An App Idea LLC ("we," "us," or "our") operates The Yap App (the "App"). This Privacy Policy explains what information we collect, how we use and protect it, and your rights regarding your personal data.
By creating an account or using the App, you agree to the practices described in this policy.
Information We Collect
1.1 Account and Profile Data
When you register, we collect:
- Email address — if you sign in with email and password
- Name or display name — optional, provided during profile setup
- Authentication provider — email, Google, or Apple
- Username — auto-generated at registration; you may update your display name later
- User number — a unique, immutable identifier used to connect with other users
1.2 Conversation and Translation Content
- Message text — original and translated versions of every message you send or receive
- Audio recordings — voice recordings you make inside the App for transcription and translation
- Detected and selected languages — source and target languages for each message
- Sign Scanner images — photos you take or choose from your library for OCR-based translation (compressed on-device before processing; the original photo is not uploaded)
- Scan history — saved results from Sign Scanner sessions
1.3 Voice Cloning Data (Pro Tier)
If you choose to use Voice Cloning:
- Voice sample audio files you record
- Cloned voice metadata — name, processing status, sample count, total duration, and the third-party voice ID assigned by ElevenLabs
Voice samples and cloned voices are processed and stored by ElevenLabs on our behalf. See Section 5 for details.
1.4 Usage and Preference Data
- Translation counts — daily usage of translations and TTS generation, used to enforce plan limits
- Settings — target language, selected voice, and color theme preference
- Contacts and connection requests — display names, user numbers, and relationship status (connected, blocked, muted, custom alias)
- Presence signals — approximate last-active timestamp and which conversation you are currently viewing; visible only to contacts and used solely to show "online" indicators
- Discoverability signals — if you activate the "broadcast availability" feature, a short-lived discoverability record is visible to nearby users for up to 15 minutes
- Performance telemetry — anonymized timing data from translation pipeline stages (no message content, no personal identifiers)
1.5 Push Notification Token
If you grant notification permission, we store your device's Expo push token to deliver new-message alerts from your contacts.
1.6 Support Messages and User Reports
- Support messages — subject line, message body, and email address you provide when contacting support
- User reports — if you report another user, we record your user ID, the reported user's ID, the reason selected, any additional details you provide, and the relevant message ID if applicable
How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide transcription, translation, and TTS | Message text, audio recordings, scan images, language selections |
| Deliver real-time remote conversations | Message content, typing indicators, presence, read receipts |
| Enforce subscription plan limits | Daily translation and TTS counts, subscription tier |
| Send push notifications | Push token, sender display name |
| Voice cloning (Pro) | Voice sample audio, cloned voice metadata |
| Show your profile to contacts | Display name, user number, default language, privacy mode |
| Account security and fraud prevention | Authentication data, subscription status |
| Respond to support requests | Support message content, email |
| Moderate content and enforce Community Guidelines | User reports, flagged messages, admin audit log |
| Anonymized performance monitoring | Pipeline timing telemetry |
We do not use your conversation content, voice recordings, or scan images for advertising or to train general-purpose AI models.
Data Storage
Your data is stored in the following systems:
- Google Cloud Firestore — user accounts, remote conversations, contacts, preferences, subscription data, and presence. Data resides in the United States by default.
- Google Cloud Storage — audio recordings you make, synthesized speech files, and remote conversation audio clips.
- On-device storage (AsyncStorage) — local conversations, scan history, settings, and translation cache. This data never leaves your device unless you start a remote conversation.
Device Permissions
| Permission | Why We Need It |
|---|---|
| Microphone | Recording speech for translation; Live Mode hands-free translation; Voice Cloning sample recording |
| Camera | Sign Scanner (photograph text for translation); QR code scanning to connect with contacts |
| Photo Library | Selecting existing photos for Sign Scanner |
| Push Notifications | Alerting you when contacts send you messages |
You can revoke any permission at any time in your device Settings. Revoking microphone access disables recording-based translation and Live Mode. Revoking notifications disables message alerts but does not affect other App features.
Third-Party Services
All AI processing occurs server-side through Firebase Cloud Functions — no third-party AI provider API keys are present in the App itself. The following services receive data as necessary to fulfill their function:
| Service | Provider | Data Received | Purpose |
|---|---|---|---|
| Firebase Authentication | Email address, OAuth tokens | Account sign-in (email, Google, Apple) | |
| Cloud Firestore and Cloud Storage | User data, messages, audio files | Storage, real-time sync | |
| Google Gemini | Audio, text, images | Speech-to-text, text translation, image OCR | |
| Groq (Llama 3.3 70B) | Groq | Text | Streaming text translation |
| Deepgram (Nova-3) | Deepgram | Audio stream | Real-time streaming speech-to-text |
| ElevenLabs | ElevenLabs | Text, voice sample audio | Text-to-speech synthesis and voice cloning |
| RevenueCat | RevenueCat | User ID, purchase events | Subscription management |
| Expo / EAS | Expo | Device push token | Push notification delivery |
Each provider operates under its own privacy policy:
- Google / Firebase: policies.google.com/privacy
- Groq: groq.com/privacy-policy
- Deepgram: deepgram.com/privacy
- ElevenLabs: elevenlabs.io/privacy
- RevenueCat: revenuecat.com/privacy
- Expo: expo.dev/privacy
Data Sharing
We do not sell your personal data to third parties. We share data only:
- With the third-party service providers listed in Section 5, strictly to operate the App
- With your conversation partners, who receive the translated versions of your messages and, in remote conversations, your display name and selected language
- If required by law, court order, or to protect the rights, property, or safety of An App Idea LLC, its users, or the public
Data Retention and Deletion
- Account and profile data is retained for as long as your account is active.
- Local-only data (conversations created without a remote partner, scan history) remains on your device until you delete the App or clear its data.
- Remote conversations are retained until you or your conversation partner deletes them, or until your account is deleted.
- Voice clones are deleted from our servers and from ElevenLabs when you delete them in the App or when your account is removed.
- Support messages and reports are retained for as long as necessary to resolve the matter.
To delete your account, contact us at hello@anappidea.llc. We will delete your Firestore documents, Cloud Storage files, and Firebase Authentication record within 30 days. Some anonymized, aggregated data may be retained in de-identified form.
Children's Privacy
The App is not directed to children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us personal information without appropriate consent, please contact us immediately and we will promptly delete it.
Security
We implement industry-standard measures to protect your information:
- All data in transit is encrypted with HTTPS/TLS
- Firebase Security Rules restrict each user to accessing only their own data
- AI provider API keys are stored exclusively as Firebase Cloud Functions secrets — they are never embedded in the App
- Real-time streaming sessions use short-lived tokens minted by our server that expire within minutes
- All privileged administrative actions are recorded in a tamper-evident audit log
No system is completely secure. If you discover a potential security vulnerability, please contact us at the address in Section 12.
Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your account and associated personal data
- Data portability — receive a machine-readable copy of your data
- Object or restrict certain processing activities
To exercise any of these rights, contact us as described in Section 12. We will respond within 30 days.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above. If we make material changes, we will notify you through the App or by email before the changes take effect. Continued use of the App after changes constitutes your acceptance of the revised policy.
Contact Us
An App Idea LLC
Email: hello@anappidea.llc
Website: yap-united.app