Privacy Policy
Last updated: 11 July 2026
David Arthur Software ("DAS", "we", "our", "us") operates the DuoVox application (the "App"). This Privacy Policy explains what data the App collects, how it is used, how we protect it, and your rights. DAS is the data controller for all personal data processed in connection with the App.
Data Controller: David Arthur Software, Kirkbymoorside, York, YO62 6LJ, United Kingdom
Contact: info@duovox.net
This Privacy Policy forms part of our Terms of Use. Where David Arthur Software processes personal data, it does so in accordance with this policy and applicable data-protection law and retains its own data-protection (controller) responsibilities.
1. Information We Collect
Audio Data (Paid Tiers): When using online transcription (Standard, Professional, or Pay-As-You-Go), audio is captured from your device's microphone or internal audio and streamed in real time to third-party processing providers for transcription. Audio is processed in real time and is not stored by us. Our providers process it to return a result and may keep limited operational logs under their own privacy policies, which can change without notice — please review their policies. You are responsible for obtaining any consent required to record, transcribe, or translate a conversation.
Audio Data (Free Tier): When using offline transcription, all audio processing occurs entirely on your device using locally installed speech-recognition models. No audio data leaves your device.
Transcription and Translation Text: Transcribed and translated text is displayed in the App during your session. This data is held in device memory only and is cleared when you clear the session or close the App. For paid tiers, text may be sent to a processing provider for translation; it is processed in real time and is not stored by us.
Preferences and Settings: Your app settings (selected language, theme, audio source, subscription tier) are stored locally on your device. They are not transmitted to any server.
Diagnostic Logs: If you enable diagnostics, log files are stored locally on your device. You may choose to share these with us for support purposes, but they are never collected automatically.
2. Service Infrastructure Data
To manage subscriptions, prevent abuse, and deliver the service, our cloud infrastructure stores the following data associated with an anonymous device identifier:
- Subscription information: Your subscription tier, purchase verification tokens (hashed), and billing cycle dates
- Usage tracking: Minutes of AI usage consumed in the current billing cycle
- Device verification: App integrity verification results to prevent unauthorised access
- Session statistics: When a transcription session ends, the App sends a small technical summary to our infrastructure: app version, subscription tier, session length in minutes, whether on-device or online processing was used, and counts of any service errors. These summaries apply to all tiers, including the Free tier, and never include audio, transcriptions, translations, or any conversation content. We use them to monitor service health, plan capacity, and understand overall usage of the App.
This data is stored on our cloud infrastructure provider's globally distributed network. It does not include any audio, transcription text, translation text, or conversation content. Device identifiers are randomly generated and are not linked to your personal identity by us.
3. Third-Party Services and Sub-Processors
To deliver paid features, we use third-party processors disclosed below by category. We do not name individual providers in this policy because providers may change over time; a current list of the specific providers is available on request from info@duovox.net.
- Speech and translation processing providers: For paid tiers, audio is streamed to processing providers for transcription, and text may be sent for translation. These providers process data in real time under their own privacy policies and data-processing terms. Their policies may change without notice; we do not control and cannot guarantee provider behaviour, and we encourage you to review their policies.
- Cloud infrastructure provider: Our service infrastructure (subscription management, usage tracking, session statistics) runs on a third-party cloud platform. This provider processes data on our behalf under a data-processing agreement and may keep limited operational logs under its own policies.
- Advertising (Free tier): On Windows, the Free tier currently shows only our own in-app promotional messages; no third-party advertising network is used and no advertising cookies are set. On Android, where advertising is offered, banner and rewarded-video advertisements may be provided by an advertising network that may collect device identifiers and usage data for ad personalisation; you can manage ad personalisation in your device's settings.
- App-store billing: Subscription purchases are processed by the Microsoft Store (Windows) or Google Play (Android). Payment information is handled entirely by the relevant app store and is never accessed by DAS.
- On-device processing: The offline transcription and translation features run entirely on your device using locally installed models. No audio or text data leaves your device when using these features.
4. Data We Do NOT Collect
- We do not store audio recordings, transcription text, or translation text on our own servers
- We do not collect personal information such as your name, email or phone number (unless you contact us for support)
- We do not track your location
- We do not sell your data to third parties or share it with third parties for marketing
- We do not use third-party analytics or tracking SDKs in the App; the only usage data we collect is the first-party session statistics described in section 2 (and, on Android, what Free-tier advertising requires)
5. Data Storage and Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS) for all online connections, encryption of sensitive app settings stored on your device, holding only the minimum data needed to run the service, and restricting access to it. Session content (audio, transcriptions, translations) is held only in device memory during your session and is not stored on our own servers. Service infrastructure data is protected by encryption in transit and at rest. No method of transmission or storage is completely secure, but we take reasonable steps to protect your information.
6. Data Retention
We keep personal data only as long as necessary for the purposes set out in this policy:
- Service infrastructure / operational data (anonymous device identifier, usage minutes, device-verification data) — retained for up to 12 months after a subscription ends or is cancelled, to prevent fraud and resolve billing disputes.
- Session statistics (see section 2) — individual session summaries are kept on a rolling basis and automatically deleted, typically within 30 days and in any event within 12 months; after that only aggregate statistics (session counts and durations) that are not linked to any device are retained.
- Support correspondence — retained for up to 24 months.
- Audio and transcripts — processed in real time and not stored by us (see section 1).
- Settings and diagnostic logs — stored only on your device until you clear the App's data or uninstall; we hold none of it.
7. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or the United Kingdom, we process your data on the following legal bases:
- Contract performance: Processing subscription data, usage tracking, and delivering the service you have subscribed to (Article 6(1)(b) GDPR)
- Legitimate interests: Preventing fraud and abuse, ensuring service integrity, maintaining security, and monitoring service health and aggregate usage through anonymous session statistics (Article 6(1)(f) GDPR)
- Consent: Displaying personalised advertisements on the Free tier (Article 6(1)(a) GDPR). You may withdraw consent at any time through your device's ad-personalisation settings.
- Explicit consent: Where audio or text you choose to process may contain special-category information, we rely on your explicit consent (see section 8).
8. Special-Category Data
DuoVox is a general-purpose tool and is not intended for special-category data (such as health, legal, religious, or other sensitive details). You are responsible for any sensitive information you choose to process through the App; where such information is processed, we rely on your explicit instruction and consent. You are also responsible for obtaining any consent required to record, transcribe, or translate a conversation. DuoVox is an assistive aid and is not a substitute for a qualified human interpreter; it should not be relied on for regulated medical or legal purposes.
9. International Data Transfers
Paid tiers stream audio and text to third-party processing providers, and our service infrastructure runs on a cloud platform, whose servers may be located outside the UK/EEA (including, potentially, the United States). Where personal data is transferred outside the UK/EEA, it is subject to appropriate safeguards as required by data-protection law. We do not store this audio ourselves; providers process it to return a result and may keep limited operational logs under their own privacy policies, which can change without notice.
10. Your Rights
You have control over your data. Depending on your jurisdiction, you may have the following rights:
- Clear all session data at any time using the Clear button in the App
- Delete diagnostic logs from your device storage
- Uninstall the App to remove all locally stored data
- Request access to, correction of, or deletion of your service infrastructure data by contacting us
- Object to or request restriction of processing of your data
- Request portability of your data in a structured, machine-readable format
- Withdraw consent for ad personalisation at any time through your device settings
To exercise any of these rights, contact info@duovox.net. We will respond within one month (extendable by up to two further months for complex requests, and we will tell you if so). We may need to verify your identity first. There is no fee unless a request is manifestly unfounded or excessive. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local data-protection authority.
11. Data Breaches
If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority — and, where required, affected individuals — without undue delay and within the timeframes required by law.
12. California Residents (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, contact us using the details below.
13. Children's Privacy
The App is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under the applicable age, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child, please contact us at info@duovox.net.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. For material changes, we will provide notice through the App. Continued use of the App after changes constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have a complaint, please contact us at:
David Arthur Software
Kirkbymoorside, York, YO62 6LJ, United Kingdom
Email: info@duovox.net