Privacy Policy

Controller: Arcana Media Ltd, a company registered in the United Kingdom.

Contact (privacy): hello@getvolvox.app

This Privacy Policy describes how Arcana Media Ltd (“we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with the Volvox AI mobile application (the “App”), our marketing website at getvolvox.app and related domains, and related services (together, the “Services”).

If you do not agree with this Policy, do not use the Services.

Related documents: Cookie Policy · Terms of Service

1. Information we collect

1.1 Account and profile

• Account identifiers: such as email address and user ID, when you create an account or sign in.
• Authentication data: when you use sign-in options such as Google, Sign in with Apple, or similar providers, we receive information from those providers as permitted by your settings (for example, name and email, depending on the provider and your choices).
• Profile and onboarding: information you provide during onboarding or in settings (for example, display name or preferences used to personalize the experience).

1.2 Content you save and generate in the App

• Items and media: content you add to the App, such as links, notes, files, and related metadata (for example titles, URLs, descriptions, timestamps, processing status).
• AI-generated outputs: summaries, extracted text, embeddings, or similar outputs produced when you use features that process your content.
• Chat and assistant features: messages and context you provide when using chat or AI features, and related technical metadata needed to operate those features.
• Collections and organization: names and structure you create (for example collections, tags, or groupings).

1.3 Device, technical, and log data

• Device information: such as device type, operating system version, app version, and identifiers needed for notifications or diagnostics.
• Diagnostics and security: error logs, performance data, and similar technical information to maintain and secure the Services.

1.4 Analytics and product telemetry (App)

When enabled in your build or configuration, we use analytics tools to understand how the App is used and to improve reliability. Depending on settings, this may include:

• Product events (for example feature usage, flows, and screens).
• Error and crash reporting to diagnose issues.
• Session replay in some configurations, which may capture interactions with the App interface to reproduce bugs or improve UX. If used, replay may be configured with masking; review in-app notices and platform settings where available.

1.5 Marketing website (analytics and advertising)

When you visit our marketing website, we and our partners may collect information through cookies, pixels, SDKs, and similar technologies for purposes such as measuring traffic, understanding campaign performance, and (where permitted) advertising. Depending on configuration, this may include tools such as:

• PostHog (product analytics and related features);
• Google Analytics (website measurement);
• Google Ads (conversion measurement and remarketing, where used);
• Meta (Facebook) and TikTok pixels or similar (advertising and measurement, where used).

See our Cookie Policy for more detail and choices. Where required, we will obtain consent before using non-essential cookies or similar technologies.

1.6 Payments and subscriptions

If you purchase a subscription or in-app product, payment processing is handled by platform providers (such as Apple App Store or Google Play) and/or our subscription management provider. We receive subscription status and transaction-related information needed to provide entitlements—not your full payment card details.

1.7 Marketing communications and waitlist

If you join a waitlist or submit a form on our website, we collect the information you submit (for example email address) and related metadata (such as timestamps) to contact you about Volvox AI as described when you submit the form.

1.8 Permissions

The App may request optional permissions where needed for features—for example access to your photo library to attach images, or notification permission to send alerts. You can control many permissions in your device settings.

1.9 App Tracking Transparency (iOS)

On supported iOS versions, we may request permission to track activity across apps and websites using Apple’s App Tracking Transparency framework, consistent with Apple’s requirements and our product configuration. If you decline, certain advertising or measurement features that rely on that identifier may be limited.

2. How we use information

We use information to:

• Provide, operate, and maintain the Services (including sync, search, AI features, and account management).
• Process and enrich content you submit (for example ingestion, summarization, embeddings, and chat responses).
• Authenticate users, prevent fraud and abuse, and secure the Services.
• Provide customer support and respond to requests.
• Measure usage, troubleshoot, and improve performance and product quality.
• Deliver and measure marketing and advertising (where permitted), including on our website and through partner platforms.
• Communicate with you about updates, security, and (where permitted) marketing.
• Comply with law and enforce our terms.

3. AI processing

Certain features use artificial intelligence models and related infrastructure to process your content and generate responses. AI outputs may be imperfect; you should not rely on them as professional, legal, financial, or medical advice. We process information as described here and as needed to deliver those features.

4. Legal bases (UK / EEA / Switzerland)

Where UK GDPR and EU GDPR-style laws apply, we rely on one or more of the following legal bases: performance of a contract (providing the Services), legitimate interests (security, improvement, analytics and advertising measurement where appropriate and balanced against your rights), consent (where required—for example non-essential cookies on the website or optional tracking), and legal obligations.

5. How we share information

We share information with:

• Service providers / subprocessors who assist us, such as:
  • Cloud backend and database (for example Supabase) for authentication, storage, and application data.
  • Analytics and diagnostics (for example PostHog) for product analytics, error reporting, and optional session replay as configured.
  • Website analytics and advertising platforms (for example Google Analytics, Google Ads, Meta, TikTok) as implemented on our marketing properties.
  • Subscription management (for example RevenueCat) to validate purchases and entitlements.
  • Infrastructure providers (for example Firebase/Google) for app configuration and related services as implemented in the product.
  • AI model providers and related infrastructure used to provide AI features, subject to contractual protections.
• Sign-in providers you choose (for example Google or Apple) as needed to authenticate you.
• Professional advisers (lawyers/accountants) where required.
• Authorities if required by law or to protect rights, safety, and security.
• Business transfers in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards.

We do not sell your personal information for money in the conventional sense. We may use cookies and advertising technologies that constitute “sharing” or targeted advertising under applicable laws; you may opt out where required by law and through platform settings.

6. International transfers

We may process information in countries other than where you live (including the United States, where many analytics and cloud providers are based). Where required under UK GDPR / EU GDPR, we use appropriate safeguards (such as the UK IDTA / Addendum or EU Standard Contractual Clauses) for transfers.

7. Retention

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary based on data type and legal requirements. You may request deletion of your account subject to applicable law; some information may persist in backups for a limited period.

8. Security

We implement technical and organizational measures designed to protect information. No method of transmission or storage is 100% secure.

9. Your rights and choices

If you are in the UK or EEA, you may have rights to access, rectify, erase, restrict processing, data portability, and to object to certain processing, and to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the ICO (ico.org.uk).

Account deletion: You may request deletion of your Volvox AI account and the personal data associated with it by emailing hello@getvolvox.app from the email address linked to your account, or by providing enough information for us to verify your identity. We will process your request in line with applicable law. Some information may be retained for a limited period where required for legal, security, or operational reasons, as described in Retention above.

To exercise rights, contact hello@getvolvox.app. We may need to verify your request.

California residents: California law may provide additional rights (including opt-out of certain “sharing” for cross-context behavioral advertising, where applicable). Contact us with requests; you may also use an authorized agent where permitted by law.

10. Children

The Services are not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

11. Third-party links and services

The Services may link to third-party sites or services. Their practices are governed by their own policies.

12. Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy and revise the effective date. If changes are material, we will provide additional notice as required by law.

13. Contact

Questions: hello@getvolvox.app