NedilAI - The AI That Speaks For You

1. Introduction

Welcome to Nedil AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices regarding data collection, usage, and your rights when using the Nedil AI mobile application (the "App").

By using Nedil AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our App.

2. Information We Collect

2.1 Account Information

Email Address: Required for account creation, authentication, and communication
Name: First name (required) and last name (optional) for personalization
Password: Securely hashed and stored for authentication
User ID: Unique identifier assigned to your account

2.2 Profile Information

Native Language: Your preferred language for translation
Voice Gender Preference: Male or female voice preference for translations
Onboarding Status: Whether you've completed the initial setup
Notification Preferences: Your preferences for push notifications

2.3 Conversation Data

Audio Recordings: Voice recordings you make for translation
Transcriptions: Text transcriptions of your voice recordings
Translations: Translated text in target languages
Task Briefings: Descriptions of tasks you want to accomplish
Conversation History: Complete records of your conversations including messages, timestamps, and summaries
Cultural Tips: Contextual information provided during conversations

2.4 Usage Data

Audio Quota Usage: Amount of audio time used (tracked in seconds)
Conversation Timestamps: When conversations were started and completed
Feature Usage: Which features of the app you use
Interaction Data: How you interact with the app (conversation history, settings changes)

2.5 Technical Information

Device Information: Basic device information necessary for app functionality
App Version: Version of the app you're using
Authentication Tokens: Secure tokens for maintaining your session

3. How We Use Your Information

3.1 App Functionality

We use your information to:

Authenticate and manage your account: Email and password for secure login
Provide translation services: Process audio recordings, transcribe speech, and translate conversations
Enable conversation features: Store and retrieve your conversation history
Personalize your experience: Use your name in greetings and customize language preferences
Manage audio quotas: Track usage to enforce fair usage limits
Generate summaries: Create conversation summaries for your review

3.2 Service Provider Processing

We use third-party service providers to process your data for app functionality:

OpenAI: Processes audio recordings for speech-to-text transcription and text translation
ElevenLabs: Converts translated text to speech in the target language
Supabase: Provides secure database storage and authentication services
Resend: Delivers OTP verification emails and password reset emails to your email address

These service providers process your data solely for the purpose of providing translation services and email delivery, and do not use your data for advertising or tracking purposes.

4. Third-Party Services

4.1 Supabase

Purpose: Authentication and database storage
Data Stored: User accounts, profiles, conversations, messages, and usage data
Location: Data is stored in secure Supabase servers
Privacy: Supabase's privacy policy applies to data storage. See: https://supabase.com/privacy

4.2 OpenAI

Purpose: Speech-to-text transcription and text translation
Data Processed: Audio recordings and text for translation
Privacy: OpenAI processes data according to their API terms. Data is not used for training models or advertising. See: https://openai.com/policies/privacy-policy

4.3 ElevenLabs

Purpose: Text-to-speech conversion
Data Processed: Translated text for voice synthesis
Privacy: ElevenLabs processes data according to their terms of service. See: https://elevenlabs.io/privacy

4.4 Resend

Purpose: Email delivery service for sending OTP verification codes and password reset emails
Data Processed: Email addresses (for delivering OTP codes and account-related emails)
Privacy: Resend processes email addresses solely for email delivery purposes. See: https://resend.com/legal/privacy-policy

Important: We do not share your data with these service providers for advertising, marketing, or tracking purposes. They process your data solely to provide the translation services and email delivery you request.

5. Data Storage and Security

5.1 Data Storage

Your data is stored securely in Supabase databases with encryption at rest
All data transmission uses HTTPS/TLS encryption
Data is stored in secure cloud infrastructure with industry-standard security measures

5.2 Security Measures

Encryption: All data in transit is encrypted using TLS/SSL
Authentication: Secure password hashing and token-based authentication
Access Controls: Row-level security (RLS) policies ensure users can only access their own data
Regular Security Updates: We maintain and update our security practices regularly

5.3 Local Device Storage

Authentication Tokens: Stored locally on your device using secure storage (AsyncStorage on native platforms, localStorage on web)
Purpose: Tokens are stored locally to maintain your login session
Security: Tokens are automatically cleared when you sign out
No Sensitive Data: Passwords are never stored locally - only secure authentication tokens

5.4 Data Retention

Account Data: Retained while your account is active
Conversation History: Stored until you delete your account or individual conversations
Audio Recordings: Processed in real-time and not permanently stored (only transcriptions are saved)
Usage Data: Retained for quota management purposes
Deleted Account Emails: Email addresses are hashed (SHA256) and stored for 30 days after account deletion to prevent immediate re-registration, then automatically removed

You can delete your account at any time directly from the app (Settings → Delete Account), which will permanently delete all account data, conversations, messages, and profile information immediately. Your email address will be hashed (SHA256) and stored for 30 days for security purposes, then automatically removed. Signing out will clear all locally stored authentication tokens.

6. Data Sharing and Disclosure

We do NOT:

Sell your personal information to third parties
Share your data with data brokers
Use your data for advertising or marketing purposes
Share your data for tracking purposes
Combine your data with third-party data for advertising

We may disclose your information only in the following circumstances:

Legal Requirements: If required by law, court order, or government regulation
Service Providers: To trusted service providers (OpenAI, ElevenLabs, Supabase, Resend) who process data solely for app functionality
Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to users)
Protection of Rights: To protect our rights, property, or safety, or that of our users

7. Your Rights and Choices

7.1 Access and Correction

View Your Data: Access your profile, conversation history, and settings through the app
Update Information: Modify your language preferences and other profile settings in Settings
Download Data: Request a copy of your data by contacting support

7.2 Deletion Rights

Delete Conversations: Remove individual conversations from your history
Delete Account: Delete your entire account and all associated data directly from the app (Settings → Delete Account) or by contacting support
Right to be Forgotten: Request complete deletion of your personal data

Account Deletion Process:

You can delete your account directly from the app by going to Settings → Delete Account
Account deletion requires email verification via OTP code for security
All your account data, conversations, messages, and profile information will be permanently deleted
Your email address will be hashed (using SHA256) and stored for 30 days to prevent immediate re-registration
After 30 days, the email hash is automatically removed from our system
During the 30-day period, your email cannot be used to create a new account
If you need to remove the 30-day email restriction, contact support at support@nedilai.com

Important: Account deletion is permanent and cannot be undone. All your account data, conversations, messages, and profile information will be permanently deleted immediately. Your email address will be hashed (SHA256) and stored for 30 days for security purposes to prevent immediate re-registration, then automatically removed. The email hash cannot be reversed to reveal your original email address.

7.3 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights:

Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Request limitation of how we process your data
Right to Data Portability: Request transfer of your data to another service
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent for data processing

7.4 CCPA Rights (California Users)

If you are a California resident, you have the right to:

Know: Request information about what personal information we collect, use, and share
Delete: Request deletion of your personal information
Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us through our Support Page or visit our website at https://nedilai.com.

8. Children's Privacy

Nedil AI is not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using Nedil AI, you consent to the transfer of your information to:

Supabase: Servers located in various regions
OpenAI: Servers in the United States and other locations
ElevenLabs: Servers in the United States and other locations
Resend: Servers in the United States and other locations

We ensure that appropriate safeguards are in place to protect your data during international transfers.

10. Audio Quota System

Nedil AI uses an audio quota system to ensure fair usage:

Default Limit: 300 seconds (5 minutes) of audio processing per week
Reset Period: Quota resets automatically every 7 days
Usage Tracking: We track your audio usage to enforce these limits
Purpose: Quota data is used solely for managing fair usage, not for tracking or advertising

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending you an email notification (if you have provided an email address)
Displaying a notice in the app

Your continued use of the App after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Website: https://nedilai.com
Support Page: Support

We will respond to your inquiry within 30 days.

13. Additional Information

13.1 Data Controller

For information about the data controller, please contact us through our Support Page or visit our website at https://nedilai.com.

13.2 Data Protection Officer

If you are located in the EEA and have questions about data protection, please contact us through our Support Page or visit our website at https://nedilai.com.

13.3 Complaints

If you are located in the EEA, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.