Privacy Policy

Last updated: April 11, 2026

ConvoCopilot is operated by Lambda 7 Tech LLC.

ConvoCopilot ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ConvoCopilot mobile application and related services (the "App"). By using the App, you consent to the practices described here. If you do not agree, please do not use the App.

1. Information We Collect

We collect information necessary to provide and improve the App. This may include:

  • Account information: When you create an account, we collect your email address, display name (if provided), and authentication credentials. Sign-in and identity are hosted by Supabase (our authentication provider). We do not store your password in plain text.
  • Voice and conversation data: Speech-to-text depends on your settings: for on-device transcription, the App uses your device's built-in speech recognition (see Section 9). Our server path may send encoded audio over your session connection for transcription; and the Soniox option sends audio to Soniox’s cloud service for transcription. We do not maintain a permanent archive of raw STT audio for our product. For AI practice (guided conversation), we may briefly hold encoded turn audio in secure session storage on our servers until that practice-turn feedback step completes (for example when the connection is idle or the host hibernates). While you participate in a live session, we store session state on our servers—including message text for that session—so participants can stay synchronized and reconnect. That server copy is temporary: it is removed automatically after a period of inactivity (on the order of a few hours). It is operational data for the session, not a permanent cloud archive of your device's conversation library. On mobile, your conversation history is stored on your device in local storage for browsing and search. We do not use your voice or text to identify you or create biometric voiceprints.

    We do not use voice data to identify or authenticate individual users, nor do we create voiceprints or biometric templates from your audio. Our processing is limited to converting speech to text for the App's features.

  • Usage data: We collect information about how you interact with the App, such as languages selected, feature usage, and in-app actions. This helps us improve the product and is described further in Section 9.
  • Device information: We may collect device type, operating system version, app version, push notification tokens, notification preferences, and similar technical data, including your app locale when needed to localize notifications. We use this information for compatibility, notification delivery, debugging, and stability. Diagnostic data may be shared with our diagnostics provider as described in Section 9.
  • Subscription and entitlement data: When you have an account we share your user ID and email address with our subscription and billing provider for entitlement checking, subscription management, restore purchases, and refund support. This applies to all logged-in users. When you delete your account we disconnect you from that provider on this device. You may also request deletion of your data from the provider through their process or by contacting us.
  • Optional advertising: If you choose to watch an optional rewarded video ad to earn bonus AI usage credits, we use Unity LevelPlay (IronSource) ad mediation on your device to serve ads from participating ad networks (currently IronSource and Unity Ads). We configure the SDK to serve non-personalized ads only (we do not enable interest-based or personalized ad targeting in the App). The ad SDK and participating networks may still process identifiers (such as advertising IDs), device and technical data, and information about how ads perform for delivery, measurement, and fraud prevention. We do not provide ad networks with your conversation content, email address, or display name for advertising.
  • Learning and phrase library data: When you use the App’s phrase library, flashcard practice, AI practice, or language level assessment features, we store data on our servers tied to your account so it can sync across your devices. This includes phrases you save or that AI generates for you, categories you create to organize those phrases, practice progress such as flashcard scores and accuracy metrics, and language skill ratings and assessment results. This data is stored in our database (hosted by Supabase) and is associated with your user account. It is not shared with third parties for their own purposes. On your device, this data is also stored locally for offline access.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the App and customer support.
  • Process conversation data to deliver live translation, listening, AI practice, and response suggestions.
  • Store and sync your phrase library, practice progress, and language assessment data across your devices.
  • Manage your account, authenticate you, and manage subscriptions and entitlements.
  • Communicate with you about updates, support, and service-related matters, including emails and notifications you enable in the App.
  • Analyze usage patterns (as described in Section 9) to improve features and user experience.
  • Detect, prevent, and address fraud, security issues, and abuse.
  • Deliver optional rewarded advertisements and grant related bonus usage when you choose that feature.

3. Data Sharing and Disclosure

We do not sell your personal information for money. We share data with service providers as needed to operate the App (for example, cloud AI providers for translation, suggestions, and AI practice; authentication hosting; infrastructure hosting; notification delivery providers; operational logging; product analytics; crash reporting; subscription management; and support tools). If you use optional rewarded ads, Unity LevelPlay (IronSource) and its mediated ad networks (such as Unity Ads) process data on your device to deliver and measure non-personalized ads, reduce fraud, and honor privacy choices, as further described in Section 9. We require contractual service providers to protect your information and use it only for the purposes we specify. We may also disclose information if required by law, to protect our rights or safety, or with your consent.

User responsibility. If you use the App's live conversation or listening features in the presence of others, you are responsible for ensuring that you have the necessary consent from those third parties to process their voices through our AI-powered translation and transcription services.

4. Data Retention

Local storage: Your conversation history on the device is under your control; uninstalling the App or using the in-app option to clear local data removes that history from the device. Clearing only the operating-system app cache may not remove conversation data stored in the app's database—use the in-app clear or uninstall if you need everything removed. Server storage: To run live and multi-device sessions, we keep temporary session state on our servers, including message text for that session, so the service can stay in sync and handle reconnects. That data is deleted automatically after a period of inactivity (typically on the order of a few hours). Short-lived AI practice turn audio is described in Section 1. Usage records: We retain operational usage records (such as feature usage counts and AI compute consumption) tied to your account for billing, abuse prevention, and service improvement. These records do not contain conversation text. Learning data: Your phrase library (including user-created and AI-generated phrases and categories), practice progress (such as flashcard scores), and language skill ratings are retained on our servers while your account is active so they can sync across your devices. When you delete your account, all associated learning data is permanently deleted. Account-level data (email/ID) is retained only while your account is active to manage your subscription entitlements. Notification data: If you enable push notifications, we retain your push-device registrations (such as push token, device platform, app locale used to localize notifications, and delivery status) and notification preference settings while your account is active or until those records are updated, deactivated, or deleted in connection with sign-out, account deletion, or provider invalidation.

5. Security

We implement technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the right to:

  • Access and receive a copy of your personal information.
  • Correct or update inaccurate personal information.
  • Request deletion of your personal information or your account (via the in-app option or by contacting us), and delete your conversation history at any time within the App.
  • Object to or restrict certain processing, or request data portability, where required by law.
  • Lodge a complaint with a supervisory authority if you believe we have not complied with applicable data protection law.

If you are in the European Economic Area or the United Kingdom: We process your personal data on the lawful bases of contract (to provide the App) and legitimate interests (to improve the App, ensure security, and communicate with you). Where you use optional rewarded ads, any consent or choices collected through Google’s User Messaging Platform (where shown) relate to legally required messaging and non-personalized ad delivery as described in Section 9; we do not use the App to turn on personalized or interest-based ad targeting. You have the right to access, rectify, erase, restrict processing, and to object to processing. For data portability requests regarding data we hold about your account, contact us at the email in Section 12; note that most conversation content is processed temporarily on our servers and is not retained beyond the active session. You may lodge a complaint with your supervisory authority.

If you are a California resident: You have the right to know what personal information we collect and how it is used, to request deletion, and to opt out of the sale of your personal information and, where applicable, the sharing of your personal information for cross-context behavioral advertising. We do not sell your personal information for money. If you use optional rewarded ads, Google may process information for advertising and measurement as described in Section 9; our ad requests in the App are non-personalized only. You may use your device privacy controls and Google’s ads settings for additional choices.

Right to Delete: California residents may request that we delete their personal information, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, or comply with law). You may request deletion via the in-app account deletion option or by contacting us at the email below.

Right to Correct: California residents may request that we correct inaccurate personal information we maintain about them. You may request correction by contacting us at the email below.

7. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information we will delete it promptly. If you believe we have collected information from a child under 13, please contact us.

8. International Transfers

Your information may be processed in the United States or other countries where our service providers operate. Laws in those countries may differ from yours. By using the App you consent to such transfer. Where required we use appropriate safeguards (e.g., standard contractual clauses) for transfers out of your jurisdiction.

9. Third-Party Services (AI, Authentication, Advertising, Analytics, Operations, Subscriptions)

To provide and improve the App we use third-party services. We may change providers over time. Each processes data in line with its own privacy terms and, where applicable, our agreements with them. We do not sell your personal information for money. In particular:

Authentication (Supabase). We use Supabase to provide account sign-in (for example email and magic link authentication) and to store authentication records. Supabase processes account data in line with its privacy policy and our configuration. It acts as a processor for the service we provide to you.

Infrastructure (Cloudflare). Our API and backend services run on Cloudflare's global infrastructure (Cloudflare Workers). Temporary session state—including message text for live sessions—is stored in Cloudflare Durable Objects while a session is active and deleted automatically after the session becomes inactive. Cloudflare processes network traffic as part of operating the service, in accordance with its privacy policy.

Device speech recognition (iOS and Android). When you use on-device transcription, the App uses your device's operating system speech APIs (Apple's Speech framework on iOS, and Android's SpeechRecognizer, which typically uses your device's configured speech services). Recognition may run on-device or with operating-system assistance depending on your device, language, and settings; it is subject to Apple's, Google's, or your device manufacturer's terms and privacy policies where applicable. We do not send that audio to ConvoCopilot's servers for transcription on that path.

On-device machine learning models. The App downloads small machine learning models from our content delivery network to your device for on-device features such as semantic search in your phrase library. Once downloaded, the models run entirely on your device and no phrase or conversation data is sent off-device for these features.

AI and translation providers. Your voice and text inputs (and related context needed for live translation, suggestions, listening, and AI practice) are sent to third-party cloud AI providers, such as Google (Gemini) and Soniox. We also use Google's embedding API to generate text embeddings for phrase library entries to power semantic search and practice features. We use these providers solely to deliver the App's features. We do not sell your data to these providers; we share it only as necessary for the service. Their processing is governed by our agreements with them and their privacy policies.

LLM prompt management (Langfuse). Our API uses Langfuse Cloud to manage and version LLM system prompts. In production we do not enable tracing of your conversations or user content to Langfuse for observability, and we do not use Langfuse for end-user profiling. Prompts are retrieved from Langfuse when serving requests.

Operational logs (Better Stack). We send operational logs from our API infrastructure to Better Stack for reliability and monitoring. Those logs contain technical metadata (for example errors, timing, and request routing) and are not used for advertising. We configure logging to avoid placing conversation content in logs wherever feasible.

Advertising (Unity LevelPlay). Rewarded video ads are optional. They are served through Unity LevelPlay (IronSource) ad mediation, which may deliver ads from IronSource, Unity Ads, and other ad networks added over time. Each ad request is configured for non-personalized ads only; we do not enable personalized or interest-based ad targeting through this integration. The ad mediation SDK and participating networks may still collect or access identifiers (including advertising IDs), technical device data, diagnostics related to ads, and data about ad delivery and performance for delivery, reporting, and fraud prevention. We load the advertising SDK only when you use the screen that offers rewarded ads. Unity’s use of information is described in Unity’s Privacy Policy (unity.com/legal/privacy-policy). IronSource’s use of information is described in its Privacy Policy (ironsrc.com/privacy-policy). Watching ads is not required to use the core App.

Crash and error reporting. When the app encounters errors we send crash reports and diagnostic context (for example device type, OS version, app version) to Sentry. The SDK may include network-related metadata such as IP address under Sentry’s default data settings. We set your user identifier to an internal account ID only; we do not send your email or display name as the default user identity for crash events. Sentry’s Supabase integration may enrich some events with authentication lifecycle context from our Supabase client. We use Sentry Mobile Session Replay on a sample of sessions and when errors occur; replay does not capture microphone audio or conversation text, and text and images are masked by default. If you submit in-app feedback (for example support or bug reports), you may optionally provide your name and email; that data is sent to our diagnostics provider for support purposes.

Product analytics. We send usage events (for example, feature use, settings changes, and screen views) to PostHog to understand how the App is used and to improve it. We do not send your email or other direct identifiers to PostHog; we use only an internal account ID to link events. PostHog Session Replay may record screen activity for a subset of sessions to improve the product; it is not used for advertising. We may also send aggregate ad-related metrics provided by the ad SDK (such as estimated impression revenue) for product and financial planning. Analytics are enabled only in production builds.

Subscription management (RevenueCat). We use RevenueCat to manage in-app subscriptions, entitlement checking, purchase restoration, and refund support. RevenueCat processes your user ID and email address for these purposes. When you delete your ConvoCopilot account we disconnect you from RevenueCat on this device. You may request deletion of your data from RevenueCat through their process or by contacting us.

Transactional messaging (Resend and Expo). We use Resend to deliver service-related emails such as account and subscription notifications. If you enable push notifications, we use Expo Push Service to route notifications to your devices, and Apple Push Notification service or Firebase Cloud Messaging may process delivery metadata as part of device notification delivery. We send push notifications only as needed to operate App features and according to your settings.

We do not provide your conversations, email, or name to advertisers for their own contact lists. Aside from optional Unity LevelPlay mediated ads when you choose rewarded ads, we do not use crash reporting, subscription, or AI processing providers to run third-party advertising for unrelated products. We do not sell lists of our users to data brokers.

10. AI Training and Model Use

We do not use your conversation text, voice inputs, or practice data to train, retrain, or improve our proprietary AI models or the models of our third-party providers (such as Google Gemini). Your data is processed via API, and our agreements with these providers generally prohibit them from using your data to train their models.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Material changes may be communicated via the App or email where appropriate. Your continued use of the App after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at: [email protected]