TLDL - Privacy Policy - Manuel Fessen

1. Introduction

This privacy policy informs you about the processing of personal data when using the TooLongDidListen app (hereinafter “the App”) in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The App is not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

2. Controller

The controller within the meaning of data protection laws is:

Manuel Fessen
Ungelsheimer Weg 7
40472 Düsseldorf
Email: litze.pasten.0i@icloud.com

3. Types of Data Processed

We process the following categories of personal data:

Audio Recordings and AI Analysis:

Audio recordings: Captured within the app are stored exclusively on the user’s device. When iCloud synchronization is activated, encrypted storage occurs in the user’s personal iCloud. Audio data is also sent to AssemblyAI for transcription.
Transcripts, Summaries, Action Items, Speaker Information: Text generated from audio recordings (transcripts) and subsequent AI analysis results (summaries, action items, titles, speaker labels) are stored on your device and, if synchronization is enabled, in your personal iCloud. Transcript text is sent to OpenAI for analysis. This text may contain personal information if spoken during the recording.

We, as the provider, have no direct access to this data stored on your device or in your iCloud. The security of data stored in iCloud is subject to Apple Inc.’s security standards and the user’s responsibility.

Additional data we process:

Technical information (device type, operating system version, app version): Anonymized for app improvements.
Anonymized usage data (error messages, usage times): For stability and feature improvement.
Subscription data (payment information, subscription status): Managed via RevenueCat.
User Settings (e.g., preferred languages): Stored locally and potentially synced via iCloud key-value store.

4. Purpose of Data Processing

We process personal data for the following purposes:

Providing the app’s core functionality (audio recording, transcription, AI analysis, speaker identification).
Synchronizing data across user devices via iCloud (optional).
Processing subscription payments and managing entitlements.
Analyzing anonymized usage data for app stability and improvements.
Providing customer support.
Enabling AI-driven features through third-party services (AssemblyAI, OpenAI).

5. Legal Basis for Processing

The legal basis for processing personal data is:

Article 6(1)(a) GDPR (Consent): For accessing the microphone to record audio. To assist with awareness, the App displays a one-time notification upon first use reminding you of this obligation and provides a persistent visual indicator during recording. An optional audio cue at the start of recording can also be enabled in settings. However, these features are merely aids; it remains your sole responsibility as the user to ensure you have obtained explicit consent from all individuals participating in a conversation before initiating a recording. Recording individuals without their knowledge or consent may be unlawful in many jurisdictions.
Article 6(1)(b) GDPR (Performance of contract): For providing core app functionality like transcription, AI analysis, subscription management, and iCloud sync (when enabled by the user).
Article 6(1)(f) GDPR (Legitimate interest): For processing anonymized usage analytics to improve the app, ensuring data minimization and privacy protection.

We share data with the following third parties solely for the purpose of providing app functionality:

Apple Inc.: For iCloud synchronization (if enabled by the user). Data is encrypted in transit and at rest within the user’s iCloud account. (Apple Privacy Policy)
RevenueCat Inc.: For subscription management and validating purchase status. (RevenueCat Privacy Policy)
AssemblyAI: Audio data from recordings is sent to AssemblyAI for transcription and speaker diarization. We utilize their EU endpoint where possible. (AssemblyAI Privacy Policy)
OpenAI: Transcript text is sent to OpenAI for generating summaries, action items, titles, and potentially other analyses. This may involve data transfer to servers outside the EU/EEA, potentially in the USA. We rely on appropriate safeguards for such transfers, such as Standard Contractual Clauses (SCCs) or the provider’s certification under the EU-US Data Privacy Framework, where applicable. (OpenAI Privacy Policy)

Please refer to the respective privacy policies of these third parties for details on how they handle data, including their policies on using data for service improvement or model training. We configure these services where possible to limit the use of your data (e.g., opting out of data usage for training if offered via API).

7. Data Retention

We retain personal data only as long as necessary for the purposes stated in this policy:

Audio recordings, transcripts, AI results: Stored on the user’s device and/or iCloud until manually deleted by the user or via the “Delete Account” function.
Data sent to AssemblyAI and OpenAI: Subject to their respective data retention policies. We transmit data solely for processing and do not request long-term storage.
Subscription data: Retained by RevenueCat according to their policies, typically for the duration of the subscription plus a period required for financial/legal obligations.
Anonymized usage data: Retained for a limited period (e.g., 1 year) for trend analysis.
User Settings: Retained until changed by the user or account deletion.

The “Delete Account” feature in the app settings aims to remove all user-associated data from the device, iCloud (CloudKit and key-value store), and initiates deletion requests where applicable (e.g., potentially with RevenueCat, though direct user data deletion by RevenueCat might require contacting them).

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right to access (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (Article 17 GDPR) - Facilitated via the “Delete Account” feature.
Right to restriction of processing (Article 18 GDPR)
Right to data portability (Article 20 GDPR)
Right to object (Article 21 GDPR)
Right to withdraw consent (Article 7(3) GDPR) - e.g., by revoking microphone permission in device settings.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR).

To exercise these rights, please contact us at the email address provided in section 2, or use the available in-app mechanisms (like data deletion).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Utilizing Apple’s CloudKit encryption for data synchronized via iCloud.
Secure transmission protocols when communicating with third-party APIs (AssemblyAI, OpenAI, RevenueCat).
Access controls within the app’s infrastructure.
Relying on secure storage mechanisms provided by the operating system and cloud platforms.

10. Changes to This Policy

We may update this policy from time to time. The current version is always available in the app settings and on our website [Optional: Add Website URL if applicable].

11. Contact Information

For any questions regarding this privacy policy, please contact: