Privacy Policy

At Rubil we are committed to privacy-first design. We function as a Ghostwriter. We process your words to format them but we do not claim ownership of them. Your Glossary is a list you write, not a memory of what you've said. This policy outlines exactly how we handle your information.

1. Information We Collect

We minimize data collection to the essentials required to provide our service.

• Voice Input: We process audio for transcription. Your voice recordings are sent to our transcription provider (Groq) and are immediately discarded after processing. We do not store audio recordings on our servers.
• Transcripts: Your transcribed text is sent to our formatting provider (OpenAI) along with your Glossary entries for context-aware formatting. Full transcripts are not stored on our servers. We store only anonymous usage metrics (word counts and timestamps) to track your usage statistics.
• Glossary: Your personal Glossary (people, acronyms, terms, expansions) is encrypted locally on your device using AES-256 encryption AND synced to our cloud database (Supabase) to enable cross-session and cross-device access, plus features like Glossary suggestions. Glossary entries are included in formatting requests sent to OpenAI.
• Account Information: When you create an account we store your email address, subscription status, and usage statistics in our cloud database.
• Usage Data: We collect usage metrics including word counts, timestamps, platform context, session events (recording count, insertion success rate), and anonymous system performance data to provide your dashboard statistics and monitor system stability. No transcript content is ever included in usage data.
• Platform Detection: On the Chrome extension, we read the current page URL to identify the active platform (e.g. Gmail, Slack, Notion) and apply the appropriate formatting rules. On the Mac desktop app, we read the bundle identifier of the focused application to identify the active app. We do not read, collect, or transmit page content or application content. Only the hostname or bundle ID is used for platform detection.

2. How We Use Your Information

We use the information we collect for one purpose: to transform your spoken input into polished text based on your selected context (e.g. Gmail, Slack).

• No Training on User Data: We do not use your voice recordings or transcribed text to train AI models. Our AI providers (Groq and OpenAI) process data transiently under their enterprise API terms which prohibit data retention and model training.
• No Data Harvesting: We do not sell, rent, or monetize your personal data or content.
• Glossary Processing: Your Glossary entries are included in formatting requests so our AI can correctly spell your names, expand your acronyms, and apply your custom terms.

3. Data Retention

Rubil minimizes data retention by design.

• Voice Recordings: Processed transiently by Groq for transcription and immediately discarded. Never stored on our servers.
• Transcripts: Processed transiently by OpenAI for formatting and not stored on our servers. Full transcript text is never persisted.
• Dictation History (Mac App): The Mac desktop app keeps your last 50 dictations in memory so you can review and re-copy them. This history is never written to disk, never sent to our servers, and is cleared completely when you quit the app.
• Glossary: Stored encrypted on your device and synced to our cloud database. Persists until you delete entries or your account.
• Usage Statistics: Word counts and timestamps are stored in our cloud database to power your dashboard analytics.

4. Service Providers

We use the following third-party providers to deliver our service. Each processes your data transiently under their enterprise API terms.

• Groq: Receives your voice audio for transcription. Audio is processed and discarded. Groq does not store your recordings or use them for model training under their API terms.
• OpenAI: Receives your transcribed text and Glossary entries for formatting. Text is processed and discarded. OpenAI does not store your data or use it for model training under their API terms.
• Supabase: Hosts our cloud database. Stores your account information, Glossary entries, usage statistics, and Glossary suggestions.
• Stripe: Processes subscription payments. We do not store your payment details.
• Vercel: Hosts our backend API infrastructure. API requests pass through Vercel's serverless functions. Vercel may process server logs in accordance with their privacy policy. No user content is stored by Vercel beyond transient request processing.
• PostHog: Anonymous product analytics (app launches, feature usage, error counts). No transcripts, glossary content, or personal data. IP addresses are discarded at ingestion. Users can opt out in the Mac app Settings.

Data Flow: Voice → Transcription (Groq) → Formatting with Glossary context (OpenAI) → Formatted Output (your device)

5. Security

We implement industry-standard security measures to protect your data.

• Transmission Security: All data sent between your device, our servers, and our service providers uses encrypted HTTPS connections.
• Local Encryption: Your Glossary is encrypted on your device using AES-256 (AES-GCM) via the Web Crypto API on the Chrome extension, and via equivalent native encryption on the Mac desktop app. Encryption keys are derived from your account credentials and stored only in your active session.
• Authentication: All API endpoints require authentication. Requests are verified using secure session tokens.
• Database Security: Our cloud database enforces row-level security policies ensuring users can only access their own data.

6. Your Rights

You retain full ownership and control of your data at all times.

• Access & Editing: You can view and edit your Glossary and preferences through the Chrome extension, the Mac desktop app, or the web dashboard at any time.
• Deletion: You can delete individual Glossary entries or your entire account. Account deletion removes all associated data from our cloud database.
• App Removal: Uninstalling the Chrome extension or Mac desktop app removes all locally stored data including your encrypted Glossary cache.
• Data Portability: You can export your Glossary at any time through the web dashboard.

7. Changes to This Policy

We may update this policy to reflect changes in our practices. If we make material changes we will notify you through the extension, the desktop app, or our website.