Privacy Policy

What We Collect

When you use VoiceMemoir, we collect:

• Account information: Your name and email address. We do not collect or store passwords - sign-in is passwordless via emailed magic links and (optionally) device-bound passkeys.
• Voice recordings: Audio you record through the app. Transcription happens locally in your browser via the Web Speech API; the audio itself is uploaded to an encrypted, access-controlled Backblaze B2 bucket only when you choose to attach it to a story. You can delete attached audio at any time from your account settings, and deletion is permanent within 30 days.
• Story content: Transcripts, AI-generated drafts, and approved memoir passages you create.
• Voice profile data: The stylistic rules, preferences, and patterns the AI learns from your feedback. This is text data, not voice biometrics.
• Authentication tokens: Hashed one-time magic-link tokens (15-minute expiry) and WebAuthn passkey public keys (the private key never leaves your device).
• Usage data: Basic analytics like pages visited, features used, and session duration. Analytics are loaded only after you accept cookies.

How We Use Your Data

• To provide the service: Transcribing your voice, generating drafts, training your voice profile, and assembling your memoir.
• To improve the product: Aggregate, anonymized usage patterns help us make VoiceMemoir better. We never use your personal stories for training AI models.
• To communicate with you: Sign-in links, account notifications, story session reminders, and product updates. No spam.

Your Stories Are Yours

You own your content. Your stories, transcripts, drafts, and finished memoirs belong to you. We do not claim any intellectual property rights over your content. You can export or delete your data at any time.

Subprocessors and Third-Party Services

VoiceMemoir uses the following third-party services to deliver the product. Each operates under its own privacy policy and data processing agreement.

• Anthropic Claude: AI draft generation and voice profile learning. Your story content is sent to Anthropic for processing; Anthropic does not retain or use API data for model training.
• Web Speech API: Transcription happens in your browser, not on our servers - no audio leaves your device for transcription.
• Railway: Application hosting and PostgreSQL database (United States).
• Cloudflare: DNS and TLS termination at the edge.
• Backblaze B2: Storage for any audio you choose to attach to a story.
• Stripe: Payment processing for paid plans. We do not see or store your card details.
• Resend: Transactional email delivery (magic links, contact form replies, receipts).
• Migadu: Mailbox hosting for our team contact addresses.
• Lulu xPress: Print-on-demand for hardcover memoirs (only when you place a print order).
• Google Analytics 4: Aggregate usage analytics. Loaded only after you accept cookies.
• Microsoft Clarity: Session recordings and heatmaps for UX improvement. Loaded only after you accept cookies.

This list is current as of April 2026. We will update it when we add or remove a subprocessor.

Cookies and Tracking

We use only essential cookies (your sign-in session and CSRF protection) by default. Analytics cookies (Google Analytics, Microsoft Clarity) are loaded only after you click Accept on our cookie banner. You can revisit this choice at any time via the Cookie Settings link in the footer.

Data Security

We use industry-standard security measures including HTTPS/TLS for all connections, HSTS preload, strict Content Security Policy, CSRF protection on every state-changing endpoint, hashed magic-link tokens, public-key passkeys, and rate-limited authentication endpoints. Sessions are stored in HttpOnly Secure SameSite=Lax cookies signed by a server-side secret. No system is 100% secure, but we do not require you to remember a password.

Data Retention & Deletion

Your data is retained as long as your account is active. You can request deletion of your account and all associated data by emailing us at privacy@thevoicememoir.com. Personal data is anonymized within 30 days of a deletion request and fully removed within 90 days; transaction records are retained for 7 years for tax and accounting purposes (IRS requirement). Audit logs are retained for at least 2 years.

Your Rights

If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction with data subject rights, you may request access to, correction of, or deletion of your personal data, and you may object to certain types of processing. Email privacy@thevoicememoir.com with your request.

Children's Privacy

VoiceMemoir is not intended for use by children under 13. We do not knowingly collect data from children under 13.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

Contact

Questions about privacy? Email privacy@thevoicememoir.com.

STANHATTIE LLC
731 SE Alices Rd PMB 1035
Waukee, IA 50263