Privacy Policy.
Last updated: 5 July 2026
This policy explains what information Word of Mouth ("we", "us") collects, why, and what happens to it. The short version: we collect what's needed to turn your talks into documents and nothing more — no ads, no tracking, no selling your data.
1. What we collect
- Account details — your name, email address and password. Passwords are stored only as a salted cryptographic hash; we cannot read them.
- Your content — the audio you record, the transcripts produced from it, and the formatted documents, titles and folders you create.
- Membership details — if you go PRO, we store your Stripe customer and subscription identifiers and your membership expiry. We never see or store your card number; Stripe handles payment details.
- Basic technical data — the kind of standard server logs any website keeps (such as request times and errors), used only to keep the Service running.
2. What we use it for
- Providing the Service: recording, transcribing, formatting, storing and letting you download your talks.
- Managing your account and PRO membership, including verifying subscription status with Stripe.
- Sending you password reset codes when you request them.
We do not sell your information, show you ads, or use advertising trackers. The app sets exactly one cookie: a session cookie that keeps you signed in.
3. Who processes your data for us
To provide the Service, some data passes through trusted third-party providers:
- OpenAI — your audio is sent to OpenAI for transcription, and transcripts are sent for formatting. Under OpenAI's API terms, this data is not used to train their models.
- Stripe — processes payments and stores your payment details under its own privacy policy.
- Resend — delivers password reset emails to your address.
- Google Drive — only if you choose to connect it, finished documents are uploaded to your own Google Drive. The connection can only see files the app itself created, and you can disconnect it at any time.
4. How your data is stored and secured
- Your content and account data are stored on the server that runs the Service.
- Passwords are salted and hashed (scrypt); session cookies are HTTP-only and signed; password reset codes expire after 15 minutes and work only once.
- No system is perfectly secure, but we deliberately keep the data we hold to a minimum.
5. How long we keep it
- Your recordings, transcripts and documents stay in your account until you delete them. Deleting a recording in the app removes it and its audio from our storage.
- Your account details are kept while your account exists.
- To delete your account and everything in it, email us (below) and we'll remove it within 30 days.
6. Your rights
You can ask us at any time to access, correct, export or delete the personal information we hold about you, and we'll respond in line with the Australian Privacy Principles and any other privacy laws that apply to you. Most of it you can already see and manage directly in the app.
7. Children
The Service is not directed at children under 13, and we don't knowingly collect their information. If you believe a child has created an account, contact us and we'll remove it.
8. Changes to this policy
If we change this policy in any meaningful way, we'll let you know by email or a notice in the app before the change takes effect.
9. Contact
Privacy questions or requests: support@wordofmouth.cc