Rapture Privacy Policy
Last updated: January 11, 2026 (v1.5.0 - Google API Services User Data Policy Compliance)
At Bensolutions LLC, doing business as Noise Meld, we take your privacy seriously. This Privacy Policy explains how Rapture collects, uses, and protects your personal information.
Data Collection
Rapture collects audio recordings via device microphone only when you explicitly initiate recording. All recordings are stored in your personal Google Drive and are never sent to our servers.
Data Protection Mechanisms for Sensitive Data
Rapture processes two categories of sensitive data: audio recordings and transcription text. This section describes the specific protection mechanisms we implement for each.
Audio Recordings Protection
| Protection Layer | Mechanism | Details |
|---|---|---|
| In Transit | TLS 1.3 encryption | All uploads to Google Drive and Deepgram API use HTTPS with TLS 1.3 |
| At Rest (Device) | Android filesystem encryption | Protected by device-level encryption (AES-256 on modern Android) |
| At Rest (Cloud) | Google Drive encryption | AES-256 encryption managed by Google infrastructure |
| Processing | Ephemeral processing | Deepgram processes audio for transcription but does not store it |
| Storage | User-controlled | Audio stored only in user's Google Drive or local device - never on our servers |
Transcription Text Protection
| Protection Layer | Mechanism | Details |
|---|---|---|
| In Transit | TLS 1.3 encryption | All API calls (Deepgram, Gemini, Google Docs) use HTTPS with TLS 1.3 |
| At Rest (Device) | Android filesystem encryption | Local Room database protected by device encryption |
| At Rest (Cloud) | Google Drive encryption | Google Docs encrypted by Google infrastructure (AES-256) |
| Processing | No long-term retention | Gemini API processes text for formatting but does not retain it |
| Storage | User-controlled | Transcriptions stored only in user's Google Drive - never on our servers |
Key Protection Principles
- No server-side content storage: Audio recordings and transcription text are NEVER stored on our servers
- User ownership: All content remains in the user's personal Google Drive under their control
- Minimal processing exposure: Third-party APIs (Deepgram, Gemini) process data ephemerally without retention
- End-to-end encryption in transit: All data transmission uses TLS 1.3 encryption
- Strong encryption at rest: AES-256 encryption for all stored data (device and cloud)
Third-Party Security Certifications
- Deepgram: SOC 2 Type II certified, HIPAA compliant
- Google Cloud: ISO 27001, SOC 2/3, GDPR compliant
- Render.com (API Gateway): SOC 2 Type II certified
Google Drive Access
We request Google Drive access to save your recordings and transcriptions to your personal Drive storage. You control this data and can delete it at any time from your Google Drive.
Microphone Access
We request microphone permission to record your voice notes. Recording only occurs when you explicitly activate the app via voice command ("Hey Google, open Rapture") or manual recording button.
Google API Services User Data Policy Compliance
Limited Use Disclosure
Rapture's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Data Source Clarification
Critical distinction: Audio recordings sent to Deepgram for transcription are captured directly from your device's microphone using Android's AudioRecord API. This is user-generated content created on your device — it is NOT data obtained from any Google API.
Google services (Drive, Docs, Tasks) are used exclusively as DESTINATIONS for storing your recordings and transcriptions. Data flows INTO Google services — it is never read from Google and sent elsewhere.
Data Flow by Source
| Data Type | Source | Sent to Deepgram? | Sent to Google? |
|---|---|---|---|
| Audio recordings | Device microphone | ✓ Yes (transcription) | ✓ Yes (storage in Drive) |
| Transcription text | Deepgram output | N/A (originates here) | ✓ Yes (stored in Docs) |
| Google Drive files | Google Drive API | ✗ NEVER | N/A (stays in Google) |
| Google Docs content | Google Docs API | ✗ NEVER | N/A (stays in Google) |
| Google Tasks data | Google Tasks API | ✗ NEVER | N/A (stays in Google) |
| User profile/email | Google Sign-In | ✗ NEVER | N/A (stays in Google) |
Data Flow Diagram
Your Device
┌─────────────────┐
│ Microphone │ ← You speak (user-generated content)
└────────┬────────┘
↓
┌─────────────────┐
│ Deepgram API │ ← Receives mic audio ONLY (not Google data)
└────────┬────────┘
↓
┌─────────────────┐
│ Transcription │ ← Text result returned to your device
└────────┬────────┘
↓
┌─────────────────┐
│ Google Services │ ← Data flows IN (Drive, Docs, Tasks)
✗ Data NEVER flows out of Google to third parties
Explicit Compliance Statement
- No Google User Data to AI services: Data obtained from Google APIs (Drive files, Docs content, Tasks, user profile) is NEVER sent to Deepgram, Gemini, or any other third-party service.
- No AI training: We do not use Google User Data to develop, improve, or train generalized AI or machine learning models.
- Google as destination only: Google services receive data from your device — they are never used as a data source for third-party processing.
- User control: All content stored in Google services remains under your control and can be deleted at any time.
AI Transcription Processing
Premium features use Deepgram Nova-3 API to transcribe your recordings. Audio captured from your device microphone is sent through our secure API Gateway (hosted on Render.com) to Deepgram's servers for transcription processing, then the transcription text is returned to your device and saved to your Google Drive. Deepgram's privacy policy applies to transcription processing: https://deepgram.com/privacy
We also use Google Gemini API to format and clean transcription text. This processing happens through our API Gateway and follows Google's AI/ML privacy policies.
No AI Training
We do not use your Google user data to train artificial intelligence or machine learning models. Your audio recordings, transcriptions, and account information are processed solely to provide the transcription and formatting features you request.
Third-party AI services (Deepgram for transcription, Google Gemini for formatting) process your data only to deliver their respective features. According to their privacy policies, they do not retain or use your data for model training purposes.
Data Sharing
We do not share, sell, or transmit your data to any third parties beyond the services you authorize:
- Google Drive: Your recordings and transcriptions (your personal cloud storage)
- Deepgram: Audio for transcription processing (not stored by Deepgram)
- Google Gemini: Transcription text for formatting (not stored by Google)
- Google Tasks: Task titles and completion status extracted from voice notes (stored in YOUR Google Tasks)
- Render.com API Gateway: Trial/subscription tracking data only
Your audio recordings and transcriptions remain in your personal Google Drive under your control.
Trial and Subscription Data
When you sign in with Google to activate your 30-day free trial, we collect:
- Google account ID (to track trial eligibility)
- Email address (to prevent trial abuse)
- Android device ID (to enforce one trial per device)
This data is stored securely on our backend server (Render.com) and is used solely to manage trial access and prevent abuse. We do not use this data for marketing or share it with third parties.
Data Retention
- Local recordings: Stored on your device until you delete them
- Google Drive recordings: Stored in your personal Drive until you delete them
- Trial/subscription data: Retained for the duration of your account plus 30 days for support purposes
- Usage logs: Retained for 90 days, then automatically deleted
Your Rights (GDPR & International Users)
You have the right to:
- Access: Request a copy of all data we hold about you
- Deletion: Request deletion of your account and associated data
- Portability: Export your recordings from your Google Drive at any time
- Rectification: Correct inaccurate data by contacting us
- Opt-out: Disable sync features or uninstall the app
To exercise these rights: Email support@noisemeld.com with your request. We will respond within 30 days as required by GDPR and CCPA.
International Data Transfers
Rapture is available worldwide and supports 10 languages. Our servers are located in the United States (Render.com hosting). By using Rapture, you consent to the transfer of your data to the United States for processing.
We comply with applicable data protection laws including GDPR (EU) and CCPA (California). Google Drive data is stored in Google's global infrastructure based on your region settings.
Children's Privacy
Rapture is not directed to children under 13 years old. We do not knowingly collect personal information from children. If you believe a child has provided data to Rapture, please contact us immediately.
Contact
For questions about this privacy policy or to exercise your data rights, contact us at: support@noisemeld.com
Response time: Within 30 days for all data requests (GDPR/CCPA compliant)
Legal Entity: Bensolutions LLC
DBA: Noise Meld
Location: Pennsylvania, United States