Only the information needed to run the service is collected. It falls into the categories below:

Account details

• Email address and authentication method (Google sign-in or email/password).
• Display name and optional profile photo supplied through authentication providers.
• Account creation date and status.

Scripts and audio

• Text content submitted for rendering is held temporarily to create audio. Truncated excerpts may persist in technical trace and cache metadata for diagnostics and performance optimization under applicable retention windows.
• Voice selections, render timestamps, and file metadata.
• Generated audio retention varies by account tier: free and pay-as-you-go audio is short-lived (approximately 24 hours); subscriber, enterprise, and admin audio is retained per the account storage policy until removed or the account is closed. Signed URL expiry is separate from storage duration.

Billing information

• Payments are handled by our merchant-of-record and payment partners (currently Polar; processors may change). No card numbers are stored in AI TTS Microservice.
• Transaction IDs, charge status, and credit usage are retained for accounting.

Technical diagnostics

• IP address, device, browser, and operating system information.
• Event logs, error reports, and usage analytics needed to operate and secure the service.

Voice analytics

• Per-event tracking of voice previews and generations: voice ID, language, model type (premium/ultra), source (preview/generation).
• User ID (when logged in) and session ID for usage patterns and abuse prevention.
• Cache hit status and model details for performance optimization.
• Event data retained for 30 days; aggregated rollups retained for 90 days.

Google Analytics (GA4)

• Analytics cookies are only collected after explicit consent via the consent banner.
• Data collected includes: pages visited, session duration, device/browser info, and anonymized IP address.
• No personally identifiable information (PII) is sent to Google Analytics.
• You can reject or withdraw consent at any time using the "Manage cookies" link in the footer, which opens your cookie preferences.

Mixpanel Analytics

• Mixpanel is used for product analytics to understand feature usage and improve the service.
• Same consent rules as GA4: analytics only initialize after you accept the consent banner.
• Data collected includes: feature interactions, voice selections, generation events, and error rates.
• Pseudonymous identifiers (hashed user IDs) are used—no email or raw user IDs are sent.
• You can reject or withdraw consent at any time using the "Manage cookies" link in the footer, which opens your cookie preferences.

Bot protection and security

• Google reCAPTCHA v3 is used on forms (contact, registration) to prevent spam and abuse.
• reCAPTCHA collects browser information, IP address, cookies, and user interaction data.
• This data is processed by Google as a data processor on our behalf under applicable Google Cloud contractual terms. This processing is governed by this Privacy Policy and our Terms.

Data is processed under the following legal bases:

• Contract performance: Account creation, authentication, and text-to-speech rendering.
• Legitimate interests: Security monitoring, abuse prevention, and reliability logging.
• Consent: Google Analytics (GA4) and Mixpanel analytics, which only initialize after you accept the consent banner.
• Legal obligations: Tax, accounting, and regulatory retention requirements.

Information is used to keep the platform running smoothly and securely:

• Deliver text-to-speech rendering, downloads, and API features.
• Authenticate accounts, track usage, and manage credit balances.
• Provide support, answer questions, and maintain service quality.
• Monitor reliability, detect abuse, and improve performance.
• Comply with legal, tax, and regulatory requirements.

Different types of data are kept for different lengths of time:

• Submitted scripts are processed to generate audio. Truncated excerpts may persist in technical trace and cache metadata for diagnostics and performance under applicable retention windows (often up to 90 days, and longer where required for security or legal purposes).
• Generated audio retention is tiered: free and pay-as-you-go audio is short-lived (approximately 24 hours); subscriber, enterprise, and admin audio is retained per the account storage policy until removed or the account is closed.
• Account and billing records stay active while an account exists. When you close an account, personal details are removed except where law requires retention.
• Transaction and financial records are stored for seven years to satisfy accounting and tax obligations.
• Security logs and diagnostics are retained for up to 90 days unless extended for investigations.

Third-party providers help run AI TTS Microservice. They process data only to deliver the features listed below and must follow strong security practices.

• Firebase (Google): Authentication, database, hosting, and logging.
• AI/TTS infrastructure providers (currently Google Cloud; additional providers may be added): Text-to-speech rendering, storage, and infrastructure.
• Merchant-of-record / payment partners (currently Polar): Payment processing, tax collection, and billing. Processors may change.
• Google reCAPTCHA: Bot detection and spam prevention on forms. Data processed by Google as a data processor under Google Cloud contractual terms.
• Google Analytics (GA4): Usage analytics to understand how the service is used. Consent required via the consent banner.
• Mixpanel: Product analytics for feature usage insights. Consent required via the consent banner. No PII sent.

Information may also be disclosed if required by law or to protect the rights, property, or safety of the service and its users. There is no selling, renting, or trading of personal data for marketing.

Data can be processed in the United States, the European Union, and other regions where Google Cloud, Firebase, or our payment partners operate. Standard safeguards—such as contractual protections and encryption—are applied for these transfers.

Cookies fall into two categories:

Essential cookies (always active)

These are required for authentication, security, and core functionality. They cannot be disabled.

• Firebase Auth cookies: Maintain your authenticated session.
• va_session: Session identifier for voice analytics deduplication.
• analytics-consent: Stores your cookie preference choice.
• Google reCAPTCHA cookies: Bot detection on forms.

Analytics cookies (opt-in)

These are only set after you explicitly accept analytics via the consent banner or cookie preferences.

• Google Analytics (GA4): Pages visited, session duration, device info.
• Mixpanel: Feature interactions, voice selections, generation events.

You can manage or withdraw analytics consent at any time using the "Manage cookies" link in the footer, which opens your cookie preferences dialog.

You can exercise the following rights at any time:

• Request a copy of the personal data stored about you.
• Ask for corrections to inaccurate or incomplete information.
• Request deletion of your personal data where legally possible.
• Restrict or object to certain types of processing.
• Receive your data in a machine-readable format.
• Withdraw consent for optional processing at any time.
• Lodge a complaint with your local data protection authority.

Use the contact form to make a request. You will receive a response within 30 days, unless laws in your region require a faster reply.

Security is designed into the platform from the start. Measures include:

• All traffic uses HTTPS/TLS encryption in transit.
• Data at rest is encrypted within Google Cloud and Firebase.
• Strict access controls limit who can view operational systems.
• Regular dependency updates and security reviews.
• Automated monitoring to detect suspicious activity or abuse.
• Payment data is handled entirely by our merchant-of-record and payment partners, which maintain their own security and compliance certifications.

No method of transmission or storage is entirely risk-free, but the safeguards above are reviewed regularly to keep data protected.

The service is intended for users aged 13 or the minimum required age in your jurisdiction, whichever is higher. Accounts created by anyone younger will be removed once identified. Contact support through the contact form if you believe data has been collected from a child.

When this policy changes, the update date will be revised and a highlighted notice will appear on the site. You are encouraged to review the policy periodically to stay informed.

Questions about privacy or data handling? Use the contact form, and our team will respond.