Privacy Policy
Last updated: April 27, 2026
1. Who we are & how to reach us
Speakle is built and operated by an independent developer ("we," "our," "us"). We do not have a registered company or a postal address — we run lean, on purpose. The only way to reach us is by email at support@speakle.io. We answer every message ourselves, usually within two business days.
2. Scope of this policy
This policy explains what data Speakle collects, what we do with it, and the choices you have. It applies to the Speakle mobile app on iOS and Android, and to the website at speakle.io. If you only browse the website, the only data we touch is what your browser sends to our hosting provider in normal request logs.
3. What we collect
Account data. Speakle uses Sign in with Apple or Google Sign-In — we do not run a password system. When you sign in we receive your email address and the name your provider returns on first login. If you use Apple's "Hide My Email" feature we only ever see Apple's private relay address; your real email never reaches us.
Audio recordings. When you complete a daily challenge, the 60-second audio file you record is uploaded to our storage so we can score it and let you replay it later.
Transcripts. We generate a written transcript of each recording and store it alongside the audio. Transcripts are how we surface your fillers, count words, and produce coaching feedback.
Speech analytics. Derived from each recording: filler counts (um, uh, like, so…), words per minute, pace, clarity, flow, structure scores, and your daily streak.
Subscription status. If you subscribe to Speakle Pro through the Apple App Store or Google Play Store, RevenueCat tells us whether your subscription is active. Apple or Google processes the payment — we never see your card details, full billing address, or your Apple ID / Google account password.
Device & app context. Device model, iOS version, app version, locale, time zone, and an anonymized device identifier so we can debug crashes and tell two devices apart in our analytics.
Product analytics. Through PostHog we record which screens you view and which actions you take (e.g. "started a challenge," "viewed paywall"). We never send the contents of your audio, the text of your transcripts, your email address, or your auth tokens to PostHog. The redaction happens before the event leaves your device.
Crash & performance data. Through Sentry we collect stack traces, breadcrumbs, and basic performance metrics when something goes wrong. Audio URLs and tokens are scrubbed before transmission.
4. How we use it
We use the data above to deliver the daily prompt, score your recording, keep your streak, run the leaderboard for users who choose to share publicly, prevent abuse, and improve the product. We do not sell your data, rent it, share it for advertising, or build profiles of you for anyone else's benefit.
5. Recordings are private by default
Every recording you make is private to your account when it's created. Audio and transcripts are stored in our database with row-level security, which means only your authenticated session can read them — not other users, not curious staff browsing logs.
Public sharing is opt-in per recording. You have to explicitly tap "Share publicly" for a single recording to appear on the leaderboard or in a share card that other users can see. You can revoke public sharing at any time. When you do, the recording disappears from public view immediately, and from any cached share-card surface within 24 hours.
6. Third parties we send data to (sub-processors)
Speakle is built on top of services from other companies. The list below is everyone who receives any of your data, and exactly what they receive:
- Apple (iOS only) — Sign in with Apple, push notifications (when enabled), In-App Purchase receipts.
- Google — Google Sign-In OAuth token exchange (returns your email, name, and profile picture). On Android, also Google Play Billing for In-App Purchase receipts and Firebase Cloud Messaging for push notifications (when enabled).
- Supabase — runs our auth service, our Postgres database, and our audio file storage. They host the recordings themselves.
- AssemblyAI — receives a signed, time-limited URL pointing at your recording so it can transcribe it. Per their terms, they do not retain audio for model training.
- Google (Gemini API) — receives transcript text only (no audio) when we generate coaching feedback. Per Google's Gemini API terms for paid services, prompts and responses are not used to train Google's models or reviewed by humans.
- RevenueCat — receives the Apple receipt and an anonymized user identifier so it can tell us whether your subscription is active.
- PostHog — receives event names and non-PII properties plus an anonymized device ID for product analytics.
- Sentry — receives crash stack traces, breadcrumbs, and an anonymized device ID for error tracking.
7. How long we keep things
Recordings and transcripts are kept until you delete the recording or your account. If you delete your account, both go with it. Subscription and entitlement records are kept while you have an active subscription and for up to seven years after the last transaction so we can answer billing questions and meet basic tax-record obligations. Crash and analytics events are retained per the third party's defaults — PostHog roughly twelve months, Sentry roughly ninety days.
8. Your rights
You can:
- see and play back every recording you've made, in-app at any time;
- delete any individual recording;
- delete your entire account in-app, from Settings → Delete Account. This removes your auth user, profile, recordings, transcripts, leaderboard entries, subscription alias, and analytics identifiers. It is irreversible;
- request an export of your transcripts by emailing us.
If you live in the EU or UK, you have the GDPR rights of access, rectification, erasure, restriction, portability, and objection. If you live in California, you have the CCPA rights of access, deletion, and non-discrimination. To exercise any of these rights, email support@speakle.io from the address on your account and we will action it within 30 days.
9. How to delete your account
Open Speakle, go to Settings → Delete Account, and confirm. The deletion runs in the background and finishes within a few minutes. If you've lost access to your device, visit speakle.io/delete-account for a fallback path.
10. Children
Speakle is not directed at children under 13 (or under 16 in the EU and UK). We don't knowingly collect data from anyone in those age groups. If you believe a child has signed up, email us and we will delete the account.
11. Tracking, IDFA, and ATT
We do not track you across other apps or websites. We do not use the iOS IDFA for cross-app advertising. We do not show third-party ads inside Speakle. The "App Tracking Transparency" prompt does not appear because we don't do anything that would require it.
12. Security
All network traffic uses TLS. Recordings and database rows are encrypted at rest in Supabase. Auth tokens are stored in the operating system's secure key store (Keychain on iOS, Keystore on Android) via expo-secure-store, never in plain storage. Every database table has row-level security so a misbehaving client cannot read another user's data.
13. International transfers
Several of our sub-processors (Supabase, AssemblyAI, Google, RevenueCat, PostHog, Sentry) may process data on servers in the United States. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
14. Changes to this policy
If we change this policy, we'll update the "last updated" date at the top. For changes that materially expand what we do with your data, we'll surface a notice on the next launch of the app so you can read the change before continuing.
15. Contact
Questions, concerns, GDPR or CCPA requests, takedown notices — they all go to the same address: support@speakle.io.