Privacy Policy

Effective Date: January 21, 2026

Last Updated: February 7, 2026

MyVoiceOS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice-controlled AI operating system service at myvoiceos.com (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Personal Information

When you create an account, we collect information that identifies you, including your name, email address, and authentication credentials. We use Auth0 for secure authentication, which may collect additional information as described in their privacy policy.

Voice and Biometric Data

When you use voice commands, we process your voice recordings to provide transcription and AI response services. Under applicable privacy laws (including GDPR and certain U.S. state laws), voice recordings are classified as biometric data and personally identifiable information (PII). Voice data may reveal characteristics such as gender, accent, emotional state, and speech patterns. We process voice data only with your explicit consent, which you provide each time you initiate a voice interaction by clicking the voice button. Voice recordings are transmitted securely to our third-party transcription provider (ElevenLabs) for processing and are not used to create biometric identifiers or voiceprints for identification purposes.

AI-Generated Data

Our Service uses artificial intelligence to generate content from your interactions, including daily analysis reports, entity extraction for knowledge graphs, sentiment analysis, action item identification, and memory summaries. This AI-generated data is derived from your conversations and is stored as part of your account.

Usage Information

We automatically collect information about your interactions with our Service, including conversation history, feature usage, timestamps, and technical data such as IP address, browser type, device information, and referring URLs.

Third-Party Integration Data

When you connect third-party services (Notion, Google Calendar, Gmail, Google Drive, HeyGen), we collect and store OAuth access tokens and data necessary to provide integration functionality. We only access data you explicitly authorize through the OAuth consent flow. We do not store your third-party credentials.

Payment Information

Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card numbers, CVV codes, or bank account details. We receive only a Stripe customer ID, subscription status, and transaction identifiers necessary to manage your subscription.

2. Sources of Information

We collect personal information from the following sources:

  • Directly from you: Account registration, voice interactions, text inputs, and settings preferences
  • Automatically: Browser cookies, server logs, and analytics when you use the Service
  • Third-party services: OAuth-connected apps (Notion, Gmail, Google Calendar, Google Drive, HeyGen) and authentication providers (Auth0)
  • Payment processor: Stripe provides us with subscription and transaction identifiers

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a)): Voice data processing, AI analysis of your conversations, and optional analytics cookies. You may withdraw consent at any time.
  • Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service, manage your account, and fulfill subscription obligations.
  • Legitimate Interest (Article 6(1)(f)): Service improvement, fraud prevention, security monitoring, and aggregate analytics. We balance our interests against your rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): Compliance with applicable laws, tax requirements, and responding to lawful government requests.

4. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process voice commands, generate transcriptions, and produce AI responses
  • Generate AI-powered analysis, including daily summaries, sentiment analysis, entity extraction, and knowledge graph construction
  • Manage your account, subscription, and billing
  • Send transactional emails (welcome, billing, service updates, and security alerts)
  • Improve service quality, develop new features, and fix bugs
  • Detect and prevent fraud, abuse, or unauthorized access
  • Comply with legal obligations

5. AI and Automated Decision-Making

MyVoiceOS uses artificial intelligence to process your data and generate insights. We are transparent about how AI is used in our Service:

  • Voice Transcription: Your voice recordings are transcribed to text using ElevenLabs' speech-to-text service.
  • Conversational AI: AI agents process your transcribed text to generate responses, execute commands, and provide assistance.
  • Daily Analysis: AI analyzes your conversations to identify themes, sentiment, action items, and entities (people, companies, projects).
  • Knowledge Graph: AI extracts entities and relationships from your conversations to build a personal knowledge graph.
  • Memory System: AI maintains contextual memory across conversations to provide personalized assistance.

No automated decisions with legal effect: We do not use AI to make decisions that produce legal effects or similarly significant effects on you (such as credit decisions, employment decisions, or access to essential services). AI-generated analysis is informational only.

AI training: Your voice recordings and conversation data are not used to train general-purpose AI models. Your data is processed solely to provide you with the Service and is not shared with AI providers for model training purposes.

6. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We share data only in the following circumstances:

Service Providers

We work with trusted third-party service providers who process data on our behalf under contractual obligations to protect your data:

  • Auth0 (Okta): Authentication and user identity management
  • Stripe: Payment processing and subscription management
  • ElevenLabs: Voice transcription and text-to-speech synthesis
  • Resend: Transactional email delivery
  • Manus: Application hosting and infrastructure
  • TiDB Cloud: Encrypted database services
  • Umami: Privacy-focused website analytics (no personal data collected)

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.

7. Data Retention

We retain your data for the following periods:

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request (or immediately upon immediate deletion request).
  • Voice recordings and transcripts: Retained for as long as your account is active unless you delete individual conversations. Free tier users' data older than 7 days may be automatically archived.
  • AI-generated analysis: Retained for as long as your account is active. Daily analyses, knowledge graph data, and memory entries are deleted when you delete your account.
  • Payment records: Transaction identifiers are retained for 7 years to comply with tax and accounting regulations.
  • Server logs: Automatically purged after 90 days.
  • Cookies: Session cookies expire when you close your browser. Analytics cookies expire after 12 months.

You may delete individual conversations, voice recordings, memories, and captures at any time through the Service. You may also request complete account deletion, which permanently removes all your data from our servers and from Auth0.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) for all data transmissions
  • Encrypted database storage (TiDB Cloud with encryption at rest)
  • Secure authentication using JWT tokens and OAuth 2.0
  • Access controls and principle of least privilege for internal systems
  • Regular security reviews and dependency updates

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by GDPR. We will also notify the relevant supervisory authority where required. The notification will include the nature of the breach, the categories and approximate number of individuals affected, likely consequences, and the measures taken or proposed to address the breach.

10. Your Rights

Rights Under GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format (JSON export available in Settings)
  • Right to Object: Object to processing based on legitimate interest
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully

Rights Under CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing, quality, or service levels for exercising your rights.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information (including voice data) to what is necessary to provide the Service

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authorization and your identity before processing the request.

Exercising Your Rights

To exercise any of these rights, you may: (a) use the data export and account deletion features in your account Settings under Privacy & Data; (b) email us at [email protected]; or (c) contact us using the information in the Contact Us section below. We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA), with the possibility of a one-time extension if needed.

11. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Required for authentication, session management, and core Service functionality. These cannot be disabled without affecting Service operation.
  • Analytics Cookies: We use Umami, a privacy-focused analytics platform, to understand how users interact with our Service. Umami does not use cookies for tracking, does not collect personal data, and is GDPR-compliant by design. No data is shared with third parties.

We do not use advertising cookies, social media tracking pixels, or cross-site tracking technologies. You can control cookie preferences through your browser settings, though disabling essential cookies may affect Service functionality.

12. Children's Privacy

Our Service is not intended for children under 16 years of age (or under 13 in jurisdictions where that is the applicable age threshold). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete such information.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your jurisdiction. When we transfer data internationally, we implement appropriate safeguards, including reliance on the EU-U.S. Data Privacy Framework and standard contractual clauses where applicable. By using our Service, you acknowledge and consent to such transfers.

14. Do Not Track Signals

Our Service does not respond to "Do Not Track" (DNT) browser signals because we do not engage in cross-site tracking. Our analytics solution (Umami) is privacy-focused and does not track users across websites.

15. Financial Incentives (CCPA)

We offer a free tier and paid subscription tiers (Pro and Team). The free tier provides limited functionality (50 conversations per month, 7-day history). Paid tiers provide additional features such as unlimited conversations, persistent memory, knowledge graphs, and Notion export. The difference in service levels is based on the operational costs of providing enhanced features, not on the value of your personal data. We do not offer financial incentives in exchange for the collection, sale, or retention of personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our Service at least 30 days before the changes take effect. The "Last Updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Privacy Inquiries: [email protected]

General Support: [email protected]

Website: myvoiceos.com

For EU/EEA residents: If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority.