Privacy Policy
Hum Memo ("Hum", "we") is a voice-first note-taking app for iPhone. This page is a straightforward account of what data the app handles, why, who touches it, and the control you keep. The short version: your recordings and notes are processed only to build your own notes — never for advertising, never sold, never used to train AI models, and we run no analytics or tracking of any kind.
1. Data we collect
Each category lists what it covers, why we use it, and who receives it (every recipient is detailed in Section 4).
| Category | Examples | Purposes | Recipients |
|---|---|---|---|
| Account data | Email address, account identifier, sign-in provider, display name and profile photo you set | Create and authenticate your account; show your identity in the app | Supabase (auth); Apple or Google (sign-in) |
| Audio recordings | Voice notes you record or audio files you import | Store your recordings; transcribe them; power the voice features you request | Supabase (storage); pyannoteAI (enhanced transcription & speaker features) |
| Transcripts & AI outputs | Transcripts, titles, summaries, tags, insights, extracted tasks and events, "Ask your notes" answers | Display and organize your notes; power search and chat over your own content | Supabase; Anthropic (and OpenAI or Google, depending on configuration) |
| Voice profiles | A short enrollment sample converted to a voiceprint, a name you assign, optional photo/emoji | Recognize enrolled voices in your future recordings — only within your account | pyannoteAI (matching under a random identifier, never a name) |
| Organization data | Folders, tags, favorites, chat history with your notes | Organize your library; keep your conversations with your notes | Supabase |
| Purchase state | Subscription tier, Apple transaction identifiers | Unlock paid features; enforce fair-use quotas | Apple (billing — we never see payment details) |
| Technical logs | IP address, request timestamps, error information | Operate the service, prevent abuse, debug issues | Our server (Google Cloud infrastructure) |
We collect no GPS or device location (places in your notes are text extracted from your own words), no contacts, no advertising identifiers, no analytics events — the app embeds no tracking or analytics SDKs at all. Because Hum lets you record whatever you choose, your content may itself contain sensitive information; we process it only to provide the features you invoke.
2. Purposes of use
- Deliver the service — store, transcribe, structure, and sync your notes; power search, tasks, calendar events, speaker recognition, and "Ask your notes".
- Operate responsibly — authenticate you, enforce quotas, prevent abuse, debug failures.
- Process payments — via Apple, when you subscribe.
- Comply with law where genuinely required.
We do not use your notes, recordings, or transcripts to train AI models (ours or anyone's), profile you, sell your data, or share anything with advertisers or data brokers.
3. AI & voice processing
- On your device: standard transcription runs locally through Apple's speech framework.
- AI structuring, chat, and knowledge features: the relevant text is sent to our AI provider — Anthropic by default (OpenAI or Google depending on configuration) — through their commercial APIs. We send only what the feature you invoked needs. Per their API terms, these providers do not use API content to train their models and retain it only briefly for abuse monitoring.
- Enhanced transcription & speaker recognition (paid features): audio is processed by pyannoteAI. Voiceprint matching uses random identifiers — the provider never learns whose voice a print belongs to.
- All content is encrypted in transit. True end-to-end encryption is not possible for AI features — the provider must be able to read content to process it. This is the same trade-off every AI note app makes; we minimize it by sending only what each request needs.
Recording others: you are responsible for obtaining the consent of people you record or whose voices you enroll, as required by the laws that apply to you.
4. Recipients (subprocessors)
We share personal data only with vendors that need it to run Hum:
| Recipient | Role | Data categories |
|---|---|---|
| Supabase | Database, file storage, authentication | All content in your account; account data |
| Google Cloud | Hosting for our backend server | Content in transit; technical logs |
| Anthropic | AI features (commercial API) | Transcripts/prompts relevant to each request |
| OpenAI / Google AI | Alternative AI providers (configuration-dependent) | Transcripts/prompts relevant to each request |
| pyannoteAI | Enhanced transcription, speaker recognition | Audio; voiceprints (random identifiers only) |
| Apple | Sign in with Apple, subscriptions, App Store | Sign-in identifier; purchase state |
| Sign in with Google | Sign-in identifier; email |
We may disclose data if legally compelled (for example, a valid court order) or to prevent imminent harm; where the law permits, we will tell you about such requests. We do not sell personal data.
5. Storage & who can access it
Your notes live in your own protected space: every database row is guarded by row-level security bound to your authenticated account, and audio files sit in a private bucket readable only by you. There is no dashboard for browsing user content — we never monitor, review, or analyze your notes for keywords, advertising, or any other purpose. Access to the underlying infrastructure is limited to authorized operations personnel, for maintenance, under confidentiality.
6. Retention & deletion
- Your content is kept until you delete it.
- Deleted notes go to Trash and are permanently erased after 30 days — or immediately, if you empty the Trash.
- AI providers retain API content only briefly for abuse monitoring per their published terms (currently up to ~30 days), then delete it.
- Deleting your account (Settings → Account → Delete Account) permanently and immediately erases everything server-side: notes, transcripts, audio, folders, chats, voice profiles and voiceprints, and the account record itself.
7. Your rights & controls
We honor these for everyone, regardless of location, to the extent practical:
- Access & export — your notes are always visible in-app and exportable (share, markdown, PDF).
- Correct — edit any note, transcript, speaker name, or your account details in-app.
- Delete — individual notes, voice profiles, or your entire account — all in-app, no email required.
- EU/UK (GDPR) — you additionally have rights to portability, restriction, objection, and complaint to your supervisory authority.
- US state laws (CCPA/CPRA and similar) — rights to know, delete, and correct. We do not "sell" or "share" personal information as those laws define it, so there is nothing to opt out of.
For any request the app doesn't cover, email support@hummemo.com — we respond within 30 days, and we will never discriminate against you for exercising your rights.
8. Security
Encryption in transit (TLS with HSTS) everywhere; per-account isolation via database row-level security and owner-scoped private storage; API keys and processing credentials live only on our servers, never inside the app; purchases are verified against Apple's cryptographic signatures. If a security incident ever affects your personal data, we will notify you and applicable regulators as the law requires.
9. Children
Hum Memo is not directed at children under 13 (or the higher minimum age of your jurisdiction), and we do not knowingly collect their data. If you believe a child has provided us personal data, contact us and we will delete it.
10. Changes
If this policy changes materially, we will update it here with a new effective date and, where appropriate, note it in the app.
11. Contact
Hum Memo
support@hummemo.com