Privacy Policy

At Rubil we are committed to privacy-first design. We function as a Ghostwriter. We process your words to format them but we do not claim ownership of them. This policy outlines exactly how we handle your information.

1. Information We Collect

We minimize data collection to the essentials required to provide our service.

• Voice Input: We process audio for transcription. Your voice recordings are sent to our transcription provider (Groq) and are immediately discarded after processing. We do not store audio recordings on our servers.
• Transcripts: Your transcribed text is sent to our formatting provider (OpenAI) along with your dictionary entries for context-aware formatting. Full transcripts are not stored on our servers. We store only anonymous usage metrics (word counts and timestamps) to track your usage statistics.
• Dictionary: Your personal dictionary (names, acronyms, projects, terms, expansions) is encrypted locally on your device using AES-256 encryption AND synced to our cloud database (Supabase) to enable cross-session access and features like dictionary suggestions. Dictionary entries are included in formatting requests sent to OpenAI.
• Account Information: When you create an account we store your email address, subscription status and usage statistics in our cloud database.
• Usage Data: We collect usage metrics (word counts, timestamps, platform context) to provide your dashboard statistics and monitor system stability.

2. How We Use Your Information

We use the information we collect for one purpose: to transform your spoken input into polished text based on your selected context (e.g. Gmail, Slack).

• No Training on User Data: We do not use your voice recordings or transcribed text to train AI models. Our AI providers (Groq and OpenAI) process data transiently under their enterprise API terms which prohibit data retention and model training.
• No Data Harvesting: We do not sell, rent or monetize your personal data or content.
• Dictionary Processing: Your dictionary entries are included in formatting requests so our AI can correctly spell your names, expand your acronyms and apply your custom terms.

3. Data Retention

Rubil minimizes data retention by design.

• Voice Recordings: Processed transiently by Groq for transcription and immediately discarded. Never stored on our servers.
• Transcripts: Processed transiently by OpenAI for formatting and not stored on our servers. Full transcript text is never persisted.
• Dictionary: Stored encrypted on your device and synced to our cloud database. Persists until you delete entries or your account.
• Usage Statistics: Word counts and timestamps are stored in our cloud database to power your dashboard analytics.
• Local History: The extension stores your recent dictation history locally on your device for quick reference. This data never leaves your browser.

4. Service Providers

We use the following third-party providers to deliver our service. Each processes your data transiently under their enterprise API terms.

• Groq: Receives your voice audio for transcription. Audio is processed and discarded. Groq does not store your recordings or use them for model training under their API terms.
• OpenAI: Receives your transcribed text and dictionary entries for formatting. Text is processed and discarded. OpenAI does not store your data or use it for model training under their API terms.
• Supabase: Hosts our cloud database. Stores your account information, dictionary entries, usage statistics and dictionary suggestions.
• Stripe: Processes subscription payments. We do not store your payment details.

Data Flow: Voice → Transcription (Groq) → Formatting with dictionary context (OpenAI) → Formatted Output (your device)

5. Security

We implement industry-standard security measures to protect your data.

• Transmission Security: All data sent between your browser, our servers and our service providers uses encrypted HTTPS connections.
• Local Encryption: Your dictionary is encrypted on your device using AES-256 (AES-GCM) via the Web Crypto API. Encryption keys are derived from your account credentials and stored only in your browser session.
• Authentication: All API endpoints require authentication. Requests are verified using secure session tokens.
• Database Security: Our cloud database enforces row-level security policies ensuring users can only access their own data.

6. Your Rights

You retain full ownership and control of your data at all times.

• Access & Editing: You can view and edit your dictionary and preferences through the extension or the web dashboard at any time.
• Deletion: You can delete individual dictionary entries or your entire account. Account deletion removes all associated data from our cloud database.
• Extension Removal: Uninstalling the extension removes all locally stored data including your encrypted dictionary cache and local history.
• Data Portability: You can export your dictionary at any time through the extension dashboard.

7. Changes to This Policy

We may update this policy to reflect changes in our practices. If we make material changes we will notify you through the extension or our website.