Legal
Privacy policy
Loqui keeps as little as possible. The shape of that promise, in plain language, with the detail required for legal completeness.
Last updated: May 18, 2026 · Version 2.1
1. Introduction
Loqui (“Loqui,” “we,” “us,” “our”) makes a mobile app that records conversations on your phone, transcribes them, and writes the result to your own cloud storage. This policy explains what data we collect, how we use it, and your rights with respect to it. It applies to the Loqui mobile app and the marketing website at useloqui.com.
We have written this policy in plain English. The plain-language summary below is the operative summary of our commitments. The detailed sections that follow are required for legal completeness; if any provision conflicts with the plain-language summary, the more user-protective interpretation governs.
2. Plain-language summary
- Audio you record is sent to AssemblyAI for transcription, then deleted from your device. Loqui's servers do not store the audio. AssemblyAI does not retain audio after processing.
- Transcripts are stored in the cloud account you connect — Google Drive or iCloud. Loqui's servers do not store the contents of your transcripts.
- We retain a small amount of metadata for billing and account functionality. This includes your account email, subscription tier, minute usage count, and timestamps for transcripts you have created.
- We do not sell or rent your data. With your explicit consent (via the App Tracking Transparency prompt on iOS, or the equivalent advertising-ID setting on Android), the mobile app shares your device advertising identifier with Meta solely to measure the effectiveness of Loqui ads on Facebook and Instagram. You can decline or revoke this consent at any time; the app continues to work fully without it, and we never share the contents of your audio or transcripts with Meta or any advertising partner.
- You can delete your account at any time from within the app. All metadata is removed within 30 days.
- Loqui is not HIPAA-compliant. Do not record patient encounters or other Protected Health Information. A clinical tier with a Business Associate Agreement is in development.
3. Information we collect
We collect the minimum information needed to operate the service.
Information you provide directly
- Email address (used as your account identifier).
- Subscription tier you select.
- Cloud storage destination you connect (Google Drive or iCloud).
- Audio you record. This is processed transiently — see Section 4.
- Support communications you send to support@useloqui.com or privacy@useloqui.com.
Information collected automatically
- Minute-usage count for billing-meter enforcement.
- Transcript timestamps and durations (not the contents of the transcripts).
- Crash logs and stack traces, with no transcript or audio content, via Sentry.
- Approximate country derived from IP, via Sentry, for diagnostics only.
- App version, operating system version, and device model.
- Device advertising identifier (IDFA on iOS, AAID on Android), only when you grant permission through the App Tracking Transparency prompt on iOS or leave the equivalent advertising-ID setting enabled on Android. Used by the Meta SDK to attribute installs and subscriptions to Loqui marketing campaigns. When consent is declined, iOS returns an all-zero IDFA and attribution falls back to SKAdNetwork (aggregated, no per-device identifier).
Information from third parties
- Subscription state from the Apple App Store or Google Play, via RevenueCat.
- Email-address verification from your sign-in identity provider, where applicable.
4. How we process your information
Audio. When you finish a recording, the audio file is uploaded to AssemblyAI for transcription. Once the transcript is returned (typically within seconds to minutes), the audio file is permanently deleted from your device. AssemblyAI does not retain audio after processing under our agreement with them.
Transcript text. Transcript text is sent to Anthropic’s Claude API to generate a summary, action items, and tags. Anthropic does not retain transcript text for model training under the API terms in effect when this policy was published. The completed transcript and metadata are then written to your connected cloud account (Google Drive or iCloud). Loqui’s backend does not store the transcript text.
Account, billing, and usage metadata. Stored in our backend (Supabase). Used to authenticate you, enforce subscription limits, and generate billing records.
Crash reports. Stored in Sentry to allow us to identify and fix bugs.
5. Legal bases for processing (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar law, we rely on the following legal bases.
| Processing activity | Legal basis | Reference |
|---|---|---|
| Account creation, sign-in, subscription enforcement | Performance of a contract | GDPR Art. 6(1)(b) |
| Audio transcription, summary generation | Performance of a contract | GDPR Art. 6(1)(b) |
| Crash and error logging | Legitimate interest in service stability | GDPR Art. 6(1)(f) |
| Tax, financial, and audit recordkeeping | Compliance with a legal obligation | GDPR Art. 6(1)(c) |
| Optional product update emails | Consent (withdrawable) | GDPR Art. 6(1)(a) |
You may object to processing based on legitimate interest at any time by writing to privacy@useloqui.com.
6. Subprocessors and third parties
Loqui engages the following service providers to operate the product. Each is engaged under a written agreement that includes data-protection terms appropriate to its role.
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| AssemblyAI | Audio transcription with speaker labels | Audio (deleted after processing) | United States |
| Anthropic | Summary and action item generation | Transcript text (not retained for training) | United States |
| Supabase | Backend hosting for account, billing, audit metadata | Email, subscription tier, usage counts, timestamps | United States |
| RevenueCat | Subscription state management | Account ID, subscription tier | United States |
| Apple App Store | Subscription billing on iOS | Apple ID, subscription record | United States |
| Google Play | Subscription billing on Android | Google account, subscription record | United States |
| Google Drive | User-controlled transcript storage | Transcripts written to your own Drive account | United States |
| Apple iCloud | User-controlled transcript storage | Transcripts written to your own iCloud account | United States |
| Sentry | Crash and error reporting | Stack traces, app version, device model (no transcript content) | United States |
| Resend | Transactional and support email delivery | Email address, message content you submit | United States |
| Vercel | Marketing website hosting (useloqui.com) | IP address, request logs | United States |
| Meta Platforms (Facebook / Instagram) | Ad attribution and analytics for Loqui marketing campaigns on Facebook and Instagram — only when the user grants consent via Apple's App Tracking Transparency prompt on iOS or the equivalent setting on Android. Falls back to aggregated SKAdNetwork attribution with no per-device identifier when consent is declined. | Device advertising identifier (IDFA on iOS, AAID on Android), standard SDK event names, app version. No audio or transcript content. | United States |
We will update this list before adding any new subprocessor and will provide 30 days’ notice via email to active subscribers when the change materially affects how user data is processed.
7. Data retention
| Data category | Retention period | Reason |
|---|---|---|
| Audio recordings | Not retained — deleted after transcription | Privacy by design |
| Transcript text | Not retained on Loqui servers — stored in your cloud | Privacy by design |
| Account email and ID | Until deletion, then 30 days | Allow recovery during grace period |
| Subscription records | 7 years after cancellation | Tax and financial compliance |
| Anonymized usage logs | 7 years | Audit and compliance |
| Crash and error reports | 90 days | Debugging window |
| Support email correspondence | 2 years | Reference for follow-up issues |
When a retention period expires, data is deleted or fully anonymized.
8. Security
- Transport-layer encryption (TLS 1.2 or higher) on all network requests.
- At-rest encryption on our backend database (Supabase) and crash reporting (Sentry).
- Audio is transmitted to AssemblyAI over TLS, processed transiently, and deleted from your device after the transcript is returned.
- Access to backend systems is limited to a small number of personnel under written confidentiality obligations.
- Subprocessor contracts require equivalent or stronger security practices.
No system is perfectly secure. If you become aware of a vulnerability or breach, write to security@useloqui.com.
9. Your rights
Depending on your location, you may have some or all of the following rights with respect to your personal data.
- Right to access. Request a copy of the personal data we hold about you.
- Right to rectification. Correct inaccurate or incomplete data.
- Right to erasure. Delete your account and the metadata we hold. Available in-app under Settings → Delete my account.
- Right to portability. Receive your data in a structured, machine-readable format.
- Right to object. Object to processing based on legitimate interest.
- Right to withdraw consent. For any processing previously based on consent.
- Right to lodge a complaint. With your local data protection authority.
To exercise any of these rights, write to privacy@useloqui.com from the email address on your Loqui account. We respond within 30 days. We do not charge a fee for reasonable requests.
California residents have additional rights under the CCPA / CPRA, including the right to know what categories of personal information are collected, the right to delete, the right to correct, and the right to opt out of sales. Loqui does not sell personal information.
10. International data transfers
Our subprocessors are located in the United States. If you use Loqui from outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (or equivalent transfer mechanisms) with our subprocessors where required by law. By using Loqui, you understand that your data may be processed in jurisdictions with different privacy laws than your own.
11. Children’s privacy
Loqui is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe a child under 18 has created an account, contact privacy@useloqui.com and we will delete the account and any associated data.
12. Tracking technologies
The Loqui mobile app integrates the Meta SDK to measure the effectiveness of Loqui advertising on Facebook and Instagram. On iOS, the SDK only collects your device advertising identifier (IDFA) if you grant permission through Apple’s App Tracking Transparency prompt; if you decline, the SDK falls back to aggregated SKAdNetwork attribution and no per-device identifier is shared. On Android, the equivalent advertising ID (AAID) is used under the same opt-in model. You can revoke this consent at any time in your device’s privacy settings, and the app continues to work fully without it. We never share the contents of your audio recordings or transcripts with Meta or any advertising partner.
The Loqui mobile app does not use cookies. The marketing website at useloqui.com does not currently use analytics cookies. If we introduce a privacy-respecting analytics tool in the future, this policy will be updated and the change disclosed before the new tool is enabled.
13. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. For material changes, we will give 30 days’ notice via email to active subscribers and via an in-app notice before the change takes effect.
14. Special notice — App Store privacy disclosures
Apple’s App Store and Google Play require app developers to publish a structured privacy disclosure inside the store listing. The information in this policy is the authoritative source. Our App Store and Google Play privacy disclosures are derived from this policy. If a discrepancy ever arises, this policy governs and the store disclosures will be updated to match.
You can review the structured disclosures within the App Store or Google Play listing for the Loqui app.
15. Contact us
For privacy questions, data subject access requests, or any concern about how Loqui handles your data:
- General privacy. privacy@useloqui.com
- Security disclosures. security@useloqui.com
- General support. support@useloqui.com
We respond to all privacy and security inquiries within 30 days. Account-deletion requests are typically completed within a few business days.