Transparency

Privacy Policy

Last Updated: January 30, 2026

1. Introduction: Trust in the Cloud Age

To function as a true "Brain Dump," SoundsWrite asks the user to speak freely. This requires a level of intimacy and trust that exceeds typical app requirements. Users may dictate sensitive work data, personal anxieties, or family logistics.

Core Principle: SoundsWrite adopts a Secure Hybrid Architecture, combining the speed of local-first processing with the reliability of encrypted cloud synchronization.

2. Data Sovereignty: Local First, Cloud Backed

Our architecture prioritizes local availability while ensuring data safety through secure synchronization.

2.1 The Room Database (Local Truth)

  • Offline Capability: The app functions 100% offline. Data is queued and synced only when a secure connection is available.
  • App Sandbox: Data is protected by the Android Application Sandbox. No other app can access this data without root privileges.
  • Bulletproof Encryption (The "Safety Gate"): We employ a strict Key Verification Protocol. Local data is only encrypted if the decryption key has been successfully backed up and verified in the cloud. If the cloud is unreachable or the key backup fails, data remains in plaintext locally to prevent "accidental ransomware" scenarios.

2.2 Secure Cloud Synchronization

  • Authentication: Access is strictly controlled via Google Sign-In (OAuth 2.0).
  • Row-Level Security (RLS): Firestore Security Rules enforce strict ownership. A user can only read or write documents where the data user ID matches their authenticated ID.
  • Transit Security: All synchronization traffic occurs over HTTPS/TLS 1.2+.

3. Ephemeral AI Processing

We use Google Gemini 2.5 Flash for intelligence. We use enterprise API endpoints which do not train on user data (subject to Google Cloud Data Processing Addendum).

The Audio Lifecycle:

  1. Record: Audio is captured locally (.aac).
  2. Transmit: Encrypted audio bytes are sent to the Gemini API over TLS.
  3. Process: Gemini analyzes the audio in memory to extract tasks, tone, and priority.
  4. Sync: The original audio file is securely uploaded to a user-private bucket in Firebase Storage to serve as a verifiable "Audio Receipt".

Tone Analysis: Our "Tone-Aware" feature analyzes voice inflection (urgency/stress). Tone scores (e.g., "High Urgency") are converted to simple integer metrics (1-5).

4. The Hybrid Bridge Security

SoundsWrite uses a hybrid WebView architecture with hardened security boundaries. Communication between the Web UI and the Android Backend is strictly typed.

  • One-Way Trust: The JavaScript layer can request actions, but it cannot directly access the file system or raw database cursors.
  • Input Sanitization: All text rendered in the WebView is sanitized to prevent XSS (Cross-Site Scripting).
  • Tapjacking Protection: We enforce protection to prevent malicious overlays from hijacking taps.
  • Screen Security: FLAG_SECURE is enabled to prevent sensitive data from appearing in recent app screenshots or screen recordings.

5. User Rights & Control

We are fully committed to GDPR and CCPA compliance.

  • Right to Erasure: A dedicated logic flow allows users to permanently delete their account. This triggers a cascading deletion of Auth User Records, Firestore Task Documents, and Cloud Storage Audio Files.
  • Right to Portability: Users can export their task data to JSON format.
  • Automated Hygiene (TTL): To minimize "digital exhaust," tasks in the Trash are automatically and permanently erased after 30 days.

6. Conclusion

Privacy is not about hoarding data in a bunker; it's about controlling who holds the keys. SoundsWrite employs industry-standard authentication, encryption, and access control to ensure your thoughts remain yours, whether they are on your phone or securely backed up in the cloud.