Rapture Privacy Policy
Last updated: February 22, 2026 (v1.6.0 - Cross-platform iOS & Android, analytics disclosure)
At Bensolutions LLC, doing business as Noise Meld, we take your privacy seriously. This Privacy Policy explains how Rapture collects, uses, and protects your personal information.
Data Collection
Rapture collects audio recordings via device microphone only when you explicitly initiate recording. All recordings are stored in your personal Google Drive or iCloud Drive and are never sent to our servers.
Data Protection Mechanisms for Sensitive Data
Rapture processes two categories of sensitive data: audio recordings and transcription text. This section describes the specific protection mechanisms we implement for each.
Audio Recordings Protection
| Protection Layer | Mechanism | Details |
|---|---|---|
| In Transit | TLS 1.3 encryption | All uploads to Google Drive and Deepgram API use HTTPS with TLS 1.3 |
| At Rest (Device) | Device filesystem encryption | Protected by device-level encryption (iOS Data Protection / AES-256 on Android) |
| At Rest (Cloud) | Google Drive encryption | AES-256 encryption managed by Google infrastructure |
| Processing | Ephemeral processing | Deepgram processes audio for transcription but does not store it |
| Storage | User-controlled | Audio stored only in user's Google Drive, iCloud Drive, or local device - never on our servers |
Transcription Text Protection
| Protection Layer | Mechanism | Details |
|---|---|---|
| In Transit | TLS 1.3 encryption | All API calls (Deepgram, Gemini, Google Docs) use HTTPS with TLS 1.3 |
| At Rest (Device) | Device filesystem encryption | Local database protected by device encryption (iOS Data Protection / Android AES-256) |
| At Rest (Cloud) | Google Drive encryption | Google Docs encrypted by Google infrastructure (AES-256) |
| Processing | No long-term retention | Gemini API processes text for formatting but does not retain it |
| Storage | User-controlled | Transcriptions stored only in user's Google Drive - never on our servers |
Key Protection Principles
- No server-side content storage: Audio recordings and transcription text are NEVER stored on our servers
- User ownership: All content remains in the user's personal Google Drive or iCloud Drive under their control
- Minimal processing exposure: Third-party APIs (Deepgram, Gemini) process data ephemerally without retention
- End-to-end encryption in transit: All data transmission uses TLS 1.3 encryption
- Strong encryption at rest: AES-256 encryption for all stored data (device and cloud)
Third-Party Security Certifications
- Deepgram: SOC 2 Type II certified, HIPAA compliant
- Google Cloud: ISO 27001, SOC 2/3, GDPR compliant
- Render.com (API Gateway): SOC 2 Type II certified
Google Drive Access
We request Google Drive access to save your recordings and transcriptions to your personal Drive storage. You control this data and can delete it at any time from your Google Drive.
iCloud Drive Access (iOS)
On iOS, you may choose iCloud Drive as an alternative to Google Drive for storing recordings and transcriptions. Files are stored in your personal iCloud Drive under a dedicated Rapture folder. Apple manages iCloud Drive encryption and sync across your Apple devices. We do not access your iCloud data beyond the Rapture folder.
Authentication
Rapture supports two authentication methods:
- Google Sign-In: Available on both iOS and Android. Provides access to Google Drive sync and cross-platform subscription sharing.
- Sign in with Apple (iOS only): An alternative authentication option for users who prefer the Apple ecosystem. We receive only your name and email address (or a private relay email if you choose to hide your email). Apple Sign-In credentials are stored securely in the device Keychain.
Microphone Access
We request microphone permission to record your voice notes. Recording only occurs when you explicitly activate the app via voice command ("Hey Siri, Rapture this" on iOS or "Hey Google, open Rapture" on Android) or manual recording button.
Google API Services User Data Policy Compliance
Limited Use Disclosure
Rapture's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Data Source Clarification
Critical distinction: Audio recordings sent to Deepgram for transcription are captured directly from your device's microphone using native platform APIs (AVAudioEngine on iOS, AudioRecord on Android). This is user-generated content created on your device — it is NOT data obtained from any Google API.
Google services (Drive, Docs, Tasks) are used exclusively as DESTINATIONS for storing your recordings and transcriptions. Data flows INTO Google services — it is never read from Google and sent elsewhere.
Data Flow by Source
| Data Type | Source | Sent to Deepgram? | Sent to Google? |
|---|---|---|---|
| Audio recordings | Device microphone | ✓ Yes (transcription) | ✓ Yes (storage in Drive) |
| Transcription text | Deepgram output | N/A (originates here) | ✓ Yes (stored in Docs) |
| Google Drive files | Google Drive API | ✗ NEVER | N/A (stays in Google) |
| Google Docs content | Google Docs API | ✗ NEVER | N/A (stays in Google) |
| Google Tasks data | Google Tasks API | ✗ NEVER | N/A (stays in Google) |
| User profile/email | Google Sign-In | ✗ NEVER | N/A (stays in Google) |
Data Flow Diagram
Your Device
┌─────────────────┐
│ Microphone │ ← You speak (user-generated content)
└────────┬────────┘
↓
┌─────────────────┐
│ Deepgram API │ ← Receives mic audio ONLY (not Google data)
└────────┬────────┘
↓
┌─────────────────┐
│ Transcription │ ← Text result returned to your device
└────────┬────────┘
↓
┌─────────────────┐
│ Google Services │ ← Data flows IN (Drive, Docs, Tasks)
✗ Data NEVER flows out of Google to third parties
Explicit Compliance Statement
- No Google User Data to AI services: Data obtained from Google APIs (Drive files, Docs content, Tasks, user profile) is NEVER sent to Deepgram, Gemini, or any other third-party service.
- No AI training: We do not use Google User Data to develop, improve, or train generalized AI or machine learning models.
- Google as destination only: Google services receive data from your device — they are never used as a data source for third-party processing.
- User control: All content stored in Google services remains under your control and can be deleted at any time.
AI Transcription Processing
Premium features use Deepgram Nova-3 API to transcribe your recordings. Audio captured from your device microphone is sent through our secure API Gateway (hosted on Render.com) to Deepgram's servers for transcription processing, then the transcription text is returned to your device and saved to your Google Drive. Deepgram's privacy policy applies to transcription processing: https://deepgram.com/privacy
We also use Google Gemini API to format and clean transcription text. This processing happens through our API Gateway and follows Google's AI/ML privacy policies.
No AI Training
We do not use your Google user data to train artificial intelligence or machine learning models. Your audio recordings, transcriptions, and account information are processed solely to provide the transcription and formatting features you request.
Third-party AI services (Deepgram for transcription, Google Gemini for formatting) process your data only to deliver their respective features. According to their privacy policies, they do not retain or use your data for model training purposes.
Analytics
We use PostHog for privacy-respecting product analytics. PostHog collects:
- App usage events (e.g., recording created, feature used) — no transcription text or audio content
- Crash and error data for reliability monitoring
- Subscription funnel events (e.g., paywall viewed, purchase completed)
- User ID for associating events with accounts
We do not collect personally identifiable information (PII) such as names, email addresses, or transcription content in analytics events. PostHog data is used solely for improving the app experience and is not shared with advertisers or data brokers.
Tracking & Advertising
Rapture does not track you. Specifically:
- We do not use Apple's IDFA (Identifier for Advertisers) or request App Tracking Transparency permission
- We do not use Google's Advertising ID
- We do not display advertisements of any kind
- We do not share data with advertising networks or data brokers
- We do not link your data with third-party data for advertising or measurement purposes
Data Sharing
We do not share, sell, or transmit your data to any third parties beyond the services you authorize:
- Google Drive: Your recordings and transcriptions (your personal cloud storage)
- iCloud Drive (iOS): Your recordings and transcriptions (alternative to Google Drive)
- Deepgram: Audio for transcription processing (not stored by Deepgram)
- Google Gemini: Transcription text for formatting (not stored by Google)
- Google Tasks: Task titles and completion status extracted from voice notes (stored in YOUR Google Tasks)
- PostHog: Anonymous usage analytics (no PII or content data)
- Render.com API Gateway: Trial/subscription tracking data only
Your audio recordings and transcriptions remain in your personal Google Drive or iCloud Drive under your control.
Trial and Subscription Data
When you sign in (with Google or Apple) to activate your 30-day free trial, we collect:
- Account ID — Google account ID or Apple user ID (to track trial eligibility)
- Email address (to prevent trial abuse)
- Device identifier (to enforce one trial per device)
This data is stored securely on our backend server (Render.com) and is used solely to manage trial access and prevent abuse. We do not use this data for marketing or share it with third parties.
Data Retention
- Local recordings: Stored on your device until you delete them
- Google Drive recordings: Stored in your personal Drive until you delete them
- Trial/subscription data: Retained for the duration of your account plus 30 days for support purposes
- Usage logs: Retained for 90 days, then automatically deleted
Your Rights (GDPR & International Users)
You have the right to:
- Access: Request a copy of all data we hold about you
- Deletion: Request deletion of your account and associated data
- Portability: Export your recordings from your Google Drive at any time
- Rectification: Correct inaccurate data by contacting us
- Opt-out: Disable sync features or uninstall the app
To exercise these rights: Email support@noisemeld.com with your request. We will respond within 30 days as required by GDPR and CCPA.
International Data Transfers
Rapture is available worldwide and supports 10 languages. Our servers are located in the United States (Render.com hosting). By using Rapture, you consent to the transfer of your data to the United States for processing.
We comply with applicable data protection laws including GDPR (EU) and CCPA (California). Google Drive data is stored in Google's global infrastructure based on your region settings.
Children's Privacy
Rapture is not directed to children under 13 years old. We do not knowingly collect personal information from children. If you believe a child has provided data to Rapture, please contact us immediately.
Contact
For questions about this privacy policy or to exercise your data rights, contact us at: support@noisemeld.com
Response time: Within 30 days for all data requests (GDPR/CCPA compliant)
Legal Entity: Bensolutions LLC
DBA: Noise Meld
Location: Pennsylvania, United States