Privacy Policy — Anyvois

Data Controller
Definitions
Data Collected
Purposes and Legal Bases
Audio and Voice Data
Messages and Translations
Social Authentication Data
Third-Party Services
Data Transfers Outside the EU
Data Retention
Security
Data Subject Rights
Children
Changes
Contact

    This Privacy Policy describes how Anyvois collects, uses, and protects the personal data of users of the mobile application and related services. Please read it carefully before using the Service.
  

1. Data Controller

The Data Controller for the processing of personal data is:

Danilo Scribano
Via Cialdini 55A — 20821 Meda (MB), Italy
Email: app@anyvois.com
Website: www.anyvois.com

2. Definitions

App: the Anyvois mobile application, available for Android (package: com.voicelink.voicelink_app) and iOS.
Service: the set of features provided through the App and related backend servers.
User: any natural person who installs the App and creates an account.
Personal data: any information that identifies or makes identifiable a natural person, as defined in Article 4 of the GDPR.
Processing: any operation performed on personal data (collection, recording, storage, communication, etc.).
STT: Speech-To-Text — conversion of speech to text.
TTS: Text-To-Speech — conversion of text to synthesized speech.
PTT: Push-To-Talk — press-and-hold-to-record mode.
Live Translate / LiveSense: real-time translation via audio streaming.

3. Data Collected

Depending on the features used, we collect the following categories of data:

3.1 Data provided directly by the user

Username and display name: chosen during registration.
Email address: used for authentication, password recovery, and service communications.
Password: stored as an irreversible bcrypt hash (never in plain text).
Preferred language: used to personalize translations and the interface.
Profile picture (avatar): optional, uploaded by the user.

3.2 Data collected automatically

Device ID: a unique device identifier generated on first launch (anonymized alphanumeric string). Used for single-session management and abuse detection.
App version: reported to the backend on each WebSocket connection for update management.
FCM Token: Firebase Cloud Messaging token for sending push notifications. Updated on each app launch.
Activity timestamps: date and time of account creation, last access, and message sending.
Anti-spam logs: message counters per minute and per hour, stored in volatile server memory (not in a persistent database).

3.3 Communication data

Voice messages (PTT): recorded on-device via STT, converted to text before transmission. Raw audio is never sent to Anyvois servers for standard PTT messages.
Text messages: original message text and translated text (stored in the database).
Transcribed and translated text: the result of the STT → translation pipeline for voice messages.
Message metadata: destination channel or chat, source language, timestamp.

3.4 Live Translate (LiveSense) data

Streaming audio: during a LiveSense/Gladia session, PCM audio fragments from the microphone are streamed to the Gladia service (see Sections 5 and 8).
Usage quotas: LiveSense minutes used, stored in the database for the gradual quota system.
Session logs: session duration, number of audio chunks, and transcriptions and translations generated (if the "save sessions" feature is enabled).

3.5 Channel and chat data

Public and private channels: name, type, invite code, member count, messages.
Private chats (1:1): messages, translations, timestamps.
Presence status: online/offline indication in active channels (non-persistent).
Ghost mode: when active, the user appears invisible to others; this status is stored in the database.

3.6 Invite system data

Invite links: code, optional custom slug, visits, claims, expiration.
In-app invites: sender, recipient, channel, status (pending/accepted/declined).

4. Purposes and Legal Bases of Processing

Purpose	Data involved	Legal basis (Art. 6 GDPR)
Registration and account management	Email, username, password hash, language, avatar	Performance of a contract (Art. 6(1)(b))
Authentication and session security	JWT token, device ID, FCM token	Performance of a contract (Art. 6(1)(b))
Transmission and translation of voice/text messages	Transcribed text, language, channel/chat ID	Performance of a contract (Art. 6(1)(b))
Live Translate streaming (LiveSense)	Streaming PCM audio, transcriptions	Explicit consent of the user (Art. 6(1)(a))
Push notifications	FCM token, notification content	Performance of a contract + implied consent upon installation (Art. 6(1)(b))
Transactional emails (verification, password recovery, invite notifications)	Email address, username	Performance of a contract (Art. 6(1)(b))
Abuse prevention and service security	Device ID, anti-spam counters, event logs	Legitimate interest of the Controller (Art. 6(1)(f))
Invite management and referral system	Invite codes, visits, claims	Performance of a contract (Art. 6(1)(b))
App version monitoring and updates	App version, device ID	Legitimate interest (Art. 6(1)(f))
Compliance with legal obligations	All relevant data	Legal obligation (Art. 6(1)(c))

5. Audio and Voice Data — Detailed Processing

5.1 PTT (Push-To-Talk) Messages — Chat and Channels

When a user records a voice message using the PTT feature:

Speech recognition (Speech-To-Text) takes place entirely on the user's device, using the native operating system APIs (Android SpeechRecognizer). Raw audio is never transmitted to Anyvois servers.
Only the transcribed text is sent to the servers for translation and distribution to other participants.
The translated text is synthesized into speech (TTS) on the recipient's device, locally.

      Note: for standard PTT messages, Anyvois does not receive or store any audio file. Audio processing is limited to the user's device.
    

5.2 Live Translate / LiveSense (Gladia)

The LiveSense feature uses a third-party service (Gladia) for real-time translation with latency under 300ms. In this scenario:

The user explicitly activates the LiveSense session via a dedicated button.
PCM audio fragments from the microphone are streamed directly to Gladia via secure WebSocket (wss://api.gladia.io/v2/live).
A client-side VAD (Voice Activity Detection) system filters silence, reducing audio data transmitted by 40–60%.
Gladia returns the transcription and translation. These results may be stored in the Anyvois database as a "session archive" if the feature is enabled.

For Gladia's privacy policies regarding audio processing, please refer to: gladia.io/privacy.

5.3 Vivavois (High-quality text translation)

The Vivavois feature processes text (not audio) through neural machine translation engines (Marian NMT) hosted on Anyvois's VPS2 server in Germany. No audio data is involved in this feature.

6. Messages and Translations

6.1 Messages in public channels

Messages sent in a public channel are visible to all channel members at the time of posting. Messages in public channels are subject to a configurable TTL (Time To Live) set by the system administrator (default: 5 minutes from creation). Once the TTL expires, the message is automatically deleted from the database. Any user present in the channel at the time of delivery may have already received and cached the text on their device.

6.2 Private chats (1:1)

Private chat messages are stored in the database as original text and translated text. End-to-end encryption is not provided: messages may be accessed by system administrators for security purposes and abuse prevention.

6.3 Translations

Original text and generated translations (in the languages of participants) are stored in the message_translations table. Translations may be produced by the following engines:

Argos Translate — open-source engine running locally on VPS2.
Marian NMT — neural engine running locally on VPS2.
Amazon Translate — AWS cloud service (see Sections 8 and 9).

7. Social Authentication Data

Anyvois supports sign-in via third-party providers. In these cases:

7.1 Google Sign-In

The user authorizes Google to share an ID Token with Anyvois. The backend verifies the token's validity via Google APIs. The following data are stored in the Anyvois database: Google user identifier (as an internal reference), display name, and email address provided by Google. The account is flagged as a social login account (no password hash stored).

7.2 Apple Sign-In

Similar to Google. Apple may provide an anonymized email address (relay address); this address is stored as the account identifier.

7.3 Discord OAuth2

The user authorizes Discord to share their basic profile information. The following data are stored: Discord User ID, username, and email (if granted by the user during authorization).

No social authentication provider has access to the user's messages, channels, or other communication data on Anyvois.

8. Third-Party Services (Sub-processors)

Provider	Service	Data transmitted	Location / Regulation
Google LLC (Firebase)	Push notifications (FCM), Google authentication	FCM token, Google ID token, display name, email	USA / SCCs + Data Privacy Framework
Apple Inc.	Apple Sign-In	ID token, email (optional)	USA / SCCs
Discord Inc.	OAuth2 login	User ID, username, email (optional)	USA / SCCs
Gladia	Live Translate audio streaming (LiveSense)	Streaming PCM audio fragments (only during an active session)	France (EU) — GDPR
Amazon Web Services (AWS)	Amazon Translate — text translation	Text to be translated (anonymous, no user identifiers)	Germany, eu-central-1 region (EU) — GDPR
Zoho Corporation	Transactional email delivery (SMTP)	Recipient email address, username, email content	EU (EU data center) — GDPR
OVHcloud	VPS1 hosting (main backend)	All data processed by the backend	France (EU) — GDPR
Hetzner / VPS2 provider	VPS2 hosting (translation engines)	Text submitted for translation (channels/chats)	Germany (EU) — GDPR

Data processing agreements pursuant to Article 28 of the GDPR have been or will be entered into with providers acting as data processors.

9. Data Transfers Outside the EU

Some providers (Google, Apple, Discord) are based in the United States. Transfers are carried out in compliance with the safeguards provided by the GDPR, in particular through:

Standard Contractual Clauses (SCCs) adopted by the European Commission;
Equivalent mechanisms approved by the European Commission (e.g., the EU-US Data Privacy Framework).

The backend infrastructure (VPS1, VPS2) and Amazon Translate (eu-central-1 region) are located entirely within the European Union (France and Germany), ensuring that core data processing takes place within the EU.

10. Data Retention

Data category	Retention period	Notes
Account data (email, username, language, avatar)	Until account deletion or erasure request	Immediately deleted upon request
Messages in public channels	Configurable TTL (default: 5 minutes)	Automatically deleted from the database
Messages in private chats	Until one of the participants deletes their account	—
Message translations	Same as the original message	—
LiveSense session logs	Until account deletion or specific request	Only if the "save sessions" feature is enabled
Anti-spam logs	Volatile (in-memory), reset on server restart	Not persisted in the database
Email logs	90 days (configurable)	For delivery monitoring
FCM Token	Updated on each login; deleted upon account deletion	—
Deep-link invites	Until expiration or explicit revocation	—
Translation logs	90 days (for anonymous statistical purposes)	—

Upon account deletion, all personal data associated with the user is permanently and irreversibly removed from the database. Anonymized copies may persist for aggregate statistical purposes.

11. Data Security

Anyvois adopts appropriate technical and organizational measures to protect personal data, including:

Encryption in transit: all communications between the App and servers take place over HTTPS/TLS (SSL certificates on all anyvois.com subdomains) and secure WebSocket (WSS).
JWT authentication: short-lived tokens accompanied by refresh tokens; revoked upon logout or device change.
Irreversible password hashing: bcrypt with salt; passwords are never stored in plain text.
Single-device session: a new login from a different device invalidates the previous session (force_logout).
Anti-spam: rate limits on messages per minute and per hour, with automatic temporary bans.
Restricted administrative access: the admin dashboard is accessible only via Basic authentication over HTTPS.
System separation: translation engines are hosted on a separate server from the main backend.

Note: no security system is infallible. In the event of a data breach that may pose risks to the rights and freedoms of users, Anyvois will notify the relevant Data Protection Authority within 72 hours and inform affected individuals without undue delay, in compliance with Articles 33–34 of the GDPR.

12. Data Subject Rights

As a data subject, you have the right to:

Access (Art. 15 GDPR): obtain confirmation of the processing of your data and receive a copy thereof.
Rectification (Art. 16): correct inaccurate data or supplement incomplete data.
Erasure ("right to be forgotten", Art. 17): request the deletion of your data, subject to any legal retention obligations.
Restriction (Art. 18): obtain restriction of processing in certain circumstances.
Portability (Art. 20): receive the data you provided in a structured, commonly used, and machine-readable format.
Objection (Art. 21): object to processing based on legitimate interest.
Withdrawal of consent: for processing based on consent (e.g., LiveSense), withdraw consent at any time without affecting the lawfulness of prior processing.
Complaint: lodge a complaint with the competent Supervisory Authority (Italian Data Protection Authority — Garante per la Protezione dei Dati Personali, garanteprivacy.it).

To exercise your rights, write to: app@anyvois.com with the subject line "GDPR Request" and specify the right you wish to exercise. We will respond within 30 days of receipt.

      Quick account deletion: you can delete your account directly from the App, under Account → Delete account. This action irreversibly deletes all personal data associated with your account.
    

13. Children

The Service is intended for individuals aged at least 16 years (or the minimum age for digital consent under applicable national law). Anyvois does not knowingly collect data from minors. If we become aware that a user is below the required minimum age, we will promptly delete the account and all associated data.

Parents or guardians who believe that a minor has created an account on Anyvois are invited to contact us at app@anyvois.com.

14. Changes to This Policy

Anyvois reserves the right to update this Privacy Policy to reflect regulatory, technical, or operational changes. In the event of material changes, users will be notified via an in-app notification or email at least 14 days in advance. Continued use of the Service after notification constitutes acceptance of the updated Policy.

The latest version will always be available at: www.anyvois.com/privacy_policy.html.

15. Contact

For any questions regarding this Privacy Policy or the processing of your personal data:

Danilo Scribano — Data Controller
Via Cialdini 55A — 20821 Meda (MB), Italy
Email: app@anyvois.com

Supervisory Authority:
Garante per la Protezione dei Dati Personali
www.garanteprivacy.it

Table of Contents