black and white bed linen

Our Policies

Important legal and operational policies for your review.

Privacy Policy for Verbum Notes

Last updated: November 14, 2025
Controller: Verbum Notes
Privacy contact: privacy@verbumnotes.com — see “Contact Us” below.

1. Introduction & Purpose

We respect your privacy. This Privacy Policy explains how Verbum Notes (“we”, “us”, “our”) collects, uses, discloses, stores, and protects personal information when you use the Verbum Notes mobile app and related services (the “App”), and it explains your choices and rights in different jurisdictions, including the European Economic Area (EEA)/UK and countries in the Americas. This policy supplements — and does not replace — local laws where they provide greater protection.

2. Scope & Definitions

  • Personal information — any information that identifies or could reasonably identify an individual (e.g., name, email, device identifiers, voice recordings).

  • Sensitive / Special-category data — highly sensitive information (e.g., biometric data used to identify a person; health data). Processing such data typically requires stronger safeguards and, in some jurisdictions, explicit consent.

This Policy applies to data collected directly from you via the App, data you choose to upload via integrations, and data collected automatically from your device.

3. What We Collect

We collect categories of data necessary to operate the App and provide its features:

  • Voice recordings — audio recorded by you using the App. This data is treated as sensitive.

  • Transcripts & Derived Data — text transcripts produced by speech-to-text services, and any AI-generated content (such as summaries, keywords, or sentiment analysis) if you choose to enable those features.

  • User Content for AI Processing — The text of your notes or other content that you explicitly choose to submit for processing by integrated AI features.

  • Metadata & Technical Data — date/time, duration of recordings, device model, operating system, app version, usage logs, crash logs, and anonymised analytics.

  • Account/Profile Data — name, email, password hash, preferences, and saved folders.

  • Third-party Integration Data — data from services you authorize (e.g., connecting your cloud storage).

We do not collect more data than is necessary for the features you choose to use.

4. How We Use Your Information (Purposes)

We use personal information for clearly stated purposes:

  • Providing and operating the core functionalities of the App.

  • Processing your recordings (e.g., for storage and transcription) at your direction.

  • To provide advanced, optional features, such as voice transcription and AI-powered text generation (e.g., summaries, rephrasing), through integrated third-party services.

  • Improving and securing the App.

  • Communicating with you about the App.

  • Complying with legal obligations and preventing abuse or fraud.

We do not sell your personal information. (See Section 18 for jurisdictional specifics about “sale” and opt-out rights.)

5. Legal Bases (EU/EEA/UK)

If you are in the EU/EEA or UK, our processing of personal data is based on one or more lawful bases under the GDPR (or UK GDPR), depending on the activity: consent, performance of a contract, legal compliance, or legitimate interests. For any processing of sensitive data, we rely on stricter conditions such as your explicit consent.

What this means for you: For basic app functionality, we rely on the performance of the services you requested. For features that process voice recordings or use AI, we rely on your explicit consent, given when you choose to use that feature.

6. Consent & Recordings (Core Protections)

  • Explicit Informed Consent. We will request your explicit informed consent before the App accesses your microphone or starts any recording. The consent screen will explain what will be recorded, how recordings will be used (including any AI processing and third-party involvement), retention periods, and your rights.

  • Consent Log. We maintain a tamper-resistant consent record showing the exact prompt text, your action (Accept/Decline), timestamp, and device details.

  • Withdrawal. You may withdraw consent at any time via the App or by disabling microphone access in your device settings. Withdrawal will not retroactively invalidate lawful processing performed while consent was valid.

  • Recording Others. You are solely responsible for obtaining any consents required by law to record other people.

7. Biometric / Speaker Identification (High-Risk Processing)

Voice biometrics or any processing intended to uniquely identify a person from their voice is high-risk processing. If we ever offer such features, we will:

  • require a separate and explicit opt-in for that feature;

  • perform and publish a Data Protection Impact Assessment (DPIA) documenting risks and mitigations;

  • and implement additional technical and legal safeguards.

8. Data Retention & Deletion

We retain personal data only as long as necessary for the purpose for which it was collected. You can request deletion of your data at any time (see Section 13). When we delete data, we remove active copies and securely purge backups as reasonably practicable.

9. Security Measures

We implement commercially reasonable technical and organisational safeguards, including TLS 1.2/1.3 encryption in transit, AES-256 encryption at rest, key management systems (KMS), role-based access controls, and regular vulnerability scanning. No system is perfectly secure; we will, however, take all reasonable steps to protect your data.

10. Third-Party Processors & Integrations

We use trusted processors (e.g., cloud hosts, analytics services) who process data only on our instructions under strict Data Processing Agreements (DPAs).

  • AI and Voice Recognition Services: To provide certain advanced features, such as voice-to-text transcription and AI-powered content generation, we partner with specialized third-party service providers. These may include, but are not limited to, Google (Gemini models), OpenAI, and OpenRouter.

    • When you choose to use one of these specific features, the data required to perform the function (such as your voice recording for transcription or the text of a note for AI analysis) will be securely transmitted to that third party for processing.

    • These providers are contractually obligated to use your data solely for the purpose of providing the requested feature. They are prohibited from using your data to train their models or for any other purpose unless explicitly stated in their own privacy policies.

    • Your use of these AI-powered and voice recognition features is voluntary. By using these features, you acknowledge and agree that your data will be processed by these third-party services. We are not responsible for the privacy or security practices of our third-party partners and strongly encourage you to review their privacy policies.

  • Optional Integrations: Integrations that forward your recordings to external services (e.g., your own cloud storage) are disabled by default and activated only with your explicit choice.

11. International Transfers & Safeguards

Our infrastructure and processors may be located worldwide, meaning your data may be transferred outside your jurisdiction (e.g., from the EU to the US). For such transfers, we rely on legally recognised safeguards such as Standard Contractual Clauses (SCCs) and other mechanisms required by law to ensure your data remains protected.

12. Requests from Law Enforcement & Legal Obligations

We may disclose personal data in response to lawful requests (e.g., subpoenas, court orders). Where permitted, we will challenge or narrow requests and will notify you unless legally prohibited from doing so.

13. Your Rights

You have rights over your personal information, which vary by region.

  • EU/UK (GDPR / UK GDPR): You have rights including access, rectification, erasure, restriction, portability, and objection. You can also lodge a complaint with your local data protection authority.

  • United States (State Laws): If you are a California resident, you have additional rights including access, deletion, correction, and the right to opt out of the "sale" or "sharing" of personal information. We do not sell your personal information. Several other US states have also adopted privacy laws, and we will comply with applicable state requirements.

  • Canada (PIPEDA): You may exercise access and correction rights and have recourse to the Office of the Privacy Commissioner of Canada (OPC).

  • Brazil (LGPD): Provides rights similar to GDPR (access, correction, deletion) and imposes cross-border transfer controls.

How to exercise your rights: Email us at privacy@verbumnotes.com with the subject line “Privacy Request”. We will verify your identity and respond within statutory timeframes.

14. Data Protection Officer & EU Representative

If required by law, we will appoint a Data Protection Officer (DPO) or an EU/UK representative. To request their contact details, where applicable, please contact us at privacy@verbumnotes.com.

15. Data Breach Response & Notification

We will promptly investigate any security breach and will notify affected individuals and regulators as required by law.

16. Children

The App is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have, please contact us at privacy@verbumnotes.com so we can take corrective action.

17. Updates to This Policy

We will update this Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this policy will indicate the latest revision. For material changes, we will provide notice through an in-app notification or by email.

18. US & California Specifics

California residents have the rights required by the CCPA/CPRA. To exercise these rights, please contact us at privacy@verbumnotes.com. We will not discriminate against you for exercising your privacy rights.

19. Cross-Border Transfer Practicalities

For data transfers from the EU/EEA to countries not deemed adequate, we primarily rely on Standard Contractual Clauses (SCCs) supplemented with additional security measures as needed. We monitor international legal developments to ensure our transfer mechanisms remain compliant.

20. Contact Us

Verbum Notes
Email: privacy@verbumnotes.com

Our Policies

Connect

Stay in touch with our updates.

Support

Follow

contact@verbumnotes.com

+1-800-555-0199

© 2025. All rights reserved.