VocatAI
Get the app
Home

Privacy Policy

Last updated:

This Privacy Policy describes how VocatAI (“we,” “us,” or “our”) handles information when you use the VocatAI mobile application for Android, this website, and our backend services that power translation and accounts (together, the Services). By using the Services, you agree to this policy alongside our Terms of Service.

1. What we collect

Depending on how you use VocatAI, we may process the categories below. We only use them as described in this policy and to operate the Services.

  • Account and identity. If you sign in with email, we store your email address and use it to send one-time sign-in codes. If you use Google Sign-In, we receive and store identifiers from Google (such as your Google account subject ID and email) after we verify Google’s ID token on our servers.
  • Guest (anonymous) use. You can use limited translation without a full account. We assign a random guest identifier. The app may send an optional stable device key so the same guest profile can be restored after reinstall; that value is stored on our systems and treated as part of your guest profile.
  • Translation content. Text you submit for translation, text extracted from images you upload for translation, and the model’s translated output may be sent to our servers and to our translation provider (see Processors). Completed translations are stored in our database as history (source text, translated text, language codes, and whether the request was text or image-based). For image translation, a history row is written when there is extracted or translated text to record.
  • Voice input on device. The app can use your device’s speech-to-text where you enable it. That audio processing is governed by your device and platform provider; we receive the resulting text only if you choose to send it for translation.
  • Technical and security data. We may process IP addresses (for example when creating or updating accounts, starting guest sessions, or calling our API) to operate the Services, enforce monthly usage limits, and reduce abuse (including rate limits tied to client IP for sign-in and guest creation). We issue signed access tokens (JWTs) so the app can call authenticated APIs.
  • Usage and plans. We keep per-calendar-month counters (in UTC) for usage such as text and image translation so we can enforce plan limits. Your plan may also define limits for other capabilities (for example audio); those apply when the corresponding feature is offered and metered on our servers.
  • Website preferences. This site may store your light or dark theme choice in the browser (local storage) on your device only.

2. How we use information

  • Provide translation, sign-in, session management, and plan quotas.
  • Maintain translation history associated with your account or guest profile.
  • Send email OTP messages through our configured mail provider.
  • Protect the Services, investigate abuse, and comply with applicable law.
  • Improve reliability and diagnose errors (for example server logs).

3. Service providers and processors

We use trusted infrastructure and vendors to run VocatAI. They process data on our instructions and only as needed to provide their service. Examples include:

  • Translation models. We send prompts containing your content to OpenRouter (or another configured model host) to generate translations. Their privacy practices apply to that processing layer.
  • Google. If you choose Google Sign-In, Google processes data under your relationship with Google; we receive limited profile data after token verification.
  • Database and hosting. Account and translation data are stored in PostgreSQL and hosted on infrastructure you or we operate for the deployment.
  • Email delivery. OTP messages are sent using SMTP credentials configured for the deployment (your organization’s mail provider or ours).

4. Legal bases (EEA, UK, and similar regions)

Where the GDPR or similar laws apply, we rely on contract (to deliver the Services you request), legitimate interests (security, abuse prevention, product improvement, and measuring usage against quotas), and legal obligation where required. For optional marketing we would ask separate consent; the core app does not require marketing consent to function.

5. Retention

We retain account, guest profile, usage, and translation history for as long as needed to provide the Services, comply with law, resolve disputes, and enforce our agreements. One-time email codes are stored as cryptographic hashes with expiry and consumption marks—not as plain text. Exact retention windows may evolve; material changes will be reflected in updates to this page and the “Last updated” date.

6. Your choices and rights

Depending on your region, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing or lodge a complaint with a supervisory authority. To exercise rights, contact us using the support channel provided in the app or on this website. We may need to verify your request.

7. Security

We use industry-standard measures appropriate to the service, including HTTPS in production deployments, signed access tokens, hashed OTP storage, server-side verification of third-party tokens, and HTTP security headers on our API. No method of transmission or storage is completely secure; we work to protect your information reasonably.

8. Children

VocatAI is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, please contact us so we can delete it.

9. International transfers

Our operators and subprocessors may be located outside your country. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers of personal data.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Continued use of the Services after changes take effect constitutes acceptance of the revised policy where permitted by law.

11. Contact

For privacy questions or to request deletion of your account and associated data, email support@cryptodeta.com. Step-by-step guidance is on our Privacy & data page.