← back

Privacy Policy

Effective: March 30, 2026

What we collect

When you use capsoul, the following data is processed:

  • Voice recordings — uploaded to our server for transcription, then permanently deleted. Recordings are never stored beyond processing.
  • Text entries — submitted via the app and processed on our server.
  • Summaries and transcripts — AI-generated summaries of your entries, stored encrypted.
  • Semantic embeddings — numerical vector representations of your summaries, used to power similarity search within your own archive.
  • A device identifier — a cryptographically random key generated on your device, stored as a one-way hash on our server, used solely to authenticate your requests.
  • Your public encryption key — used to encrypt your data before storage. We hold only the public key.
  • Broadcast handle — only if you opt in to the broadcast feature.

Encryption

All entry content — text, transcripts, and summaries — is encrypted on your device before being stored on our servers. We use X25519 key agreement, HKDF-SHA256 key derivation, and AES-256-GCM authenticated encryption.

Your private key is generated on your device and stored in the iOS Keychain. It never leaves your device. We cannot decrypt your entries. If you lose your device without a backup, your encrypted data cannot be recovered.

What we can and cannot see

We cannot see: the content of your entries, transcripts, or summaries. All stored content is encrypted and unreadable to us.

We can see: entry metadata (timestamps, tags you assign), semantic embeddings (numerical vectors — not human-readable text), your broadcast handle if the feature is used, and standard operational server logs (request timestamps, file sizes, error events). Logs do not include entry content.

Broadcast feature

The broadcast feature is entirely optional. If enabled, entries you choose to share become visible to followers you explicitly approve. You control access — no entry is shared without a deliberate action on your part. Entries not shared via broadcast remain encrypted and inaccessible to anyone other than you.

Data retention

Voice recordings are deleted from our servers immediately after transcription. Encrypted entries remain stored until you delete them in-app. You may also request full account deletion at any time (see below).

Third-party services

We use AWS S3 for encrypted entry storage. AWS does not have access to decryption keys and cannot read your content. No other third-party analytics, advertising, or tracking services are used.

Your rights (GDPR)

If you are in the EU or EEA, you have the right to access, correct, port, or delete your personal data. To request full account and data deletion, email support@aeon.inc. We will complete deletion within 30 days.

Children

capsoul is not directed at children under 13. We do not knowingly collect data from children under 13.

Changes

We may update this policy. Material changes will be communicated via the app or website. Continued use after changes constitutes acceptance.

Contact

support@aeon.inc