Privacy Policy for Vocally App

Last Updated: Apr 12, 2026

This Privacy Policy explains how Vocally, registered in Germany (“we”, “us”, “our”), collects, uses, and protects your personal data when you use the Vocally mobile application (“App”) and related services.

This policy complies with:

  • General Data Protection Regulation (GDPR)
  • German Federal Data Protection Act (BDSG)
  • Apple App Store Review Guidelines

1. Overview

Vocally is an AI-powered language learning application designed to help users practice speaking through interactive conversations and personalized feedback.

We are committed to protecting your privacy and processing your data transparently and lawfully.

2. Data Controller

[Your Company Name]
[Company Address]
[Email Address]

3. Personal Data We Collect

We collect the following categories of personal data depending on how you use the App:

3.1 Account and Profile Data

  • Email address (required for account creation and authentication)
  • Username
  • Profile information (e.g., language level, learning preferences)

3.2 Audio Data

  • Voice recordings captured when you use speaking or conversation features
  • Derived speech features (e.g., pronunciation metrics)

3.3 Transcripts and Conversation Data

  • Transcripts generated from your spoken or written inputs
  • Text prompts you enter into AI features
  • AI-generated responses

3.4 Usage Data

  • Interaction logs (features used, session duration, timestamps)
  • Performance and progress data

3.5 Technical Data

  • Device type, operating system, app version
  • IP address (where applicable)
  • App diagnostics and crash data

How Data Is Collected

We collect data:

  • Directly from you (e.g., when you create an account, speak, or enter prompts)
  • Automatically via the App (e.g., usage analytics, diagnostics)
  • Through AI processing when generating transcripts, feedback, and responses


4. How We Use Your Data

We process personal data for the following purposes:

  • To provide and operate core App functionality (e.g., AI conversations, speech analysis)
  • To generate transcripts and AI responses
  • To personalize learning content and recommendations
  • To analyze usage patterns and improve features and system performance
  • To maintain security, prevent misuse, and debug errors
  • To communicate service-related information (e.g., account, security, updates)


AI System Improvement

We may use prompts, transcripts, and interaction data to:

  • Improve the performance, accuracy, and relevance of AI features
  • Optimize conversation flows and learning experiences

Where possible, such data is:

  • Processed without directly identifiable personal data (PII)
  • Aggregated or pseudonymized

We do not use your data to identify you through AI processing, and we do not share your conversations with other users.


5. AI Processing and Conversation Data

5.1 User Conversations

When you interact with AI features:

  • Your conversation content (prompts) may be processed to generate responses
  • We do not share your conversations with other users

5.2 Data Minimization

We apply strict data minimization principles:

  • Stored prompts are processed without directly identifiable personal data (PII) wherever possible
  • We do not intentionally use your conversations to identify you

5.3 Topic Aggregation

We may extract general topics or themes from conversations in an anonymized or aggregated form.

This is used to:

  • Display popular topics or conversations
  • Improve content recommendations

This process:

  • Does not include personal identifiers
  • Does not expose individual user conversations

5.4 Use of Prompts for Service Improvement

User prompts, transcripts, and interaction data may be stored for a limited period and used to:

  • Improve the performance, accuracy, and relevance of our AI systems
  • Enhance user experience and feature functionality
  • Provide and maintain the service

We apply data minimization practices:

  • Processed without directly identifiable personal data (PII)
  • Aggregated or pseudonymized to protect user privacy

We do not use prompts to identify individual users, and we do not make individual conversations publicly visible or accessible to other users.

Individual conversations are not shared with other users, and only generalized topics may be derived for features such as popular conversation themes.

Any use of data for system improvement is conducted in accordance with:

  • GDPR principles (data minimization, purpose limitation)
  • Applicable provisions of the EU AI Act on transparency and user protection


6. Data Sharing and Third-Party Processors

We do not sell your personal data.

We may share data with trusted third-party service providers who process data on our behalf under Data Processing Agreements (Art. 28 GDPR).

Key Processor: Google (Gemini Live API)

We use services provided by Google to enable real-time AI conversations and processing.

Provider: Google Ireland Limited (for EEA users)

Services Used: Gemini Live API (AI processing, speech-to-text, text generation)

Data Processed:

  • Audio input (voice recordings)
  • Transcripts (converted speech and text prompts)
  • Interaction context necessary to generate responses

Purpose:

  • To generate AI responses
  • To enable real-time conversational features
  • To process and interpret speech input

Data Protection Measures:

  • Processing is subject to contractual safeguards (Data Processing Agreements)
  • Data is handled in accordance with GDPR requirements
  • Where applicable, transfers outside the EEA are protected by Standard Contractual Clauses (SCCs)

We ensure that all third-party processors provide an equivalent level of data protection consistent with GDPR requirements.


Other Service Providers

We may also use providers for:

  • Hosting and infrastructure
  • Analytics and diagnostics
  • Email and communication services

All providers are contractually bound to protect your data and process it only on our instructions.

7. Data Transfers Outside the EU

If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)

8. Data Retention

We retain personal data only as long as necessary:

  • Account data → until account deletion
  • Usage data → limited retention for analytics and improvement
  • Audio data → only as long as required for processing

You may request deletion at any time.

9. Your Rights (GDPR)

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Erase your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise your rights, contact: [Insert Email]

10. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit
  • Access controls
  • Secure storage systems

11. Children’s Privacy

The App is not intended for users under 16 years of age without parental consent.

We do not knowingly collect data from children without authorization.

12. Cookies and Tracking

We use cookies and similar technologies as described in our Cookie Policy.

Where required, we obtain your consent before using non-essential tracking technologies.

13. Apple App Store Compliance

In accordance with Apple requirements:

  • We clearly disclose all data collection and usage practices
  • We do not use collected data for purposes beyond those stated
  • We do not track users across third-party apps or websites without consent

14. Changes to This Policy

We may update this Privacy Policy from time to time.

Users will be notified of significant changes where required.

15. Contact

Vocally

Technical University of Munich, Lichtenbergstraße 6, Garching, Germany

go67gok@tum.de



End of Privacy Policy

Created with MailerLite