TLDM ("we", "us", "our") is operated by Leyton, based in Belgium. This policy describes how TLDM handles your data. We are committed to a privacy-first approach: your audio stays on your device, and we never sell your data.

1. Data We Collect

Account information: Email address and hashed password, stored in our cloud database (Convex) to authenticate you.
Audio recordings: Recorded and stored locally on your device, encrypted at rest. On the free tier, audio is temporarily uploaded for server-side transcription and deleted immediately after processing. With the Lifetime plan (BYOK), audio is sent directly to OpenAI and never touches our servers.
Transcription data: On the Lifetime plan, audio is sent directly from your device to OpenAI's Whisper API using your own API key. On the free tier, we process transcription server-side but do not retain audio or transcripts after processing.
Meeting summaries: Generated via OpenAI's GPT-4o-mini. With the Lifetime plan, this uses your own API key directly. Summaries are stored locally on your device.
Subscription data: Managed by RevenueCat. We receive subscription status but not payment details.
Crash reports: We use Sentry to collect anonymized crash and error reports to improve app stability.

2. Data Storage & Security

Local storage: Audio recordings, transcriptions, and summaries are stored on-device with encryption.
Cloud sync (optional): If you enable cloud sync, your transcription and summary data is encrypted and synced via Convex. Audio files are never synced to the cloud.
Authentication data: Your email and hashed password are stored securely in Convex.

3. Third-Party Services

TLDM integrates with the following third-party services. Each has their own privacy policy:

OpenAI — Transcription (Whisper API) and summarization (GPT-4o-mini). Audio is sent to OpenAI when you request a transcription. You use your own API key; we have no access to it. openai.com/policies/privacy-policy
Convex — Cloud database for authentication and optional sync. convex.dev/legal/privacy
RevenueCat — Subscription and purchase management. revenuecat.com/privacy
Sentry — Crash reporting and error tracking (anonymized). sentry.io/privacy

4. What We Do NOT Do

We do not serve ads.
We do not use analytics or tracking tools.
We do not sell, rent, or share your personal data with third parties for marketing.
We do not access your audio recordings.
We do not have access to your OpenAI API key.

5. Your Rights (GDPR)

As we operate from Belgium and serve users in the EU, you have the following rights under the General Data Protection Regulation:

Access: Request a copy of all data we hold about you.
Rectification: Correct inaccurate personal data.
Erasure: Delete your account and all associated data.
Data portability: Export your data in a standard format.
Objection: Object to processing of your personal data.

Data export and account deletion are built directly into the app. You can also contact us at privacy@tldm.app to exercise these rights.

6. Data Retention

Local data persists until you delete it or uninstall the app.
Cloud-synced data is retained until you delete it or your account.
Account data is deleted within 30 days of account deletion request.
Crash reports in Sentry are retained for 90 days.

7. Children's Privacy

TLDM is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 13, we will delete it promptly.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app. Continued use after changes constitutes acceptance.

9. Contact

For any privacy-related questions or to exercise your rights:

Email: privacy@tldm.app
Location: Leyton, Belgium

If you are in the EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority.

Privacy Policy