This Privacy Policy explains what personal data we collect when you use VoluMe (the “Service”), why we collect it, and your rights in relation to it. We process personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018.
VoluMe does not require you to create an account, and we do not collect your name, email address, or any contact details. Instead, an anonymous identifier (a randomly generated code) is created and stored in your browser’s local storage the first time you use the Service. This identifier allows your personalisation profile to persist between visits on the same device and browser. It is not linked to any other identifying information, and we have no way to connect it to you personally.
When you choose an audio file to play, a copy of that file is saved to your browser’s Origin Private File System (OPFS) — a sandboxed storage area that is part of your browser, not our servers. This means the file is available automatically on your next visit without you having to pick it again. The file never leaves your device. You can remove it at any time by tapping the back button in the player and choosing to change the file, or by clearing your browser’s site data for this page.
We process personal data for the following purposes and on the following legal bases under UK GDPR:
We retain your personalisation profile and session history for as long as you continue to use the Service from the same device, and for up to 12 months of inactivity, after which it is deleted. You can request earlier deletion at any time (see Section 6) by providing your anonymous identifier, which you can find by [TO BE SPECIFIED — e.g. an in-app “view my data” link, not yet built].
We do not sell your personal data. We share data only with the following categories of recipient:
We do not share the technical details of how the personalisation algorithm operates with any third party, including our hosting provider, except where strictly necessary to operate the infrastructure and under confidentiality obligations.
The Service is currently free and does not involve any payment processor. If paid features are introduced in the future, this policy will be updated before that happens to describe any payment data involved.
Where our hosting infrastructure is located outside the UK, we ensure data is protected through adequacy regulations, Standard Contractual Clauses, or other lawful transfer mechanisms recognised under UK GDPR.
Under UK GDPR, you have the right to:
Because we hold no name or email address, exercising these rights requires you to provide your anonymous identifier so we can locate your data. To exercise any of these rights, contact us at [email address]. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) if you believe we have not handled your data appropriately.
The Service is not directed at children under 16, and we do not knowingly collect personal data from children under that age. If you believe a child has provided us with personal data, please contact us so we can delete it.
We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls on our systems, and confidentiality obligations on anyone with access to the underlying technology of the Service.
We may update this Privacy Policy from time to time, including when the Service changes (for example, if account creation or payment features are introduced). Material changes will be notified by an in-app notice before they take effect.
For any questions about this Privacy Policy or to exercise your data protection rights, contact [email address]. Our data controller registration with the Information Commissioner’s Office (if applicable) is [REGISTRATION NUMBER].