The Vocal Recall app will require access to your microphone in order to record audio. This audio is then sent to our server over a secure connection, where it is stored securely in an encrypted format. You have the right at any time to delete this audio permanently from our server by accessing your history list and deleting the audio. Your audio will not be shared with any third parties.
Your audio files are encrypted on your phone before upload to our servers, and decrypted on the recipient's device when listening.
The encryption keys for decrypting the audio are stored in the URL in the QR-code, and not on our servers. We do store a "hash" generated from each key, which we use to secure our servers and make sure that they are only being used in conjunction with our official QR-codes. It is not possible to work back from these hashes to the original keys they were based on.
In some rare situations, the encryption may be compromised while audio is being listened to, and for this reason the encryption should be treated as a precaution rather than a cast-iron guarantee of privacy. These situations include:
- Some QR-code readers expose the encryption key to our servers during playback. We have yet to find a QR-code reader that does this and still plays the audio back successfully.
- If there is an error playing the audio back, our error-tracking software will capture all of the data associated with the QR-code, including the encryption key.
File storage location
All of our data is stored in the UK; most is in Amazon's London data-centre, although some is stored on a server in a secure underground bunker just outside London.
In order to send QR codes by email we require your email address, which we keep in our database until the codes have been sent, at which point we delete it, unless you opted into our 'important updates' newsletter when ordering the codes.
If you opt into the newsletter, and subsequently opt out of it, we will delete your email address when you opt out. Note that we store backups of our database, once a day, going back seven days, so if you remove yourself from the newsletter, your email address will still be present in one or more of our daily backups for seven days. Also note that, even if you do not opt into the newsletter, there is a small chance that your email address will be included in the backup, if we take that backup in the short time between your order coming in, and the QR-codes being sent out.
We store an anonymised user-identifier with each audio file, to allow us to generate aggregate statistics about how many users we have, and how much they are using the app (this helps us with necessary business activities such as fund-raising). The identifier contains no information that could be used to find out anything about the user (for example, not their name or email address), except for which recordings they uploaded.
We also store the date and time that each recording was uploaded, in unencrypted format.
All users are able to delete their recordings, and associated data, at any time, using the delete feature in the history section of the app. This completely removes the recording from our system.
As a safety measure, we recommend that users do not use students' full names to name their recordings. This protects their students' identities in the case of lost-device (we do not store recordings' names anywhere apart from on our users' devices).
As is standard for internet-based services, parts of our infrastructure (such as servers, but not necessarily limited to servers) log details of incoming connections, including the IP address.
Terms and Conditions
- Any content that you upload to the Vocal Recall server must comply with copyright law.
- Do not store any confidential or sensitive information on the Vocal Recall server as it can be accessed by anyone who has the QR code and this should not be seen as a secure means of sending information.
- The name Vocal Recall and the branding for Vocal Recall are trademarked and may not be used without our express permission. Please email email@example.com with any questions regarding this.