Listnr AI – Privacy Policy

Effective Date: 28 May 2025

Last updated: 28 May 2025

Welcome to Listnr Software Private Limited ("Listnr," "we," "us," or "our"). Protecting your privacy is core to our mission. This Privacy Policy explains how we collect, use, disclose, and protect your Personal Data when you use our websites, mobile/desktop apps, APIs, and any related services (collectively, the "Services"). Capitalised terms not defined here have the meanings set out in our Terms of Service.

1. Key Points – Quick Summary

• We collect only what we need – account details, usage logs, payment tokens, and the content you choose to upload (text, audio, video, voice samples).
• Your voice = biometric data – we ask for explicit consent before training models on it, and you can opt out any time.
• No ad-tech resale – we never sell or rent your Personal Data. Limited sharing happens only with trusted sub‑processors that help us run the Services.
• Global rights respected – GDPR, CPRA, and India's DPDP 2023 rights are built in. You can access, correct, delete, or port your data from your dashboard or by emailing [email protected].
• Data stays only as long as needed – raw audio is wiped after 30 days by default; backups and logs follow fixed schedules.

For the full details, keep reading.

2. Definitions

• "Personal Data" – any information that identifies or relates to an identifiable individual. Includes biometric data such as voice samples.
• "Input Content" – text, audio, video, or other material you upload to the Services.
• "Generated Output" – synthetic speech, translated audio, videos, or other media produced by the Services.
• "Processing" – any operation performed on Personal Data, such as collection, storage, use, or deletion.
• "Sub‑processor" – a third‑party service provider we authorise to process Personal Data on our behalf.

3. Personal Data We Collect

We do not intentionally collect sensitive Personal Data beyond voice biometrics unless you voluntarily provide it in Content Data.

4. Purposes & Legal Bases

5. Cookies & Tracking Technologies

We use first‑party cookies and similar technologies to:

• Keep you logged in
• Measure product performance
• Understand marketing effectiveness

You can manage non‑essential cookies in the banner presented on your first visit. See our standalone Cookie Notice for details.

6. How We Share Personal Data

We never sell Personal Data. We disclose it only to:

• Sub‑processors performing services such as cloud hosting (AWS), payments (Stripe), analytics (PostHog), email delivery (SendGrid), and customer support (Intercom).
• Affiliates under common control and bound by this Privacy Policy.
• Legal authorities when required by law or court order.
• Successors in a merger, acquisition, or asset sale, provided the new entity honours this Privacy Policy.

A current list of sub‑processors is available at https://listnr.ai/subprocessors. We will provide at least 30 days notice before adding any new sub‑processor that processes Personal Data.

7. International Data Transfers

We host data primarily in AWS us‑east‑1 (USA) and eu‑central‑1 (Germany). When we transfer Personal Data outside your jurisdiction, we rely on:

• Standard Contractual Clauses (SCCs) for EEA/UK data
• Contractual clauses & onward‑transfer agreements for DPDP compliance
• Adequacy decisions or other lawful mechanisms where available

8. Data Retention

We may anonymise data and retain it in aggregate form.

9. Your Rights & Choices

9.1 European Economic Area & United Kingdom

You have the right to access, correct, delete, restrict, or port your Personal Data, and to object to processing or withdraw consent at any time. Submit requests via the Privacy Centre in your dashboard or email [email protected]. We respond within 30 days, extendable once by 30 days for complex requests.

9.2 California (CPRA)

California residents can request:

• Categories and specific pieces of Personal Data we collected
• Deletion or correction
• Opt‑out of "sale" or "share" (we do not sell) and targeted advertising
• Limit use of sensitive Personal Data (voice biometrics)

We verify identity via email token or logged‑in session and respond within 45 days (plus one 45‑day extension if needed).

9.3 India (DPDP 2023)

Indian users may:

• Access, correct, or erase Personal Data
• Nominate a data fiduciary to exercise rights on their behalf
• Lodge a grievance via [email protected]; we resolve within 30 days

9.4 Global Opt‑Outs

• Model training – toggle "Exclude my data from training" in Settings.
• Marketing emails – click unsubscribe at the bottom of any email or adjust preferences in your profile.

10. Security Measures

We implement administrative, technical, and organisational safeguards, including:

• AES‑256 encryption at rest & TLS 1.3 in transit
• Role‑based access controls & MFA for internal accounts
• Annual penetration tests & SOC 2 Type II certification roadmap
• Continuous monitoring for anomalous activity

No system is 100% secure, but we strive to minimise risk.

11. Children's Privacy

The Services are not directed to children under 13. We do not knowingly collect Personal Data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Automated Decision‑Making & AI Transparency

Generated Output is produced by machine‑learning models that may occasionally output inaccurate or offensive content. We watermark audio with inaudible signals to help detect synthetic speech. We periodically audit training data and model performance to mitigate bias.

13. Changes to This Privacy Policy

We may update this Policy periodically. If changes are material, we will provide 30 days advance notice via email and/or in‑product banner. Your continued use after the effective date constitutes acceptance.

14. Contact Us

Thank you for trusting Listnr with your data.