Privacy Policy

Effective May 18, 2026

Gravitas ("we", "our", "us") is a speech coaching app that helps you improve your public speaking through AI-powered feedback. This policy explains what data we collect, how we use it, and your rights.

Microphone Access

Gravitas requires access to your device's microphone to record your speech for coaching analysis. The app only records when you tap the record button — there is no background or always-on listening. You can revoke microphone access at any time in iOS Settings → Privacy & Security → Microphone, after which recording features will not work.

What We Collect

• Account information — Your name and email address when you create an account.
• Speech recordings — Audio you record during practice sessions. Recordings are sent through our servers to transcription and analysis providers (see "Third-Party Services" below). The audio file itself is also saved on your device so you can replay sessions; you can clear it by deleting individual sessions or your account. We do not retain the audio on our servers after analysis completes.
• Transcripts and prosodic metrics — The text transcript of your recording plus derived signals (filler counts, pacing, pitch, pause patterns) used to generate coaching feedback.
• Session data — Scores, feedback, and metadata from your practice sessions (e.g., words per minute, filler word counts, coaching notes).
• Subscription status — Whether you have an active subscription, managed through Apple and RevenueCat.
• Usage data — Basic app usage patterns such as session frequency and feature engagement.

How We Use Your Data

• Analyze your speech and provide personalized coaching feedback.
• Track your progress over time.
• Manage your subscription and account.
• Improve the app experience.

Third-Party Services

We use the following services to operate Gravitas. All audio and transcript data is transmitted over encrypted (HTTPS/TLS) connections. Each call from our app is proxied through our own server-side functions — your audio never goes to these vendors directly from your device, and we never share API keys with the iOS client.

• Supabase (database, authentication, server-side functions) — Stores your account, profile, session metadata, and subscription state. Data is protected by row-level security so only you can read your records. Hosted in the United States. Audio recordings are not stored in our database; they flow through our edge functions to the transcription providers below and are discarded after analysis.
• AssemblyAI (primary speech-to-text) — Your audio recording is uploaded for transcription with disfluencies (um, uh, etc.) preserved for coaching analysis. AssemblyAI does not retain your audio after the transcript is returned.
• OpenAI (Whisper API — fallback speech-to-text) — Used when AssemblyAI is unavailable. Per OpenAI's API data policy, API inputs are not used to train OpenAI models and are retained for up to 30 days for abuse monitoring before deletion.
• Anthropic (Claude API — coaching analysis) — Receives your transcript plus prosodic metrics (not audio) and returns scores and coaching feedback. Per Anthropic's commercial terms, API inputs are not used to train Anthropic models.
• ElevenLabs (text-to-speech — spoken coach feedback) — Receives only the generated coaching text (no audio, no transcript) and returns synthesized audio of the coach reading that feedback. Your voice is never cloned, sampled, or used to generate any voice.
• RevenueCat (subscription management) — Handles purchase validation and entitlement tracking. Receives your anonymous app user ID and Apple receipt data.
• Apple (in-app purchases, Sign in with Apple) — Processes payments and, if you choose Sign in with Apple, provides authentication. We do not see or store your payment details.
• Google (Sign in with Google, optional) — Provides authentication if you choose this sign-in method. We receive your name and email address only if you choose this sign-in method.

Data Retention & Local Storage

• Audio recordings (server side): Processed by our edge functions in memory and discarded once transcription and analysis are complete. Not retained on our servers.
• Audio recordings (your device): A copy of each recording is kept locally so you can replay past sessions. Older recordings are automatically cleaned up to free space, and you can remove all of them by deleting individual sessions or your account.
• iCloud backup: Your audio recordings are stored in a directory marked as excluded from iCloud backup. They stay on the device they were recorded on and are not synced to iCloud or transferred to other devices.
• Encryption at rest: Audio files on your device are protected by iOS file protection (completeUntilFirstUserAuthentication), which encrypts them when the device is locked.
• Session metadata: Transcripts, scores, feedback text, and timestamps are kept in your Gravitas account until you delete the session or your account.
• Authentication tokens: Stored in the iOS Keychain on your device; never written to plaintext storage.

Account Deletion

You can permanently delete your account from Profile → Delete Account in the app. Confirming deletion will:

• Immediately delete your authentication record from Supabase, which cascades to all your stored sessions, profiles, and metadata.
• Wipe local data on the device you initiated the deletion from.
• Cancel your access to the app. Subscriptions are managed by Apple — to also cancel a paid subscription you must do so in iOS Settings → Apple ID → Subscriptions.

If you can't access the app for any reason, you may also email christian@gravitasvoice.com to request deletion.

Your Rights

Depending on where you live, you may have rights regarding your personal data, including:

• Access — Request a copy of the data we hold about you.
• Correction — Ask us to correct inaccurate personal data.
• Deletion — Delete your account in-app at any time, or email us to request deletion.
• Portability — Request your session data in a machine-readable format.
• Objection — Object to certain processing of your personal data.

To exercise any of these rights, email christian@gravitasvoice.com. If you are in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.

International Data Transfers

Our servers (Supabase) and AI providers (AssemblyAI, OpenAI, Anthropic, ElevenLabs) are located in the United States. By using Gravitas, you understand that your data may be processed in countries other than your own. Where required (e.g., EU/UK), we rely on Standard Contractual Clauses for international transfers.

Children

Gravitas is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Security

• All network traffic uses TLS (HTTPS).
• Authentication tokens are stored in the iOS Keychain, never in plaintext.
• Database access is restricted by Supabase row-level security — your account can only read its own rows.
• AI provider API keys (AssemblyAI, OpenAI, Anthropic, ElevenLabs) are held server-side and never shipped in the iOS app.
• Edge functions enforce per-user rate limits to mitigate abuse.

No system is perfectly secure. If you discover a vulnerability, please report it to christian@gravitasvoice.com.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.

Contact

Gravitas is operated by Christian Guba (sole proprietor). Questions, requests, or complaints about this policy:

• Email: christian@gravitasvoice.com

If you are in the EU, this address also serves as our contact for GDPR-related requests.