Privacy Policy

Last updated: January 15, 2025

1. Introduction

Welcome to RecordZen. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and use our services, and tell you about your privacy rights and how the law protects you.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from other sources. The types of data we collect include:

2.1 Contact Information

  • Name: First name, last name, and username
  • Email Address: Required for account creation, authentication, and communication
  • Phone Number: Optional for authentication via SMS verification
  • Date of Birth: Required for age verification (must be 13 years or older)
  • Physical Address: We may collect postal addresses from your device contacts if you grant us permission to access your contacts for the purpose of connecting with friends and family

2.2 User Content

  • Photos and Videos: Video recordings and photos you create, upload, or share through our service, including thumbnails and multiple quality variants (240p, 480p, 720p, 1080p)
  • Audio Data: Voice notes and audio recordings associated with your memories
  • Text Content: Titles, descriptions, tags, and mood selections you add to your memories
  • Profile Content: Profile photos and videos, bio information

2.3 Location Information

  • Precise Location: With your permission, we collect GPS coordinates (latitude and longitude) when you capture photos or videos to enable location-based features like "On This Day" memory discovery
  • Location Permission: We only collect location data when you're actively using the app (not in the background)

2.4 Identifiers

  • User ID: Unique identifier assigned to your account
  • Device ID: Push notification token (APNs device token) to send you notifications
  • Authentication Tokens: JWT access and refresh tokens for secure API access
  • OAuth Identifiers: Tokens from third-party authentication providers (Google, Facebook, Apple Sign-In) if you choose to sign in with these services
  • Social Identifiers: Circle IDs, share link codes, and invitation codes for sharing features

2.5 Device and Technical Information

  • Device Information: Device model, operating system version (iOS version), app version, device orientation
  • Technical Data: IP address, browser type and version, time zone settings, operating system and platform
  • Network Information: Information about your internet connection and service provider

2.6 Usage Data and Analytics

  • App Interaction: Information about how you use our services, including features accessed, buttons clicked, and navigation patterns
  • Share Analytics: Number of times you share memories, view counts, and viewer analytics for shared content
  • Onboarding Progress: Status and completion of registration and onboarding steps
  • Content Metadata: Creation dates, modification dates, file sizes, and formats of your content

2.7 Social and Relationship Data

  • Contacts: With your explicit permission, we access your device contacts to help you connect with friends and family through our "Circles" feature
  • Circle Information: Names, descriptions, and members of sharing circles you create
  • Privacy Settings: Your sharing preferences, visibility settings, and permission controls for each memory
  • Social Interactions: Comments, reactions, and shares on memories (when applicable)

2.8 Diagnostic Data

  • Error Logs: Information about errors and crashes to help us improve the app
  • Performance Data: App performance metrics, load times, and response times
  • Request Data: API request and response data for debugging and troubleshooting

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve our video journaling platform
  • Account Management: To create and manage your account, authenticate your identity, and verify your age
  • Content Storage: To securely store, process, and transmit your videos, photos, and other content
  • Social Features: To enable sharing with friends and family through Circles, manage privacy settings, and provide view analytics
  • Location Features: To provide location-based memory discovery and "On This Day" features
  • Communication: To send you push notifications, service updates, security alerts, and respond to your inquiries
  • Personalization: To customize your experience and provide relevant features based on your preferences
  • Analytics and Improvement: To analyze usage patterns, improve our service, develop new features, and troubleshoot issues
  • Security: To detect, prevent, and address fraud, abuse, technical issues, and security incidents
  • Legal Compliance: To comply with legal obligations, enforce our terms, and protect our rights and property
  • Payment Processing: To process subscription payments and manage billing

4. Data Storage and Security

Your video recordings and personal data are stored securely using industry-standard encryption. We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

5. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. You can delete your content at any time from your account settings.

6. Your Data Protection Rights

Under data protection laws, you have the following rights:

  • The right to access: You have the right to request copies of your personal data
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate
  • The right to erasure: You have the right to request that we erase your personal data
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data
  • The right to data portability: You have the right to request that we transfer your data to another organization

7. Cookies

We use cookies and similar tracking technologies to track activity on our service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

8. Third-Party Services and Data Sharing

We work with third-party service providers to deliver our services. These providers have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

8.1 Authentication Services

If you choose to sign in using third-party authentication:

  • Google Sign-In: We receive your Google ID, email address, and profile information (name, profile photo) when you authenticate with Google. We request scopes: openid, email, and profile.
  • Facebook Login: We receive your Facebook ID, email address, and public profile information when you authenticate with Facebook.
  • Apple Sign-In: We receive your Apple ID, email address (which may be anonymized by Apple), and full name when you authenticate with Apple.

These services are governed by their respective privacy policies. We do not have access to your password for these services.

8.2 Cloud Storage and Hosting

  • Amazon Web Services (AWS): We use AWS S3 to store your videos, photos, and other media content. AWS provides secure, encrypted storage and complies with industry-standard security practices.
  • Content Delivery: We use cloud infrastructure to deliver your content efficiently and securely across our platform.

8.3 Communication Services

  • Apple Push Notification Service (APNs): We use APNs to send push notifications to your iOS device. Your device token is shared with Apple for this purpose.
  • SMS Services: We use third-party SMS providers to send one-time password (OTP) codes for phone verification.
  • Email Services: We use email service providers to send account-related emails and notifications.

8.4 Payment Processing

We use third-party payment processors to handle subscription payments. We do not directly store or process your full credit card information. Payment information is encrypted and handled by PCI-compliant payment processors.

8.5 When We Share Your Data

We may share your personal data in the following circumstances:

  • With Your Consent: When you explicitly choose to share memories with specific people through our Circles feature
  • Service Providers: With third-party vendors who perform services on our behalf (hosting, analytics, customer support)
  • Legal Requirements: When required by law, legal process, or government request
  • Safety and Security: To protect the rights, property, and safety of RecordZen, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

We do NOT:

  • Sell your personal information to third parties
  • Share your content publicly without your explicit permission
  • Use your data for advertising purposes or share with advertising networks
  • Share your data with data brokers

9. Data Linking and Tracking

In compliance with Apple App Store privacy requirements, we want to be transparent about how data is linked to you:

9.1 Data Linked to Your Identity

The following data is collected and linked to your identity:

  • Contact information (name, email, phone number)
  • User content (photos, videos, audio, text descriptions, tags)
  • Location data (precise GPS coordinates when capturing memories)
  • Identifiers (user ID, device push notification token)
  • Usage data (share analytics, view counts, app interactions)
  • Diagnostic data (crash logs, performance metrics)

9.2 Tracking and Advertising

Current Version: In the current version of RecordZen, we do not track you for advertising purposes or display advertisements.

Future Advertising (If Implemented): We may introduce optional advertising in future versions of the app to support free or lower-cost tiers. If we do, we will:

  • Request Permission: Use Apple's App Tracking Transparency (ATT) framework to request your permission before collecting your Identifier for Advertisers (IDFA)
  • Provide Choice: Allow you to opt-out of personalized advertising while still using the app
  • Collect IDFA: Only with your explicit consent, we may collect your device's advertising identifier (IDFA) to show you relevant ads
  • Advertising Partners: Work with trusted third-party advertising networks that comply with privacy regulations
  • Data for Ads: May use demographic information (age range, general location), interests inferred from app usage, and device information for ad targeting
  • Ad Measurement: Track ad impressions, clicks, and conversions to measure advertising effectiveness
  • Update Policy: Update this privacy policy and notify you before implementing any advertising features

Your Control: If advertising is introduced:

  • You can disable personalized ads in your device Settings > Privacy > Tracking
  • You can opt for a paid subscription to remove all advertisements
  • We will never sell your personal content (videos, photos, audio) to advertisers
  • We will never share your contact list or precise location with advertising networks without explicit consent

What We Will NOT Do (Even With Advertising):

  • Sell your personal information to third parties
  • Share your user-generated content (videos, photos, audio) with advertisers
  • Share your data with data brokers
  • Track you across other apps and websites without your permission
  • Use your sensitive data (health information, financial data, precise location) for advertising without explicit consent

9.3 Device Permissions

Our iOS app requests the following permissions:

  • Camera: To record videos for your journal (required for core functionality)
  • Microphone: To capture audio with videos (required for core functionality)
  • Photo Library: To access and save photos and videos (required for core functionality)
  • Contacts: To help you find friends and family to add to Circles (optional)
  • Location (When In Use): To tag memories with location data for "On This Day" features (optional)
  • Notifications: To send you reminders and updates (optional)

You can manage these permissions at any time through your device settings. Denying certain permissions may limit functionality but will not prevent you from using the core features of the app.

10. Children's Privacy

Our service is not intended for use by children under the age of 13. We do not knowingly collect personally identifiable information from children under 13. We require users to provide their date of birth during registration to verify that they are 13 years of age or older.

If you become aware that a child under 13 has provided us with personal data, or if you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@recordzen.com. We will take steps to delete such information from our systems.

11. International Data Transfers and Privacy Regulations

11.1 GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

11.2 CCPA Compliance (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your CCPA rights
  • Right to request specific details about data collected in the past 12 months

11.3 Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy.

12. Data Deletion and Your Rights

You have the right to request deletion of your personal data. You can delete your account and data in two ways:

  • In-App Deletion: Navigate to Settings > Account > Delete Account in the RecordZen app
  • Email Request: Send a deletion request to privacy@recordzen.com from your registered email address

For more information about data deletion, please visit our Data Deletion Request page.

Upon receiving a valid deletion request, we will delete your account and associated data within 30 days, except where we are required to retain certain information for legal, accounting, or security purposes.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you by updating the "Last updated" date at the top of this Privacy Policy.

If we make material changes, we will provide additional notice, such as through an in-app notification or by sending you an email. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should discontinue use of our services and delete your account.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@recordzen.com
  • Data Protection Officer: dpo@recordzen.com
  • Legal: legal@recordzen.com

We will respond to your inquiry within 30 days of receipt. For data deletion requests, please allow up to 30-90 days for processing depending on the complexity of your request.