Privacy Policy

1. What we are and how we work (summary)

• Local-first AI notepad. Recording, transcription, summaries, and chat with notes run locally on your device using open-source models (Hugging Face).
• No cloud storage of your content. We do not receive or store your recordings, transcripts, notes, or chats on our servers. Those live on your device (e.g., local SQLite DB; audio WAV files in session directories).
• Optional telemetry only with consent. Analytics/crash data is sent only if you enable telemetry in settings; you can turn it off anytime.
• No user accounts. There is no login. Billing is handled by Stripe Checkout.

2. Data we process

A. On your device (stays local)

• Audio/Text: audio recordings (WAV), transcriptions, AI summaries, chat with notes, manual notes/edits.
• App database: local SQLite; sensitive tokens in the system keyring.
• Integrations (optional, with OS permission): Apple Calendar (event details, participants), Apple Contacts (contact info).
• No internet required for core features.

B. Telemetry & diagnostics (sent only with your consent)

• Analytics (PostHog): app version, bundle ID, user behavior events, analytics session ID, OS version, CPU architecture, device fingerprint (hashed combination of CPU architecture, OS name, hostname, MAC address).
• Crash reporting (Sentry): minidumps and technical crash data (stack traces, OS/CPU info). We do not intentionally include user content in crash reports.
• Controls: full telemetry can be disabled in settings; analytics can be opted out.

C. Website (typrapp.com)

No cookies or forms (as provided). If this changes, we will update this policy and the site banner.

D. Billing & support (server-side)

• Payments (Stripe Checkout + webhooks): subscription status, plan, invoices, and payment metadata handled by Stripe. We do not collect or store full payment card data.
• Transactional email (Resend): order confirmations, receipts, service notices.
• File hosting for app/LLM assets (S3/Cloudflare): infrastructure for distributing software/models; not used to store your personal content.

3. Purposes and legal bases (GDPR)

Important: We do not use your data for targeted advertising, we do not sell or share personal information for cross-context behavioral advertising (as defined by US laws).

4. Data sharing (processors)

We use trusted vendors as processors, limited to the purposes above:

• PostHog (product analytics, only if telemetry is enabled)
• Sentry (crash diagnostics, only if telemetry is enabled)
• Stripe (payments and subscription management)
• Resend (transactional email)
• Cloudflare/S3 (infrastructure/content delivery for software/models)

Where required (especially for EU users), we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards provided by these vendors for international transfers.

5. Retention

• Your content (audio, transcripts, notes, chats): stored locally on your device until you delete it. We do not have a copy.
• Telemetry & crash data (if enabled): retained by us/our vendors for the minimum period necessary for analytics/diagnostics, and then aggregated or deleted.
• Billing records: retained as required by law (e.g., tax rules).

6. Your controls and rights

In the app

• No account is required
• Telemetry toggle and analytics opt-out in settings
• You control local files (create, edit, export, delete)

EU/UK (GDPR)

You can exercise: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. You may also lodge a complaint with your local supervisory authority.

Contact: support[at]typrapp[dot]com

US (CCPA/CPRA and similar)

• We do not sell personal information and do not share it for cross-context behavioral advertising
• You may request access or deletion of personal information we hold (primarily billing/support and any telemetry you consented to send)

Contact: support[at]typrapp[dot]com

Because we do not operate user accounts and do not store your content, requests typically concern billing/support records and telemetry (if any).

7. Security

• Transport encryption for any data sent to our services/vendors
• Local security: content stays on your device; sensitive tokens are stored in the system keyring
• Access controls for internal tools and vendor accounts

No system is perfectly secure, but we design Typr to be privacy-preserving by default (local-first, offline-capable).

8. Children

Typr is intended for adults (18+). We do not knowingly collect data from children.

9. International users

If you use Typr from the EU/EEA/UK, your telemetry/billing/support data (if any) may be processed outside your region by our processors under SCCs or equivalent safeguards. Your local content is not uploaded to us.

10. Do Not Track / Global Privacy Control

We don't use tracking for advertising. If telemetry is off, we do not collect analytics. When telemetry is on, it's based on your explicit consent; you can turn it off anytime. We honor GPC to the extent applicable because we do not sell/share personal information.

11. Changes

We may update this policy. We will post changes here and update the effective date. Material changes will be announced in-app or by email (if applicable).

12. Contact

RHAMS LLC

Address: 111 NE 1st St, 8th Floor, 88504, 33132, Miami, US

Email: support[at]typrapp[dot]com

Source Code Availability

Typr includes components licensed under the GNU AGPL-3.0. For eligible users, we provide the complete corresponding code upon request. To request access, email us with your account email and last invoice number or subscription ID.

We will reply with a Source Code Request Form to complete and sign. After verification, we will provide access via private repository invite or an expiring encrypted download link. Requests are fulfilled without unreasonable delay and within 30 business days of verification.