Welcome to Vivid Voice, a wellbeing and journaling app. This Privacy Policy explains what we collect, how we store and use your data, how we protect it, your rights, and how to contact us. By using Vivid Voice, you agree to this Policy.
1. Information We Collect
1.1 Information You Provide
Account Information
- Name (2-50 characters)
- Email (validated and verified via OTP)
- Password (bcrypt hashed; never stored in plain text)
- Email verification status
- Profile image (optional)
Voice Notes & Audio Journals
- Audio sent via HTTPS to backend
- Stored in AWS S3 with AES-256 encryption
- No local storage beyond temporary playback cache
- Formats: m4a, mp3, wav, aac, ogg (max 50MB)
Text Entries & Journaling Data
- Daily voice journal responses (text/audio)
- Custom journal prompts
- Daily mood ratings (0-10) and weekly averages
- Calendar highlights and prompt schedules
Goals & Progress Tracking
- Title, category, optional deadline
- Video (mp4, mov, avi, wmv up to 100MB)
- Cover image (jpg, jpeg, png, gif up to 100MB)
- Progress percentage, completion status/timestamp
Vision Board & Achievements
- Vision board entries and achievement folders
- Images/videos stored in AWS S3 (AES-256)
- Images: jpg, jpeg, png, gif, heic (10MB journal, 100MB goals)
- Videos: mp4, mov, avi, wmv (100MB)
1.2 Information Collected Automatically
Device Information
- Device ID (X-Device-ID), device type/model (User-Agent)
- App version (X-App-Version), platform (X-Platform)
- IP address (security/abuse prevention)
Validated on every API request and stored in user_devices.
Authentication & Session Data
OAuth2 (Laravel Passport) tokens (valid 6 months) with server-side sessions and remember tokens.
Usage Data
Aggregated, non-PII usage patterns (prompts, responses, goals, calendar activity).
Subscription & Payment
Apple IAP data: original transaction ID, product ID, status, purchase/expiry dates, trial status, environment, JWS representation. No card data stored; Apple processes payments.
Error & Diagnostic
Error logs, stack traces, request details, performance metrics; retained up to 14 days.
2. How We Use Your Information
Core App Functionality
Save recordings, notes, goals, ratings, and images; sync across devices; show calendar/dashboard; manage prompts and schedules; calculate mood averages; process subscriptions.
Authentication & Security
Verify identity via OTP; manage secure sessions; prevent unauthorized access and abuse.
Improving the App
Understand usage, fix issues, enhance UX, optimize performance.
Communication
Send OTPs, password reset codes, and critical service alerts. No marketing without consent; no ad use.
Subscription Management
Validate status with Apple, process webhooks, enforce premium access, handle refunds/cancellations through Apple.
3. How and Where Your Data Is Stored
Cloud Storage via AWS S3
- AES-256 encryption at rest; HTTPS/TLS in transit
- Redundant, private buckets; signed URLs (30 minutes)
- Profile images, voice journals, goals, visions, achievements organized by user and resource IDs
Backend Database (MySQL)
- User profiles, auth data, prompts/metadata
- Daily ratings, goal/vision metadata, subscription records, device registrations
- SSL/TLS, backups, restricted access, firewall isolation
Data Retention Location
Primary AWS region (specify), backups in multi-region replication for DR.
4. How We Protect Your Information
Technical Safeguards
- HTTPS/TLS for all APIs
- OAuth2 token auth; bcrypt password hashing
- AES-256 S3 encryption; API rate limiting
- CORS protections, SQL injection prevention, XSS protection
Access Controls
- Role-based access
- Device validation; token expiration/revocation
- Optional single-device enforcement
Infrastructure Security
- AWS best practices; firewalls; updates
- Automated vulnerability scanning; DDoS protection (AWS Shield)
Monitoring & Auditing
- Comprehensive logging, error tracking, alerts
- Suspicious activity detection; webhook verification
No system is 100% secure. Use strong passwords and keep credentials confidential.
6. Data Retention
Retained while account is active or as needed legally/business-wise. Inactive accounts may be reminded, archived, then deleted. After account deletion: active DB removal immediately, S3 deletion, backups purged within 30 days; irreversible. Legal exceptions may apply.
7. Your Rights & Data Deletion
Access & Correct
Access data in-app; update name, image, entries, goals, visions, prompts, ratings.
Delete Content
Delete audio notes, goals, visions, journal entries, achievements. Removal from S3 is immediate and irreversible.
Full Account Deletion
Email developervividvoice@gmail.com from your registered address with name and email. Identity verification may require OTP. Process within 7 business days; deletion is irreversible. Cancel Apple subscriptions separately.
Data Portability & Opt-Out
Request export (provided within 30 days). Opt-out of non-essential communications via app settings or contact us. Critical service emails cannot be skipped while account is active.
8. Changes to This Privacy Policy
We may update this Policy; new Last Updated date will appear here. Material changes may be emailed or shown in-app. Continued use means acceptance. Version history: v1.0 (Dec 9, 2025).
9. Your Consent
By using Vivid Voice, you consent to this Policy, data collection/use/storage, international transfers, and processing by our providers. Withdraw consent by deleting your account.
10. Contact & Data Protection
Email: developervividvoice@gmail.com | Website: https://vivid-voice.com | Response within 7 business days.
Include name, registered email, and request details for deletion, access, or questions.