Privacy Policy
Last updated: May 25, 2026
At a Glance
- Your recordings, transcriptions, and analyses are your property
- Audio is stored locally on your device; only uploaded temporarily for AI processing, then permanently deleted from our servers
- We never use your content to train AI models
- We do not sell, rent, or share your personal data for advertising
- Anonymous telemetry helps us improve the app — it contains no personal identifiers
- You can delete your account and all associated data at any time
- See our Trust & Security page at callrecap.app/trust for technical details
Who We Are
Cortex Edge FZ LLC, registered in RAK FZ, UAE.
Contact: [email protected]
For privacy-specific inquiries: [email protected] (subject: Privacy)
Companion App & Accessibility Service
Full functionality requires our companion app, CallRecap Connect. It works only when paired with the main app and is installed by you from our official channels. The companion has no hidden behavior: it is visible in your launcher and listed in Android's Apps list.
Why an Accessibility Service? Android does not expose any other reliable way for a third-party app to know that a VoIP call (WhatsApp, Telegram, Messenger, Signal, and similar) has started or ended. The companion uses the Accessibility Service to recognise when a supported call screen opens, so recording can start, and when it closes, so recording can stop. It also reads the contact name shown on that call screen so your recording is labelled with the right name.
What it does not do. Through the Accessibility Service, the companion reads only the call screen of supported calling apps. It does not read your messages, does not capture what you type, does not read your saved passwords or content in other apps, and does not read your stored contacts list. It has no internet access of its own; it passes only what is needed to start recording and label the call to the main CallRecap app on your device.
Your consent and control. The Accessibility Service is enabled only after you explicitly grant it in Android Settings, with a system dialog that describes what enabling it means. You may revoke it at any time from the same Settings screen. If you revoke it, VoIP call recording stops working — the rest of CallRecap (manual recording, transcription, AI analyses, your existing data, cloud backup) continues to work.
Data We Collect
-
Email address — for account authentication and subscription management. Stored on our servers (Supabase, hosted on AWS EU — Ireland). Retained while account is active.
-
Audio recordings — stored locally on your device. When you use transcription, audio is temporarily uploaded to our processing servers, transcribed, and permanently deleted immediately after processing. We do not retain copies. For backup, you may connect your own cloud service (Google Drive, OneDrive, Dropbox) — backups go to your account, not ours.
-
Transcriptions and AI analyses — generated from your audio and stored in your account on our servers. Retained while your account is active. Deleted upon account deletion.
-
Contacts — accessed on-device only to display caller names. Your contact list is never uploaded to our servers.
-
Call phone numbers — the phone number of a recorded call is stored with that recording so you can identify it. Used only to label and organise your recordings. We do not upload your full call history.
-
Calendar — read and written on-device only if you choose to add action items. Not sent to our servers.
-
Subscription data — plan status and billing events. Payment processing is handled by Google Play Billing (in-app) and Stripe (web purchases). We never store, access, or process your payment card details.
-
Anonymous device telemetry — device model, Android version, app language, feature usage frequency, crash reports. Contains no personal identifiers and cannot be linked to any specific user. Used to improve app quality and compatibility.
How We Use Your Data
- To provide the CallRecap service (recording, transcription, analysis, reminders)
- To process your audio for transcription (temporarily uploaded, then permanently deleted)
- To generate AI summaries and action items from your transcriptions
- To manage your subscription and billing via Google Play or Stripe
- To improve the app through anonymous telemetry (no personal data involved)
- To respond to your support requests
- To send important service notifications (security alerts, Terms changes)
Email Communications
We may contact you at the email address associated with your account for the following purposes:
- Account and transactional matters — sign-in confirmations, password resets, subscription receipts, billing notices.
- Service-related communications — important product updates, security notices, changes to this Privacy Policy or the Terms of Service.
- Support and feedback — responding to requests you send us, and occasionally reaching out to ask for your honest feedback about your experience with CallRecap so we can improve the product.
We do not send marketing emails to third parties and we do not sell your email address. You can stop receiving optional communications at any time by replying to ask us to unsubscribe, or by writing to [email protected].
AI Providers & No-Training Commitment
CallRecap uses secure third-party AI services, hosted in the United States or European Union, to provide transcription and analysis features. Here is how your data flows:
| Service |
Data Sent |
Retention by Provider |
Used for Training? |
| Speech-to-text transcription |
Audio file |
Not retained after processing |
No — zero-retention API |
| AI analysis (summary, action items) |
Transcription text only |
Not retained after processing |
No — zero-retention API |
Core commitments:
- We will never use your recordings, transcriptions, or analyses to train, fine-tune, or develop any AI model — ours or any third party's — without your explicit, separate, informed opt-in consent.
- Our AI providers process your data solely to generate the requested output (transcript, summary, action items). Under our API terms, they do not retain your data beyond the processing session and do not use it for model training.
- Audio uploaded for transcription is permanently deleted from our servers immediately after processing is complete. We maintain an audit trail of deletion for accountability.
- In the future, we may offer a voluntary opt-in program for contributing anonymized data to improve our services. Such a program would be disabled by default, require explicit action to enable, use only anonymized and de-identified data, and be revocable at any time.
For more details on our AI providers and security practices, see our Trust & Security page.
Data Sharing
- We do not sell your personal data
- We do not share your data with third parties for marketing or advertising
- We do not engage in cross-context behavioral advertising
- We do not create user profiles for advertising purposes
We share data only with:
- AI processing providers — under zero-retention API terms, solely for transcription and analysis
- Cloud infrastructure (Supabase/AWS) — for database and server hosting, under enterprise security standards
- Payment processors (Google Play Billing, Stripe) — for subscription management only
We may disclose data if required by law, court order, or to protect the rights, safety, or property of our users or the public.
Data Retention
| Data |
Retention |
Notes |
| Audio on our servers |
Deleted immediately after transcription |
Audit trail maintained |
| Transcriptions & analyses |
While account is active |
Deleted on account deletion |
| Account data (email) |
While account is active |
Deleted within 30 days of account deletion |
| Subscription/billing records |
7 years after last transaction |
Legal/tax obligation |
| Anonymous telemetry |
Indefinitely |
Contains no personal identifiers |
| Local recordings on your device |
Controlled by you |
We never delete your local files |
Security
- All data in transit is encrypted with TLS 1.3
- All data at rest is encrypted with AES-256
- Our database infrastructure is hosted on AWS (EU — Ireland) via Supabase, which maintains SOC 2 Type II compliance
- Access to personal data is restricted via Row-Level Security (RLS) policies — each user can only access their own data
- Authentication uses JWT tokens with industry-standard security
- We never store payment card details — all billing is handled by Google Play and Stripe
- For full security details, visit callrecap.app/trust
Your Rights
You have the right to:
- Access your personal data and request a copy
- Correct inaccurate information
- Delete your account and all associated data
- Export your data (transcriptions, analyses)
- Object to specific data processing
- Withdraw consent at any time
- Lodge a complaint with a data protection authority
To exercise any of these rights, contact [email protected]. We respond within 30 days.
You can delete your account directly from the app (Settings → Account → Delete Account) or via callrecap.app/delete-account. Account deletion is permanent and irreversible. All personal data is removed from our servers within 30 days.
International Data Transfers
Your data is processed and stored in the European Union (Ireland), where our infrastructure is hosted via AWS. Some data may be temporarily processed in the United States or European Union by our AI providers for transcription and analysis. We ensure appropriate safeguards are in place, including encryption in transit and at rest, and contractual obligations with our service providers that meet GDPR standards.
European Economic Area & UK (GDPR)
If you are in the EEA or UK, the following applies:
- Data residency: Your data is stored in the EU (AWS Ireland). Audio sent for AI processing may be temporarily processed in the US or EU by our AI providers under zero-retention terms.
- Legal basis for processing: (a) Performance of contract (providing the Service); (b) Legitimate interest (anonymous telemetry for product improvement); (c) Consent (optional features like cloud backup)
- You have all rights under GDPR Articles 15–22, including the right to data portability and the right to lodge a complaint with your local supervisory authority
- Data controller: Cortex Edge FZ LLC, RAK FZ, UAE
- Contact for data protection inquiries: [email protected]
California Residents (CCPA/CPRA)
If you are a California resident:
- We do not sell your personal information as defined by the CCPA
- We do not share your personal information for cross-context behavioral advertising
- You have the right to know what personal information we collect, request deletion, and opt out of any future sale
- We do not discriminate against users who exercise their CCPA rights
- To make a request: [email protected]
- Categories of personal information collected in the last 12 months: identifiers (email), commercial information (subscription status), internet/network activity (anonymous telemetry), audio recordings (temporarily processed, not retained)
Your Responsibility
The Service is available globally, but availability does not imply legality of your specific use. You are solely responsible for complying with call recording laws in your jurisdiction and every jurisdiction where parties to your recorded calls are located. Laws vary significantly — many countries require consent from all parties before recording. See our Terms of Service, Section 4 for details on your obligations.
Children
CallRecap is available on Google Play for users aged 13 and older. However, we strongly recommend that users be at least 18 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will promptly delete it. If you are a parent or guardian and believe your child has provided us with personal data, contact us at [email protected].
Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via the app or email at least 14 days in advance. The date at the top of this page reflects the most recent update. We recommend reviewing this policy periodically.
Contact
[email protected]
Cortex Edge FZ LLC · RAK FZ, UAE
Trust & Security: callrecap.app/trust