Vocal Recall Privacy Policy, Terms and Conditions

Privacy policy

Recording Audio

The Vocal Recall app will require access to your microphone in order to record audio. This audio is then sent to our server over a secure connection, where it is stored securely in an encrypted format. You have the right at any time to delete this audio permanently from our server by accessing your history list and deleting the audio. Your audio will not be shared with any third parties.

Encryption

Your audio files are encrypted on your phone before upload to our servers, and decrypted on the recipient's device when listening.

The encryption keys for decrypting the audio are stored in the URL in the QR-code, and not on our servers. We do store a "hash" generated from each key, which we use to secure our servers and make sure that they are only being used in conjunction with our official QR-codes. It is not possible to work back from these hashes to the original keys they were based on.

In some rare situations, the encryption may be compromised while audio is being listened to, and for this reason the encryption should be treated as a precaution rather than a cast-iron guarantee of privacy. These situations include:

File storage location

All of our data is stored in the UK; most is in Amazon's London data-centre, although some is stored on a server in a secure underground bunker just outside London.

User Data

Email addresses

In order to send QR codes by email we require your email address, which we keep in our database until the codes have been sent, at which point we delete it, unless you opted into our 'important updates' newsletter when ordering the codes.

If you opt into the newsletter, and subsequently opt out of it, we will delete your email address when you opt out. Note that we store backups of our database, once a day, going back seven days, so if you remove yourself from the newsletter, your email address will still be present in one or more of our daily backups for seven days. Also note that, even if you do not opt into the newsletter, there is a small chance that your email address will be included in the backup, if we take that backup in the short time between your order coming in, and the QR-codes being sent out.

Recordings

Meta-data

We store an anonymised user-identifier with each audio file, to allow us to generate aggregate statistics about how many users we have, and how much they are using the app (this helps us with necessary business activities such as fund-raising). The identifier contains no information that could be used to find out anything about the user (for example, not their name or email address), except for which recordings they uploaded.

We also store the date and time that each recording was uploaded, in unencrypted format.

Deleting

All users are able to delete their recordings, and associated data, at any time, using the delete feature in the history section of the app. This completely removes the recording from our system.

Advice

As a safety measure, we recommend that users do not use students' full names to name their recordings. This protects their students' identities in the case of lost-device (we do not store recordings' names anywhere apart from on our users' devices).

Server logs

As is standard for internet-based services, parts of our infrastructure (such as servers, but not necessarily limited to servers) log details of incoming connections, including the IP address.

Terms and Conditions

Vocal Recall Home