Privacy Policy

Effective June 13, 2026

Gravitas ("we", "our", "us") is a speech coaching app that helps you improve your public speaking through AI-powered feedback. This policy explains what data we collect, how we use it, and your rights.

Microphone Access

Gravitas requires access to your device's microphone to record your speech for coaching analysis. The app only records when you tap the record button, there is no background or always-on listening. You can revoke microphone access at any time in iOS Settings → Privacy & Security → Microphone, after which recording features will not work.

What We Collect

• Account information: Your name and email address when you create an account.
• Account identifier: A user ID assigned to your account so we can associate your sessions and settings with you.
• Speech recordings: Audio you record during practice sessions. Recordings are sent through our servers to transcription and analysis providers (see "Third-Party Services" below). The audio file itself is also saved on your device so you can replay sessions; you can clear it by deleting individual sessions or your account. We do not retain the audio on our servers after analysis completes.
• Transcripts and prosodic metrics: The text transcript of your recording plus derived signals (filler counts, pacing, pitch, pause patterns) used to generate coaching feedback.
• Session data: Scores, feedback, and metadata from your practice sessions (e.g., words per minute, filler word counts, coaching notes).
• Subscription status: Whether you have an active subscription, managed through Apple and RevenueCat.
• Usage data: Coarse, anonymous usage events such as which onboarding step you viewed, whether a practice analysis succeeded, and feature engagement. These events carry no names, emails, recordings, or transcripts.
• Diagnostics and crash data: When the app hits an error or crashes, we collect technical diagnostics (error type, a stack trace, device model, OS and app version, and an anonymous per-install identifier) to find and fix the problem. If you fill in the optional feedback form when leaving, the note you write is included so we can act on it. Diagnostics never include your recordings or transcripts.

How We Use Your Data

• Analyze your speech and provide personalized coaching feedback.
• Track your progress over time.
• Manage your subscription and account.
• Diagnose crashes and fix bugs.
• Improve the app experience.

Your Consent and Permission

Before any recording, transcript, or derived metric leaves your device, Gravitas asks for your explicit permission inside the app. The first time you start a coaching session, we show a consent screen that names the companies that process your data (OpenAI and Anthropic, with ElevenLabs used only as a backup voice service) and explains what is sent to each. No audio, transcript, or metric is sent to any third party until you agree on that screen.

You can withdraw your consent at any time. Open the Profile tab, tap "AI & Data Sharing," and choose "Withdraw consent." After you withdraw consent, we stop sending new recordings and transcripts to these providers. Sessions you already completed remain in your history until you delete them.

If you decline, you can still use the rest of the app, but the coaching feature cannot run, because transcription and analysis require sending your recording to these providers. You can grant consent later from the same screen to start using coaching.

Third-Party Services

We use the following services to operate Gravitas. We share only what each company needs to perform its function, and we do not sell your personal data. All audio and transcript data is transmitted over encrypted (HTTPS/TLS) connections. Each call from our app is proxied through our own server-side functions, your audio never goes to these vendors directly from your device, and we never share API keys with the iOS client. Each company listed below is contractually bound to provide the same or equal protection of user data as is stated in this Privacy Policy, and to use the data only to perform services for Gravitas.

• Supabase (database, authentication, server-side functions): Stores your account, profile, session metadata, and subscription state. Data is protected by row-level security so only you can read your records. Hosted in the United States. Audio recordings are not stored in our database; they flow through our edge functions to the transcription providers below and are discarded after analysis.
• OpenAI (speech-to-text, audio delivery assessment, text-to-speech): Your audio recording is sent for transcription (Whisper, with disfluencies like um and uh preserved for coaching analysis) and for a qualitative delivery assessment by an audio model that listens to the recording to evaluate tone, pacing, and delivery. OpenAI also synthesizes the spoken coach feedback from the generated coaching text. Per OpenAI's API data policy, API inputs are not used to train OpenAI models and are retained for up to 30 days for abuse monitoring before deletion.
• Anthropic (Claude API, coaching analysis): Receives your transcript plus prosodic metrics (not audio) and returns scores and coaching feedback. Per Anthropic's commercial terms, API inputs are not used to train Anthropic models.
• ElevenLabs (backup text-to-speech, spoken coach feedback): Used when OpenAI's voice service is unavailable. Receives only the generated coaching text (no audio, no transcript) and returns synthesized audio of the coach reading that feedback. Your voice is never cloned, sampled, or used to generate any voice.
• Sentry (crash and error monitoring): When the app crashes or hits an error, Sentry receives technical diagnostics (stack trace, device model, OS and app version) along with the trail of coarse in-app events that preceded it, tied to an anonymous per-install identifier. We disable Sentry's default personal-data collection, so your IP address and username are not attached. It also receives the optional note you submit in the leave-feedback form. Sentry does not receive your recordings or transcripts. Hosted in the European Union (Germany).
• TelemetryDeck (product analytics): Receives coarse, privacy-preserving usage events (for example, which onboarding step you viewed, whether a purchase completed, and a practice session's score and duration) tied to a random identifier generated on your device. It never receives your name, email, recordings, or transcripts. Hosted in the European Union (Germany).
• RevenueCat (subscription management): Handles purchase validation and entitlement tracking. Receives your anonymous app user ID and Apple receipt data.
• Apple (in-app purchases, Sign in with Apple): Processes payments and, if you choose Sign in with Apple, provides authentication. We do not see or store your payment details.
• Google (Sign in with Google, optional): Provides authentication if you choose this sign-in method. We receive your name and email address only if you choose this sign-in method.

Data Retention & Local Storage

• Audio recordings (server side): Processed by our edge functions in memory and discarded once transcription and analysis are complete. Not retained on our servers.
• Audio recordings (your device): A copy of each recording is kept locally so you can replay past sessions. Older recordings are automatically cleaned up to free space, and you can remove all of them by deleting individual sessions or your account.
• iCloud backup: Your audio recordings are stored in a directory marked as excluded from iCloud backup. They stay on the device they were recorded on and are not synced to iCloud or transferred to other devices.
• Encryption at rest: Audio files on your device are protected by iOS file protection (completeUntilFirstUserAuthentication), which encrypts them when the device is locked.
• Session metadata: Transcripts, scores, feedback text, and timestamps are kept in your Gravitas account until you delete the session or your account.
• Authentication tokens: Stored in the iOS Keychain on your device; never written to plaintext storage.

Account Deletion

You can permanently delete your account from Profile → Delete Account in the app. Confirming deletion will:

• Immediately delete your authentication record from Supabase, which cascades to all your stored sessions, profiles, and metadata.
• Wipe local data on the device you initiated the deletion from.
• Cancel your access to the app. Subscriptions are managed by Apple, to also cancel a paid subscription you must do so in iOS Settings → Apple ID → Subscriptions.

If you can't access the app for any reason, you may also email christian@gravitasvoice.com to request deletion.

Your Rights

Depending on where you live, you may have rights regarding your personal data, including:

• Access: Request a copy of the data we hold about you.
• Correction: Ask us to correct inaccurate personal data.
• Deletion: Delete your account in-app at any time, or email us to request deletion.
• Portability: Download a machine-readable copy of your data yourself from Profile → Download My Data, or request it by email.
• Objection: Object to certain processing of your personal data.

To exercise any of these rights, email christian@gravitasvoice.com. If you are in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.

International Data Transfers

Our servers (Supabase) and AI providers (OpenAI, Anthropic, ElevenLabs) are located in the United States. Our diagnostics and analytics providers (Sentry, TelemetryDeck) process data in the European Union (Germany). By using Gravitas, you understand that your data may be processed in countries other than your own. Where required (e.g., EU/UK), we rely on Standard Contractual Clauses for international transfers.

Children

Gravitas is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Security

• All network traffic uses TLS (HTTPS).
• Authentication tokens are stored in the iOS Keychain, never in plaintext.
• Database access is restricted by Supabase row-level security, your account can only read its own rows.
• AI provider API keys (OpenAI, Anthropic, ElevenLabs) are held server-side and never shipped in the iOS app.
• Edge functions enforce per-user rate limits to mitigate abuse.

No system is perfectly secure. If you discover a vulnerability, please report it to christian@gravitasvoice.com.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.

Contact

Gravitas is operated by Christian Guba (sole proprietor). Questions, requests, or complaints about this policy:

• Email: christian@gravitasvoice.com

If you are in the EU, this address also serves as our contact for GDPR-related requests.