← Back

Privacy Policy

Last updated:

What we collect

• Email address — for sign-in via Firebase Auth.
• Stripe customer ID and subscription status — for billing.
• Server logs — IP address and request paths, retained 30 days, used to debug abuse and outages.

What we do NOT collect

• Microphone audio. Speech recognition runs in your browser via the Web Speech API. Audio is sent to your browser's speech provider (Google in Chrome) and never reaches our servers.
• Screen captures. Tab-capture / Overlay mode runs entirely in your browser. We never see, store, or transmit captured frames.
• Script content. Your scripts are stored in your browser's localStorage. We don't see them.
• Card numbers. Stripe handles all payment data. We only see a customer ID.

Third parties

• Firebase Auth (Google) — handles sign-in.
• Stripe — handles billing.
• Google Cloud Run / Firestore — hosts the backend.
• Browser speech provider — your browser's Web Speech API may send audio to its provider for recognition (Google in Chrome).

Your rights

Email privacy@speechflow (replace at deploy time) to request a copy of, or deletion of, your data. We process requests within 30 days.

Cookies

We use first-party storage (localStorage and Firebase Auth session cookies) only. No advertising or analytics cookies.

Changes

We may update this policy with reasonable notice. The "last updated" date above will reflect any change.