Privacy Policy

Last updated: March 31, 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

JustYap
Email: support@justyap.app

2. Overview

JustYap (“we”, “our”, or “us”) is a voice-to-text desktop application. We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy explains what data we collect, how we use it, the legal basis for processing, and your rights.

3. Data We Collect & Legal Basis

3.1 Account Data

When you create an account, we collect your email address and store a hashed password. This data is stored securely in our database hosted on Supabase (EU — Ireland).

Legal basis:Art. 6(1)(b) GDPR — performance of a contract. This data is necessary to create and manage your account.

3.2 Device Information

When you log in, we collect a device identifier and device name(e.g., “DESKTOP-PC”) to enforce our device limit (max. 3 devices per account). This data is stored in your user profile.

Legal basis:Art. 6(1)(b) GDPR — performance of a contract.

3.3 Audio Data

Local transcription mode: All audio processing happens entirely on your device. No audio data is ever sent to our servers or any third party.

Cloud transcription mode (BYOK): Audio is sent directly from your device to your chosen third-party provider (e.g., Groq, OpenAI) using your own API key. We never see or store your audio or API key on our servers.

Managed cloud mode (Legendary plan): Audio is routed through our server proxy to Groq (USA) for transcription. Audio is processed in real-time and is not stored on our servers or by Groq after transcription is complete.

Legal basis:Art. 6(1)(b) GDPR — performance of a contract.

3.4 Usage Data

For cloud transcription users, we track the number of seconds transcribed andrequest count per billing period to enforce usage limits. We also collect aggregated daily usage statistics (words dictated, number of transcriptions) to provide you with usage insights within the app.

Legal basis:Art. 6(1)(b) GDPR — performance of a contract (usage limits); Art. 6(1)(f) GDPR — legitimate interest (usage statistics to improve your experience).

3.5 Subscription & Payment Data

Payments are processed by LemonSqueezy (Merchant of Record), which uses Stripe for payment processing. We never store credit card numbers or payment details. We only receive and store your subscription status, license tier, and LemonSqueezy order/subscription IDs.

Legal basis:Art. 6(1)(b) GDPR — performance of a contract.

3.6 Transcription History

If you enable the optional history feature, transcriptions are stored locally in your device's storage (localStorage). This data never leaves your device and is not accessible to us.

4. How We Use Your Data

  • To provide and maintain the JustYap service
  • To manage your account and authenticate you
  • To process cloud transcriptions on your behalf
  • To enforce device limits and usage limits on cloud plans
  • To deliver software updates
  • To respond to support requests

We do not use your data for advertising, profiling, or automated decision-making.

5. Data Sharing & Third-Party Processors

We do not sell your data. We share data only with the following service providers:

ProviderPurposeData SharedLocation
SupabaseDatabase & authenticationEmail, hashed password, device info, license, usage dataEU (Ireland)
VercelWebsite & API hostingAPI requests, IP addresses (not stored)EU (Frankfurt) / Global Edge
GroqCloud transcription (Legendary plan)Audio data (temporarily processed, not stored)USA
LemonSqueezy / StripePayment processingPayment details (never stored by us)USA

6. International Data Transfers

Your personal data is primarily stored within the European Union (Supabase, Ireland). Some data is transferred to the United States for the following purposes:

  • Groq(cloud transcription): Audio is temporarily processed and immediately discarded. Transfer is safeguarded under the EU-US Data Privacy Framework and Groq's Data Processing Addendum.
  • LemonSqueezy / Stripe (payments): Payment data is handled directly by LemonSqueezy as Merchant of Record. Transfer is safeguarded under the EU-US Data Privacy Framework and Standard Contractual Clauses.

7. Data Retention

  • Account data: Retained as long as your account is active. Deleted upon account deletion request.
  • Usage data: Cloud usage records are retained for the current billing period plus 90 days. Usage statistics are retained for up to 90 days.
  • Audio data: Not stored. Managed cloud audio is processed in real-time and immediately discarded.
  • Payment records: Retained by LemonSqueezy in accordance with applicable tax and accounting obligations.

8. Your Rights (GDPR Art. 15–21)

As an EU/EEA resident, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of your personal data
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — request deletion of your data
  • Right to restriction (Art. 18) — restrict processing of your data
  • Right to data portability (Art. 20) — receive your data in a portable format
  • Right to object (Art. 21) — object to processing based on legitimate interest
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@justyap.app. We will respond to your request within 30 days.

9. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in your country of residence, or the authority responsible for our operations:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
www.bfdi.bund.de

10. Cookies & Tracking

Our website does not use cookies for tracking, analytics, or advertising purposes. We do not use Google Analytics, Facebook Pixel, or any similar tracking tools. Essential cookies may be used for authentication sessions only.

11. Automated Decision-Making

We do not use automated decision-making or profiling as defined by Art. 22 GDPR.

12. Security

We use industry-standard security measures including encrypted connections (TLS/HTTPS), hashed passwords (bcrypt), Row Level Security on our database, and secure hosting providers. However, no method of electronic transmission is 100% secure.

13. Children's Privacy

JustYap is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us personal data, please contact us.

14. Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email or in-app notification. The “Last updated” date at the top reflects the most recent revision.

15. Contact

For questions about this privacy policy or to exercise your data protection rights, contact us at support@justyap.app.