Privacy Policy

This Privacy Policy explains how SayOlá Inc. (“SayOlá”, “we”, “our”, “us”) collects, uses, discloses and protects your personal information when you access or use the SayOlá web & mobile application (“Service”).

1. Who We Are

SayOlá Inc. is registered in Ireland with its principal office at Rose Hill, Wicklow Town, Co Wicklow, Ireland. Although our infrastructure is hosted in the United States, our data-handling practices comply with the EU General Data Protection Regulation (“GDPR”) and other applicable laws.

2. Information We Collect

We collect the following categories of data:

  • Account Information – name, email address, authentication tokens (Firebase, Kinde).
  • Learning Preferences – chosen voice speed, voice gender, language level, completed scenario steps.
  • Voice & Transcript Data
    • Raw microphone recordings (captured only while you press the push-to-talk button, auto-deleted within 48 hours).
    • Transcripts generated by Deepgram.
    • AI replies and temporary TTS audio (stored for ≤ 2 hours until the signed URL expires).
  • Payment Data – limited information from Stripe (e.g. subscription status, last 4 digits of payment card). We never store full card numbers or CVC.
  • Usage Data – IP address, browser type, device information, referring pages, time-stamps and error logs for security and analytics.
  • Cookies & Local Storage – session tokens, language preference, first-name greeting.

3. How We Use Your Data

  • Provide, operate and maintain the Service (authentication, speech recognition, TTS playback, chat generation).
  • Personalise learning content and remember your preferences.
  • Process payments, manage subscriptions and detect fraudulent transactions.
  • Monitor performance, debug issues and improve features via aggregated analytics.
  • Send transactional emails (password resets, subscription confirmations) and, with consent, product updates.
  • Comply with legal obligations and enforce our Terms & Conditions.

4. Legal Bases for Processing (EEA / UK)

We process personal data under one or more of the following legal bases:

  • Contract – to deliver the Service you request.
  • Legitimate Interests – to improve our app, secure our infrastructure and prevent abuse.
  • Consent – for optional features such as marketing emails or microphone access in your browser.
  • Legal Obligation – to satisfy accounting, tax or law-enforcement requirements.

5. Sharing & Disclosure

We do not sell or rent your personal data. We share it only with:

  • Service Providers acting on our behalf under data-processing agreements:
    • Firebase & Google Cloud (hosting, databases, storage)
    • Deepgram (speech-to-text, optional TTS)
    • OpenAI & Cartesia AI (language & speech generation)
    • Stripe (payments)
    • Kinde (OAuth identity)
  • Professional Advisors – lawyers, auditors and insurers bound by confidentiality.
  • Legal Authorities – when required to comply with the law, court orders or to protect rights, property or safety.
  • Business Transfers – if we merge, acquire or sell assets, with appropriate safeguards.

6. International Transfers

Your data may be transferred to and stored on servers located in the United States or other countries outside the European Economic Area. We rely on Standard Contractual Clauses or comparable safeguards to ensure an adequate level of data protection.

7. Data Retention

  • Account data – retained until you delete your account or request erasure.
  • Learning preferences & progress – retained while your account is active.
  • Raw voice recordings – deleted automatically within 48 hours.
  • Temporary TTS audio – automatically removed when the signed URL expires (≤ 2 hours).
  • Payment records – retained for up to 7 years to comply with tax and accounting laws.

8. Security

We employ encryption in transit (TLS 1.2+), role-based access controls, least-privilege API keys, bucket-level ACLs and continuous monitoring. No system is 100% secure, yet we strive to protect your data using industry-standard measures.

9. Your Privacy Rights

Subject to local law, you have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Request deletion or restrict processing;
  • Object to processing based on legitimate interests;
  • Receive a copy of your data in portable format;
  • Withdraw consent at any time (e.g. microphone access, marketing emails);
  • Lodge a complaint with your local supervisory authority. In Ireland, this is the Data Protection Commission.

To exercise any of these rights, email us at [email protected]. We may verify your identity before processing your request.

10. Cookies & Similar Technologies

We use functional cookies and HTML5 local-storage to remember your session, preferred language and first-name greeting. You can clear or block cookies in your browser settings, but some features (login, push-to-talk) may not work.

11. Children’s Privacy

The Service is not directed to children under 13. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-app notice at least 14 days before they take effect. Review the Policy periodically for updates.

13. Contact Us

SayOlá Inc.
Rose Hill,
Wicklow Town,
Co Wicklow,
Ireland
Email: [email protected]

© 2025 SayOlá Inc. All rights reserved.