Last Updated: July 29, 2025
Introduction
Our data processing activities are based on:
- Contract performance (Art. 6(1)(b) GDPR) for subscription services
- Legitimate interests (Art. 6(1)(f) GDPR) for app functionality
- Consent (Art. 6(1)(a) GDPR) for audio processing
Subscription Services
Subscription Tiers
- Free Tier: Basic features at no cost
- Basic Subscription
- Pro Subscription
All payment processing and subscription management is handled through Apple’s App Store Kit and Google Play Billing Library (v7.1.1+). RevenueCat is used solely for anonymous subscription verification using device-specific identifiers.
Data Processing and Storage
Audio Processing
When you use the speech-to-text feature:
- Audio recordings are transmitted to OpenAI’s Whisper service for processing
- Transmissions are encrypted using industry-standard protocols
- No audio data is permanently stored on our servers
- Processing is performed in compliance with GDPR requirements
Data Minimization
Following GDPR Article 25, we implement data minimization by:
- Using anonymous identifiers for subscription tracking
- Processing data only when necessary for specific features
- Storing content locally on your device
User Rights Under GDPR
You have the following rights:
- Access your personal data
- Request data correction
- Request data deletion
- Withdraw consent for audio processing
- Data portability
- Lodge a complaint with a supervisory authority
Technical and Organizational Measures
We implement appropriate technical and organizational measures to ensure data security:
- End-to-end encryption for data transmission
- Local storage of user-generated content
- Secure API communications with third-party services
- Regular security assessments
Third-Party Service Providers
We work with the following third-party service providers who may process your data:
OpenAI (Whisper)
- Purpose: Speech-to-text conversion
- Privacy Policy: openai.com/privacy
- Data Processing Agreement: openai.com/policies/data-processing-addendum
Firebase Crashlytics
- Purpose: App performance monitoring and crash reporting
- Privacy Policy: firebase.google.com/support/privacy
- Data Processing Agreement: https://firebase.google.com/terms/data-processing-terms
RevenueCat
- Purpose: Anonymous subscription verification
- Privacy Policy: revenuecat.com/privacy
- Data Processing Agreement: revenuecat.com/dpa
Apple Services
- Purpose: App distribution and payment processing
- App Store Privacy Policy: apple.com/legal/privacy/data/en/app-store
- App Store Review Guidelines: developer.apple.com/app-store/review/guidelines
Google Services
- Purpose: App distribution and payment processing
- Play Store Privacy Policy: https://policies.google.com/privacy?hl=en-US#intro
- Play Store Review Guidelines: https://support.google.com/googleplay/android-developer/answer/9859455?hl=en
We integrate Google Mobile Ads (AdMob) and the Google Play Billing Library. Google collects your Android Advertising ID, device and usage data to personalize ads, measure performance, prevent fraud, and process purchases. Processing is based on Art. 6 (1)(f) GDPR (legitimate interests) for advertising and analytics, and Art. 6 (1)(b) GDPR (contract performance) for in-app purchases. Google LLC and Google Ireland Ltd. act as processors. For full details, see Google’s Privacy Policy: https://policies.google.com/privacy
TikTok Conversion Tracking
We do not integrate the TikTok SDK or any similar tracking technologies in the Exposure Studio app. When you click on one of our ads on TikTok, TikTok may record this event and redirect you to the App Store or Google Play Store. Any data processing related to this conversion event (for example, registering that an ad click led you to our app’s store listing) is carried out solely by TikTok. No tracking or data transmission to TikTok occurs from within the Exposure Studio app itself.
Please note:
- We do not transmit any personal data from Exposure Studio to TikTok.
- We do not enable TikTok to track your behavior within the app.
- Data processing for these conversion events is managed exclusively by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
You can manage your consent and privacy preferences for TikTok’s processing of your data at any time directly in your TikTok account or within the TikTok app’s privacy settings. For more information on how TikTok processes your personal data, please refer to the TikTok Privacy Policy
These third-party providers maintain their own privacy policies and terms of service. We encourage you to review their respective privacy policies to understand how they process your data. We regularly review our providers‘ privacy practices to ensure they meet our standards and comply with applicable data protection laws.Note: The links provided above should be accessed through the respective service providers‘ official websites to ensure you are viewing the most current versions of their policies.