Privacy Policy
Last updated: May 2026
Introduction
This Privacy Policy explains how Gromi collects, uses, shares, and retains information about you when you use our iOS application and related services (collectively, the "Service"). It also describes your rights regarding your personal data.
Please read this policy carefully before using the Service.
Who This Policy Applies To
This policy applies to all users of the Gromi iOS application worldwide. The Service is not directed at children. Users should be of the age required to form a binding contract in their jurisdiction. If we become aware that a user is below the applicable minimum age, we reserve the right to take appropriate action in accordance with applicable law.
Data Controller and Applicable Law
BYGEN AI Kft. (VAT number: 32746763-2-04, seat: 5600 Békéscsaba, Lázár utca 3, Hungary) is the data controller for personal data processed through the Service.
Users located in the European Economic Area (EEA) and Switzerland have rights under the General Data Protection Regulation (GDPR) and, for Swiss residents, the Swiss Federal Act on Data Protection (nFADP). Where we refer to "GDPR" in this policy, Swiss users should read this as also referring to the nFADP where applicable.
Users located in California may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), described in the "california residents" section below.
What Data We Collect
Account and Authentication Data
When you create an account, we collect your email address and a hashed password, or, if you use Sign in with Apple, the identity token and email address provided by Apple. We do not receive or store your Apple ID password.
Voice Recordings
When you create a voice capture, your audio is recorded on your device and uploaded to our servers, where it is stored in AWS S3. Audio files are temporarily stored on your device during upload and deleted from your device once the upload succeeds. On our servers, audio files are retained for the duration of your account unless you delete individual captures or your account.
Transcriptions
Your voice recordings are transcribed to text. Where your device supports on-device speech recognition, transcription may occur locally without sending audio to third parties. Where on-device recognition is unavailable or for server-side processing, audio is sent to Groq (primary) or OpenAI (fallback) for transcription. When you use the live recording feature, audio may also be processed by Apple's speech recognition servers if on-device recognition is unavailable. Transcriptions are stored on our servers.
Text, Link, and Image Captures
If you create text notes, save links, or upload images, this content is stored on our servers. For link captures, our server fetches the content of the URL you submit in order to generate a summary; this fetched content is not stored and exists only for the duration of processing.
AI-Generated Content
The text content of your captures — along with your personalization settings (personality style, goals, feedback style, and any custom instructions you have written) — is sent to Amazon Bedrock for AI processing. Bedrock generates titles, summaries, action items, insights, and your AI companion's responses. This AI-generated content is stored on our servers alongside your captures.
Your user ID and email address are not included in prompts sent to AI services. However, the content of your captures may contain personal information you have spoken or typed.
Tasks, Goals, and Habits
Data you enter for task management, goal tracking, and habit tracking — including names, descriptions, completion history, and scheduling information — is stored on our servers.
Calendar Data
If you grant calendar access, we read your calendar events (title, start and end time, location, calendar name, and all-day status) for the next 7 days, up to 50 events per sync, and send this data to our servers to help with scheduling and context. We request full calendar access (read and write). Event notes are read locally but not sent to our servers.
Personalization Settings
Your preferences set during onboarding and in Settings — including personality style, primary goals, feedback style, rhythm preference, voice/language preference, timezone, and custom instructions — are stored on our servers. Custom instructions you write are also sent to an AI model for safety validation before storage.
Analytics and Error Data
We use PostHog to collect product analytics. PostHog receives your user ID (an internal UUID, not your email) and behavioral events such as features used, captures created, and search queries. Search query strings and link URLs submitted to the app are included in these events.
We use Sentry for error monitoring and performance tracing. Sentry receives your user ID, error context, stack traces, and metadata about API requests (endpoint paths, response times).
Neither service receives your name, email address, or the content of your captures.
Data We Do Not Collect
We do not collect data through system APIs for location, contacts, photo library, camera, HealthKit, biometrics, push notifications, or advertising identifiers. We do not use any advertising SDKs or engage in cross-app tracking.
User-Generated Content and Sensitive Data
The content of your voice recordings, text notes, and other captures is controlled by you. If you choose to record or write information that is sensitive in nature — such as health or medical information, financial details, or personal circumstances — that content will be stored and processed as described in this policy, including being sent to third-party AI services for transcription and extraction. We do not solicit sensitive personal data and have no visibility into what users choose to capture. You should be aware of this before recording or writing sensitive information.
Why We Process Your Data and Our Legal Basis (GDPR)
| Processing purpose | Data involved | Legal basis (GDPR) |
|---|---|---|
| Account creation and authentication | Email, password / Apple token, JWT, username | Performance of contract |
| Voice capture processing and transcription | Audio files, transcripts | Performance of contract |
| AI extraction (summaries, insights, companion responses) | Transcript text, personalization settings | Performance of contract |
| Storing text, link, and image captures | Text, URLs, images | Performance of contract |
| Calendar sync for scheduling context | Calendar event data | Performance of contract |
| Task, goal, and habit tracking | Task/goal/habit data | Performance of contract |
| AI personalization | Personality settings, custom instructions | Performance of contract |
| Product analytics (PostHog) | User ID (UUID), behavioral events | Legitimate interests |
| Error monitoring and performance tracing (Sentry) | User ID (UUID), request metadata, errors | Legitimate interests |
| Service improvement using aggregated analytics | Anonymized/aggregated usage data | Legitimate interests |
| AI cost management (token usage tracking) | Token counts per capture | Legitimate interests |
Where we rely on legitimate interests, you have the right to object to that processing. See the "your rights" section below.
Service Improvement
We use aggregated and anonymized analytics data to understand how users interact with the Service, to identify areas for improvement, and to develop new features. This processing is based on data that does not identify individual users.
We do not use the content of your individual captures, transcripts, or AI responses to train AI models or to improve our AI systems. Our AI processing is performed via third-party APIs (Amazon Bedrock, Groq, OpenAI), and those providers' policies govern whether inference data is used for their own model improvement. As of the date of this policy, none of our AI providers use API-submitted data for model training by default.
Third-Party Services That Receive Your Data
The following third parties process personal data on our behalf as data processors. We do not sell your personal data and do not share it with advertising networks, data brokers, or any third party for their own marketing purposes.
| Service | Data received | Purpose |
|---|---|---|
| Supabase | Email, auth credentials, all structured app data (captures, tasks, goals, habits, settings) | Authentication and database |
| AWS S3 | Audio files, images | File storage (eu-central-1) |
| AWS Bedrock | Transcript/text content, personalization settings | AI processing (no model training) |
| Groq | Audio file data (no user ID) | Primary speech-to-text |
| OpenAI | Audio file data (fallback only) | Fallback speech-to-text |
| Apple Speech | Audio data (when on-device STT unavailable) | On-device / server-assisted STT |
| Railway | API request/response traffic | Backend hosting |
| PostHog | User ID (UUID), behavioral events, search queries, link URLs | Product analytics |
| Sentry | User ID (UUID), error context, request metadata | Error monitoring |
International Data Transfers
Our servers and third-party processors are located in the United States and the European Union (AWS eu-central-1). If you are located in the EEA or Switzerland, your data may be transferred to and processed in countries that do not provide an equivalent level of data protection.
Where such transfers occur, we rely on appropriate safeguards including the EU Standard Contractual Clauses (and the Swiss equivalent where applicable) entered into with our processors. You may request information about the specific transfer mechanisms we use by contacting us at the email listed in the "contact" section below.
Data Retention
We retain your personal data for as long as your account is active. When you delete your account, we delete your application data (captures, tasks, goals, habits, settings, and associated files) as described in the "account deletion" section below.
Analytics data sent to PostHog and error data sent to Sentry are subject to those services' own retention policies once transmitted to them.
Account Deletion
You can delete your account from within the app at Settings > Delete account. On deletion, we delete your captures, tasks, goals, habits, settings, and associated audio and image files from our servers.
Analytics and error monitoring records already transmitted to PostHog and Sentry are not recalled upon account deletion.
Certain preferences stored locally on your device may persist until you uninstall the app.
We aim to provide a data export feature within the app. Until that is available, you may request a copy of your data by contacting us at the email listed in the "contact" section below.
Security
We implement technical and organisational measures to protect your personal data. These include:
- All data in transit is encrypted using HTTPS/TLS. No unencrypted HTTP connections are permitted by the app.
- Authentication tokens (JWT) are stored exclusively in your device's secure Keychain, never in unprotected local storage.
- Tokens are validated on every API request using ES256 asymmetric signature verification against Supabase's JWKS endpoint, including audience claim checks.
- On 401 Unauthorized responses, the app automatically attempts a session refresh before retrying, reducing exposure from expired tokens.
- Audio and image files are stored in a private S3 bucket. Access is granted only via time-limited presigned URLs (default 1 hour, maximum 24 hours). No files are publicly accessible.
- File uploads are validated against an allowlist of permitted MIME types (audio: M4A, MP3, WAV, WebM, OGG; images: JPEG, PNG, GIF, WebP, HEIC) and verified using magic byte inspection, not just filename extension.
- Upload size is capped at 100 MB for audio and 10 MB for images.
- All API request payloads are validated using strict schema models. Only explicitly permitted fields are accepted; unknown fields are rejected.
- Custom instructions entered by users are screened by an AI model for prompt injection and jailbreak attempts before storage.
- CORS is configured with an explicit allowlist of permitted origins; null-origin requests are blocked.
- Rate limiting is applied to capture uploads and search requests per user.
- Server-side credentials (database keys, AI API keys, file storage credentials) are stored in environment variables and are never included in or derivable from the iOS application binary.
- Internal error details, stack traces, and system information are never returned in user-facing API responses.
No security measure is perfect. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.
Your Rights (EEA and Switzerland)
If you are located in the EEA or Switzerland, you have the following rights under the GDPR and nFADP:
- Access — you may request a copy of the personal data we hold about you.
- Rectification — you may ask us to correct inaccurate data.
- Erasure — you may ask us to delete your personal data. You can exercise this directly by deleting your account in-app, or by contacting us.
- Restriction — you may ask us to restrict processing of your data in certain circumstances.
- Portability — you have the right to receive your personal data in a structured, machine-readable format. Contact us to request this.
- Objection — you may object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
To exercise any of these rights, contact us at privacy@bygen-ai.com. We will respond within 30 days (extendable to 60 days for complex requests). We may ask you to verify your identity before responding.
You also have the right to lodge a complaint with your local supervisory authority. For EEA users, this is the data protection authority in your member state. For Swiss users, this is the Federal Data Protection and Information Commissioner (FDPIC).
Your Rights (United Kingdom)
UK users have equivalent rights under the UK GDPR. The relevant supervisory authority is the Information Commissioner's Office (ICO): ico.org.uk.
California Residents (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, disclose, and sell; the right to delete your personal information; the right to correct inaccurate personal information; and the right to opt out of the sale or sharing of personal information.
We do not sell personal information and do not share personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes beyond those necessary to provide the Service.
To exercise your rights, contact us at privacy@bygen-ai.com.
Contact
Privacy enquiries and data subject rights requests:
If you have any questions regarding the processing of your personal data by us and the associated rights, you can contact the relevant data protection contact person via email at privacy@bygen-ai.com.
Changes to This Policy
We will post any changes to this policy at this URL and update the "Last updated" date. For material changes, we will notify you within the app or by email. Continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.