed: Name, email, Google account ID
  • Safeguards: Standard Contractual Clauses (SCCs)
  • Privacy Policy: https://policies.google.com/privacy

All processors are contractually obligated to protect your data and comply with GDPR requirements.

6. International Data Transfers

Personal data is stored and processed in the United States. If you are located in the European Economic Area (EEA), your data is transferred outside the EEA under appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all processors, including a signed DPA with OpenAI covering voice data transmitted for transcription and emotion analysis

You have the right to request a copy of these safeguards by contacting support@innerdispatch.com.

7. Data Retention

7.1 Voice Recordings, Transcriptions, and Emotion Analysis

Recordings, their transcriptions, and emotion analysis results are retained for as long as your account is active. If you delete a recording manually, the audio file, associated transcription, and emotion analysis results are permanently deleted immediately.

7.2 Free Users — Freeze Policy

Recordings older than 7 days are frozen (unplayable but not deleted). Frozen recordings, their transcriptions, and emotion analysis results remain stored in your account and can be unfrozen by upgrading to Memory Plan.

7.3 Memory Plan Subscribers

All recordings remain playable indefinitely while your subscription is active. If you cancel, recordings older than 7 days will become frozen again.

7.4 Generated Videos (Rewinds)

Generated video files are stored temporarily on our servers for delivery only. Files are permanently deleted within 7 days of generation, or upon confirmed download, whichever comes first.

7.5 Account Deletion

When you delete your account:

  • All voice recordings are permanently deleted immediately
  • All transcriptions are permanently deleted immediately
  • All emotion analysis results are permanently deleted immediately
  • Account information is permanently deleted immediately
  • Memory Plan subscription is canceled (if active)

We may retain anonymized technical logs for up to 90 days for security and legal compliance purposes.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data:

  • Encryption in transit: All data transmitted via HTTPS/TLS
  • Encryption at rest: Data stored with infrastructure-level encryption (Supabase/AWS)
  • Access controls: Role-based access, Row Level Security (RLS)
  • Authentication: Secure OAuth 2.0 via Google
  • Sub-processor security: All processors maintain their own security certifications (e.g., Supabase SOC 2 Type II, Stripe PCI DSS Level 1)

Limitations:

  • We do not provide end-to-end encryption (data is readable by our infrastructure providers)
  • Audio quality may reveal identifying information

9. Cookies and Tracking

We use essential cookies only for authentication and session management:

  • auth_token: Keeps you signed in
  • session_id: Manages your session

These cookies are necessary for the service to function and do not require consent under GDPR.

We do not use:

  • Analytics cookies
  • Advertising cookies
  • Third-party tracking cookies

10. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights:

10.1 Right to Access (Article 15)

Request a copy of all personal data we hold about you.

10.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete data.

10.3 Right to Erasure (Article 17)

Request deletion of your account and all associated data.
How: Settings → Data & Privacy → Delete Account Permanently

10.4 Right to Restriction (Article 18)

Request limitation of processing under certain circumstances.

10.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format via Settings → Data & Privacy → Download All Data. Your export is provided as a ZIP archive containing:

  • audio/ — all voice recordings (.webm files)
  • recordings.json — transcriptions, emotion analysis results (valence, emotion_intensity, emotion_analyzed_at), and metadata (date, duration, timestamps)
  • profile.json — account information

10.6 Right to Object (Article 21)

Object to processing based on legitimate interests.

10.7 Right to Withdraw Consent

Withdraw consent at any time (where processing is based on consent).

10.8 Right to Lodge a Complaint

File a complaint with your local data protection authority.

To exercise your rights, contact: support@innerdispatch.com
We will respond within 30 days.

11. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning you.

12. Children's Privacy

The service is not intended for individuals under 16 years of age within the European Union, or under 13 years of age in other jurisdictions.

We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it immediately.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Notify affected users without undue delay if the breach is likely to result in high risk

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date
  • Notify you via email (if you have an active account)
  • Post a notice in the service

Continued use of the service after changes constitutes acceptance of the revised policy.

15. Contact and Complaints

Data Controller:
Inner Dispatch
Email: support@innerdispatch.com

Supervisory Authority:
If you are in the EEA, you have the right to lodge a complaint with your local data protection authority. A list of authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en

16. Legal Disclosure

We may disclose personal data if required by law or in response to:

  • Valid legal process (subpoena, court order)
  • Law enforcement requests
  • National security requirements

We will notify you of such requests unless legally prohibited.

This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to its conflict of law provisions.