Skip to main content

Privacy Policy

Last updated: May 18, 2026

Candovo is a voice journal. We built it because we wanted a journaling app that didn’t read our journals. This policy explains what data we collect, what we don’t, and the choices you have. It’s written in plain language; where the law requires specific phrases, we use them.

1. Who we are

Candovo is operated by William Simpson as a sole proprietor (a corporate entity is in formation; this policy will be updated when that happens). For privacy questions, reach us at info@candovo.com.

2. What we collect

We collect the minimum needed to run the service:

  • Account email. Used to authenticate you. Stored by Supabase (our auth provider).
  • Anonymous entry metadata. Timestamps, durations, mood scores, theme tags, and entry counts. This is what lets the app show you trends without ever seeing what you said.
  • Purchase status. Managed via RevenueCat and tied to your Apple ID.
  • Crash reports. If a third-party crash tool is enabled in a build, anonymized crash data may be collected.

3. What we do NOT collect

  • Voice recordings. Audio stays on your device.
  • Transcripts. Transcription runs locally on your iPhone.
  • AI analysis output. Insights are stored on your device only.
  • Your AI API key. It’s stored on your device in the iOS Keychain via expo-secure-store. It is never transmitted to us.

4. How AI insights work (BYOK)

Candovo uses a bring-your-own-key model. When you enable AI analysis, your transcript is sent directly from your device to Google using the API key you provide. Google processes that request under their own terms — see Google’s API terms.

Candovo’s servers are not in the path. We do not see your transcripts, we do not see Google’s response, and we do not have access to your API key. You hold the contract with Google.

5. Third parties

  • Supabase — authentication and metadata storage (US region, us-east-1).
  • RevenueCat — subscription management.
  • Apple — App Store payments and TestFlight distribution.
  • Google — only invoked if you enable AI analysis, and only via the API key you provide. Your relationship is with Google directly.

For users in the EU/UK, our legal bases under GDPR Article 6 are:

  • Contract performance — to provide the app’s core functionality.
  • Consent — for any optional analytics (you can decline).
  • Legitimate interest — for fraud prevention and service security.

7. Data retention

Account metadata is retained for the life of your account. When you delete your account (Settings → Delete Account), all server-side data is removed within 30 days. Local data on your device is removed when you uninstall the app.

8. Your rights

You can:

  • Access the data we hold about you — email us to request a copy.
  • Correct inaccurate data.
  • Delete your account in-app (Settings → Delete Account).
  • Export your data via Settings → Export.
  • Lodge a complaint with your local data protection supervisory authority (EU/UK users).

Send privacy requests to info@candovo.com. We aim to respond within 30 days.

9. Children

Candovo is not directed to children under 17 and is not intended for use by anyone under 13. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us and we’ll delete it.

10. Where data is stored

Server-side data is stored in the United States (Supabase, us-east-1). If you are accessing the app from outside the US, your data will be transferred to the US for processing.

11. Security

  • TLS 1.2+ for all data in transit.
  • Encryption at rest for stored metadata.
  • Your API key is stored in iOS Keychain — never on our servers.

No system is perfectly secure, but we keep our attack surface small by not storing your transcripts in the first place.

12. Changes to this policy

When we update this policy, we’ll change the “Last updated” date above. For material changes, we’ll show an in-app banner before the new policy takes effect.

13. Contact

Privacy requests, questions, or concerns: info@candovo.com.