Privacy Policy

1. Introduction

Welcome to DumpFlow ("App", "Service", "we", "us", or "our"). This Privacy Policy explains how ParallelSignal GmbH ("Company") collects, uses, discloses, and safeguards your information when you use our mobile application.

By using DumpFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the application.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when registering for the App:

• Account Information: Email address and password (securely hashed)
• Profile Data: Name (optional)
• Subscription Information: Subscription status and payment history (processed by Apple/RevenueCat)

2.2 Voice and Content Data

The core functionality of DumpFlow involves processing your voice recordings:

• Voice Recordings: Audio captured when you create brain dumps
• Transcriptions: Text converted from your voice recordings
• Extracted Tasks: Tasks and action items generated from your brain dumps
• Brain Dump History: Your saved brain dumps and associated content

2.3 Usage Data

We automatically collect certain information when you use the App:

• Device type and operating system
• App usage patterns and feature interactions
• Crash logs and performance data
• Streak and habit tracking data

3. How We Use Your Information

We use your information to:

• Provide Core Services: Process voice recordings, extract tasks, and manage your brain dumps
• Manage Your Account: Handle registration, authentication, and subscription
• Improve the App: Analyze usage patterns to enhance features and performance
• Customer Support: Respond to your inquiries and provide assistance
• Security: Detect and prevent fraud, abuse, or security incidents

4. Third-Party Services

We use trusted third-party services to provide our functionality:

4.1 Supabase (Database & Authentication)

We use Supabase for secure data storage and user authentication. Supabase is SOC 2 Type II certified and provides enterprise-grade security.

• Data stored in secure, encrypted databases
• Row-level security ensures data isolation
• Supabase Privacy Policy

4.2 Deepgram (Voice Transcription)

We use Deepgram's AI to convert your voice recordings into text. Voice data is:

• Transmitted securely via encrypted connection
• Processed in real-time and not retained by Deepgram
• Not used to train AI models without consent
• Deepgram Privacy Policy

4.3 OpenAI (Task Extraction)

We use OpenAI's API to intelligently extract tasks from your transcriptions:

• Only text (not audio) is sent to OpenAI
• API usage does not train OpenAI models
• Data is processed and not retained by OpenAI
• OpenAI Privacy Policy

4.4 RevenueCat (Subscription Management)

We use RevenueCat to manage subscriptions and in-app purchases:

• Processes subscription status and purchase history
• Does not access your content or voice data
• RevenueCat Privacy Policy

4.5 PostHog (Analytics)

We use PostHog for privacy-focused analytics:

• Tracks app usage patterns anonymously
• No personal data shared with third parties
• Self-hosted option for maximum privacy
• PostHog Privacy Policy

5. Data Security

We implement robust security measures to protect your data:

• Encryption in Transit: All data is transmitted over TLS/SSL encrypted connections
• Encryption at Rest: Stored data is encrypted using AES-256 encryption
• Access Controls: Strict access controls and authentication requirements
• Regular Audits: Security practices are regularly reviewed and updated
• Secure Authentication: Passwords are hashed using industry-standard algorithms

6. Your Rights (GDPR & Swiss Law)

Under GDPR and Swiss data protection law, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Receive your data in a portable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain data processing
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account Data: Retained until you delete your account
• Brain Dump Content: Retained until you delete it or your account
• Voice Recordings: Processed for transcription, not stored long-term
• Analytics Data: Anonymized after 24 months

Upon account deletion, your personal data is permanently removed within 30 days, except where retention is required by law.

8. Children's Privacy

DumpFlow is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data may be processed in countries outside Switzerland and the European Economic Area. When this occurs, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) with service providers
• Data Processing Agreements with all third parties
• Compliance with Swiss-US and EU-US data transfer frameworks

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an in-app notification for significant changes

We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Us