Privacy Policy

🏠 1. Who We Are

Speak Up! ("we", "our", "us") is an AI-powered English speaking practice platform available at our Vercel-hosted domain. We are operated as an independent project by its developer and are committed to protecting your privacy in accordance with applicable laws including India's Digital Personal Data Protection (DPDP) Act, 2023.

This Privacy Policy explains what personal data we collect from you when you use the Speak Up! platform, how we use it, who we share it with, and what rights you have over it.

📊 2. Data We Collect

We only collect information that is necessary to provide and improve our service.

2.1 Account Information

• Email address — collected during Google Sign-In via Firebase Authentication.
• Display name — your name from your Google account, used to personalise your dashboard.
• Gender (optional) — used only to assign a default avatar colour.
• Username (optional) — a public handle you can choose for your profile.
• Social profile links (optional) — LinkedIn and Instagram URLs if you choose to add them.

2.2 Practice Session Data

• Voice audio recordings — recorded in your browser when you tap "Start Recording" during a practice session.
• Speech transcripts — generated from your voice by our on-device AI (Whisper) or our server.
• Practice scores — fluency, clarity, and confidence scores generated by AI after each session.
• Practice topic — the topic you were asked to speak about.
• Practice date and time — logged to track your streak.

2.3 Usage Data

• IP address — captured in server logs for rate limiting and abuse prevention. Not linked to your account.
• Browser & device type — captured automatically by our hosting provider (Vercel) for analytics.

⚙️ 3. How We Use Your Data

We use your personal data for the following specific purposes:

• To provide the core service — authentication, displaying your dashboard, storing your practice history, and showing your streaks and scores.
• To generate AI feedback — your voice recording or transcript is sent to Groq's AI API to produce your fluency, clarity, and confidence scores and personalised feedback.
• To personalise content — daily practice topics and interview questions are generated based on general settings (not individual profiling).
• To prevent abuse — IP-based rate limiting prevents spam and misuse of the service.
• To improve the service — aggregated, anonymised usage patterns may be reviewed to improve features. We do not profile individual users.

🎙️ 4. Voice Audio & AI Processing

Voice data is the most sensitive data we handle. Here is exactly what happens to it:

1. Recording: Your audio is captured locally in your browser. It never leaves your device until you press "Stop & Analyse".
2. On-device processing (primary): If the on-device Whisper AI model is ready, your audio is transcribed entirely on your device. Only the text transcript — not the audio — is sent to our server.
3. Server processing (fallback): If the on-device model is not ready, the audio is converted to base64 and sent to our server, which passes it to the Groq Whisper API for transcription.
4. AI scoring: The text transcript is sent to Groq's AI (Llama) to generate your score and feedback.
5. Deletion: The raw audio base64 data is automatically deleted from our database as soon as transcription is complete and the score is saved. We do not store your raw audio permanently.

Your transcripts and scores are stored to build your practice history and are retained until you delete your account.

🤝 5. Data Sharing & Third Parties

We only share your data with the following trusted service providers who are essential for running the application:

• Google Firebase (Google LLC) — provides user authentication (Sign In with Google) and Firestore real-time database for storing user profile data. Firebase Privacy Policy →
• Groq Inc. — receives audio or transcripts to perform AI transcription (Whisper) and scoring (Llama). Groq processes this as a data processor on our behalf. Groq Privacy Policy →
• Google Gemini (Google LLC) — used as a fallback for audio transcription and for generating daily practice topics. Google Privacy Policy →
• Supabase / Neon (PostgreSQL) — stores practice sessions, scores, and the task queue. Located in the Singapore region. Supabase Privacy Policy →
• Vercel Inc. — hosts the application and all API functions. Vercel Privacy Policy →
• Unsplash / Pexels — used to fetch practice images for the "Picture Talk" feature. We do not send any of your personal data to these providers.

We do not sell, rent, trade, or otherwise transfer your personal data to any other third parties.

🔐 6. Data Storage & Security

Your data is stored in the following locations:

• User profile & auth data: Google Firebase (data centres in the USA and globally distributed).
• Practice sessions & scores: Supabase PostgreSQL database in the Asia Pacific (Singapore) region.

We implement the following security measures:

• All data in transit is encrypted via HTTPS/TLS.
• Database connections require SSL.
• Firebase Authentication tokens are verified server-side for all sensitive API calls.
• API endpoints use rate limiting to prevent brute-force or denial-of-service attacks.
• Internal API endpoints are protected with a secret key.

While we implement industry-standard security measures, no method of internet transmission is 100% secure. We encourage you to use a strong, unique password for your Google account.

🗓️ 7. Data Retention

• Voice audio (raw base64): Deleted immediately from the queue after AI processing is complete (typically within 60 seconds of recording).
• Practice scores and transcripts: Retained until you delete your account. Your 20 most recent sessions are actively shown on your dashboard.
• User profile (name, email, streak): Retained until you request account deletion.
• Completed/failed task queue entries: Automatically purged after 1 hour.
• Server logs (IP address): Retained by Vercel for up to 30 days for security purposes.

⚖️ 8. Your Rights

Under the DPDP Act, 2023 (India) and general privacy best practices, you have the following rights:

• Right to Access: You can view your practice history and profile data on your dashboard at any time.
• Right to Correction: You can update your display name, username, and social links from your profile settings.
• Right to Erasure (Deletion): You can request complete deletion of all your data by contacting us. We will process your request within 30 days.
• Right to Withdraw Consent: You may stop using the service and request deletion of your data at any time.
• Right to Complain: You have the right to file a complaint with the Data Protection Board of India if you believe your rights have been violated.

To exercise any of these rights, please contact us using the details in Section 12 below.

👶 9. Children's Privacy

Speak Up! is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately and we will delete that information.

Users between 13 and 18 should use the service with the consent and supervision of a parent or guardian.

🍪 10. Cookies & Local Storage

Speak Up! does not use advertising cookies or third-party tracking cookies. We use browser localStorage for the following functional purposes only:

• Theme preference (speakup-theme) — remembers your chosen colour theme (e.g., Pink, Dark, Blue).
• Firebase Authentication — Firebase SDK stores authentication tokens in IndexedDB/localStorage to keep you logged in between sessions.
• Service Worker cache — used to enable offline access and faster page loads (PWA functionality).

None of this data is used for tracking, advertising, or profiling. You can clear your browser's local storage at any time to reset these preferences.

🔄 11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page.

Your continued use of Speak Up! after any changes to this policy constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

📬 12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: