Privacy Policy - MemVoice

Last Updated: [DATE]

1. General Information

1.1 Data Controller

mixon.tech (hereinafter “we”, “us”, “our”) is the data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Polish Act of 10 May 2018 on the protection of personal data.

Contact Information:

• Company Name: mixon.tech
• Address: [COMPANY ADDRESS]
• Email: [CONTACT@MIXON.TECH]
• Phone: [PHONE NUMBER]

1.2 MemVoice Application

MemVoice is an advanced web application that enables:

• Audio transcription using artificial intelligence
• AI-powered content and summary generation
• Social media post creation
• Note and content management

2. Types of Personal Data Processed

2.1 Registration Data

• Social Media Login: Name, surname, email address, profile picture, user ID from platforms: Facebook, Instagram, X.com (Twitter), LinkedIn, Threads
• Email Login: Email address, password (stored in encrypted form), first name, last name

2.2 Audio and Transcription Data

• Audio recordings: Audio files uploaded by users
• Transcriptions: Texts generated from audio recordings
• Summaries: AI-generated content based on transcriptions
• Social media posts: Content prepared for publication on social platforms

2.3 Technical Data

• IP Address: Automatically collected during app usage
• Device Information: Browser type, operating system, screen resolution
• Cookies: Essential for application functionality
• Activity logs: Information about actions taken in the application

2.4 Payment Data

• Transaction information: Processed by LemonSqueezy
• Payment history: Dates, amounts, payment status
• Billing data: Name, address, tax ID (if applicable)

3. Purposes and Legal Bases for Processing

3.1 Service Provision (Art. 6(1)(b) GDPR)

• Creating and managing user accounts
• Audio transcription services
• Summary and content generation
• Social media post publishing
• Payment processing

3.2 Legitimate Interest (Art. 6(1)(f) GDPR)

• Application usage analysis for improvement
• Fraud detection and prevention
• System security assurance
• Direct marketing of our services

3.3 Consent (Art. 6(1)(a) GDPR)

• Analytical and marketing cookies
• Newsletter and marketing communication
• Data retention beyond required periods

3.4 Legal Obligation (Art. 6(1)(c) GDPR)

• Tax data retention
• Compliance with court orders
• Law enforcement cooperation

4. Data Sharing with Third Parties

4.1 AI Service Providers

AssemblyAI (United States)

• Purpose: Audio transcription
• Data: Audio files, metadata
• Retention Period: Maximum 30 days
• Security: AES-256 encryption, TLS 1.3 protocol

OpenAI (United States)

• Purpose: Summary and content generation
• Data: Transcriptions, user instructions
• Retention Period: Maximum 30 days (API), zero data retention option
• Security: AES-256 encryption, SOC 2 Type 2

Anthropic (United States)

• Purpose: AI content generation
• Data: Texts for processing
• Security: End-to-end encryption, restricted access

4.2 Social Media Platforms

• Facebook/Meta: Post publishing, login data
• Instagram: Content publishing, profile information
• X.com (Twitter): Tweet publishing, authentication data
• LinkedIn: Business post publishing
• Threads: Content publishing

4.3 Infrastructure and Payments

Cloudflare (United States/Europe)

• Purpose: Content delivery (CDN), attack protection
• Data: IP address, HTTP request information
• Security: Encryption in transit, GDPR compliance

LemonSqueezy (United States)

• Purpose: Payment processing
• Data: Transaction information, billing data
• Security: PCI DSS encryption, GDPR compliance

5. International Data Transfers

5.1 Protection Mechanisms

Personal data may be transferred to third countries through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• EU-US Data Privacy Framework certification
• Binding Corporate Rules (BCRs)

5.2 Destination Countries

• United States: AssemblyAI, OpenAI, Anthropic, Cloudflare, LemonSqueezy
• Canada: Some Cloudflare servers
• Japan: Optional data processing

6. Data Retention Periods

6.1 Standard Periods

• Audio recordings: 30 days or until deleted by user
• Transcriptions: Until account deletion or consent withdrawal
• Account data: Until account deletion + 30 days for backups
• Analytics data: 24 months
• Security logs: 12 months

6.2 Legal Periods

• Tax data: 5 years (according to tax regulations)
• Payment data: 5 years (accounting requirements)
• Litigation data: Until case closure + limitation periods

7. User Rights

7.1 Right of Access (Art. 15 GDPR)

You have the right to:

• Confirmation of whether we process your data
• Copy of your personal data
• Information about processing purposes
• Information about data recipients

7.2 Right to Rectification (Art. 16 GDPR)

• Correction of inaccurate data
• Completion of incomplete data

7.3 Right to Erasure (Art. 17 GDPR)

• Data deletion when no longer needed
• Withdrawal of consent for processing
• Objection to processing

7.4 Right to Restrict Processing (Art. 18 GDPR)

• Processing restriction in specific cases
• Data blocking pending objection review

7.5 Right to Data Portability (Art. 20 GDPR)

• Receiving data in CSV or JSON format
• Data transfer to another controller

7.6 Right to Object (Art. 21 GDPR)

• Objection to processing based on legitimate interest
• Objection to direct marketing

7.7 Right to Withdraw Consent

• Consent withdrawal at any time
• No effect on processing lawfulness before withdrawal

8. Data Security

8.1 Technical Measures

• Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
• Access Control: Two-factor authentication, permission management
• Monitoring: 24/7 security monitoring
• Backups: Regular, encrypted backups

8.2 Organizational Measures

• Training: Regular staff training on data protection
• Policies: Internal information security policies
• Audits: Regular security audits
• Procedures: Incident response procedures

9. Rights for Users from Different Jurisdictions

9.1 California Users’ Rights (CCPA/CPRA)

• Right to Know: About categories of collected data
• Right to Delete: Personal data deletion
• Right to Opt-Out: From data sales (we don’t sell data)
• Right to Non-Discrimination: Equal treatment regardless of exercising rights

9.2 Brazilian Users’ Rights (LGPD)

• Right to Confirmation: Whether we process your data
• Right of Access: To your personal data
• Right to Correction: Of inaccurate data
• Right to Portability: Data to another service provider

9.3 Canadian Users’ Rights (PIPEDA)

• Right of Access: To information about processed data
• Right to Correction: Of incorrect information
• Right to Withdraw Consent: At any time

10. Cookies and Tracking Technologies

10.1 Types of Cookies

• Necessary: Required for application functionality
• Functional: Provide additional features
• Analytical: Traffic and user behavior analysis
• Marketing: Advertisement personalization

10.2 Cookie Management

You can manage cookie settings in your browser or application settings panel.

11. Policy Changes

11.1 Updates

• We reserve the right to update this policy
• Users will be notified of significant changes 30 days in advance
• Continued use of the application means acceptance of changes

11.2 Archiving

• Previous policy versions are archived and available upon request

12. Contact

12.1 Questions and Requests

For data protection matters, please contact:

• Email: [CONTACT@MIXON.TECH]
• Address: [COMPANY ADDRESS]

12.2 Data Protection Officer

If required by law:

• Email: [DPO@MIXON.TECH]

12.3 Supervisory Authority

For complaints, you can contact:

• Polish Data Protection Authority (UODO)
• ul. Stawki 2, 00-193 Warsaw, Poland
• Tel.: +48 22 531 03 00
• www.uodo.gov.pl

For EU residents: Your local data protection authority For UK residents: Information Commissioner’s Office (ICO) For US residents: Relevant state attorney general’s office

13. Final Provisions

13.1 Governing Law

This policy is governed by and interpreted in accordance with Polish law and applicable international regulations.

13.2 Dispute Resolution

Any disputes will be resolved by Polish courts competent for the controller’s registered office, subject to applicable international jurisdiction rules.

13.3 Effective Date

This policy is effective from [DATE] and replaces all previous versions.

---

14. Additional Information for International Users

14.1 Multi-Jurisdictional Compliance

This privacy policy has been designed to comply with the most stringent international data protection standards, including:

• GDPR (European Union)
• CCPA/CPRA (California)
• LGPD (Brazil)
• PIPEDA (Canada)
• PDPA (Singapore)
• Privacy Act (Australia)

14.2 Language and Translation

This policy is available in multiple languages. In case of discrepancies between language versions, the English version shall prevail for international users, and the Polish version for users in Poland.

14.3 Cross-Border Data Processing

We process data globally through our international service providers. All transfers are protected by appropriate safeguards as required by applicable data protection laws.

---

This privacy policy has been developed with consideration for the most stringent international data protection standards to ensure the highest level of protection for users regardless of their location.