Privacy Policy

IdeaFox Web ("IdeaFox", "we", "our") is a browser-based voice recording and AI summarisation tool operated by Crissfun. This Privacy Policy explains what data we collect, how we process it, where it is stored, and your rights regarding that data.

We are committed to a privacy-first architecture. IdeaFox is designed so that your audio recordings and transcripts remain under your control at all times.

Audio recordings: Captured by your browser's microphone API. Audio is held in browser memory during recording and is sent to Google's Gemini API for transcription. Audio is NEVER stored on our servers. Once transcription completes, the audio data is discarded from memory.

Transcripts and summaries: Generated text is returned to your browser and stored in your browser's localStorage. We do not retain copies on our servers.

Google account information: If you choose to sign in with Google, we receive your display name, email address, and profile photo from Google OAuth. This is used solely for authentication and to display your profile within the app.

User preferences: Settings such as selected AI model and template are stored in your browser's localStorage.

Notion/Obsidian tokens: If you connect Notion or Obsidian, authentication tokens are stored exclusively in your browser's localStorage. We never transmit or store these tokens on our servers.

Audio transcription: Your audio is sent via HTTPS/TLS encrypted connection to Google's Gemini API for transcription and summarisation. Google processes the audio in accordance with their API terms of service, which state that API data is not used to train their models and is not retained after processing.

AI summarisation: The transcript is processed by Google Gemini to generate structured summaries based on your selected template. This processing occurs via API calls and the data is not retained by Google after the response is returned.

Authentication: Google OAuth is used for optional sign-in. Firebase Authentication manages session tokens securely.

Export integrations: When you export to Notion or Obsidian, data is sent directly from your browser to the respective service using your stored credentials. Our servers do not intermediate these transfers.

Browser localStorage: Transcripts, summaries, user preferences, and integration tokens are stored locally in your browser. This data never leaves your device unless you explicitly export it.

Firebase (Google Cloud): If you sign in, your authentication session is managed by Firebase Authentication. Saved recordings metadata may be stored in Firebase Firestore, protected by Firebase security rules that restrict access to authenticated users only.

No server-side audio storage: We operate no audio storage infrastructure. Audio exists only in your browser's memory during active recording and API transmission.

Google Gemini API: Used for audio transcription and AI summarisation. Google's API terms (https://ai.google.dev/terms) govern data handling. Per their terms, API inputs are not used for model training and are not retained after processing.

Google OAuth / Firebase: Used for optional authentication. Governed by Google's Privacy Policy (https://policies.google.com/privacy).

Notion API: Used only when you explicitly connect your Notion workspace. Data is sent directly from your browser to Notion's servers.

Obsidian: Export functionality creates files compatible with Obsidian. Data is handled locally via your browser.

We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.

IdeaFox does not use analytics cookies, tracking pixels, or any third-party analytics services on the IdeaFox web app pages.

Essential cookies may be set by Firebase Authentication to maintain your signed-in session. These are strictly necessary for the service to function and cannot be used for tracking.

We do not use Google Analytics, Facebook Pixel, or any similar tracking technology on IdeaFox pages.

All data in transit is encrypted using HTTPS/TLS (Transport Layer Security).

Audio data is processed in-memory and never written to disk on any server.

Firebase security rules enforce that users can only access their own data.

Integration tokens (Notion, Obsidian) are stored in browser localStorage and are never transmitted to our servers.

We follow the principle of minimal data collection — we collect only what is necessary for the service to function.

Access: You can view all your stored data directly in your browser's localStorage via developer tools.

Deletion: Clear your browser's localStorage to delete all IdeaFox data from your device. If you have a Firebase account, you may request account deletion by contacting us.

Portability: You can export your transcripts and summaries to Notion, Obsidian, or copy them as text at any time.

Withdrawal of consent: You may revoke Google sign-in permissions at any time through your Google Account settings (https://myaccount.google.com/permissions).

Objection: Since we do not process data for marketing or profiling, there is no automated decision-making to object to.

To delete all local data: Clear your browser's localStorage for ideafox.ai, or use the browser's "Clear site data" feature.

To delete your account: Contact us at crissfun96@gmail.com with your request. We will delete your Firebase authentication record and any associated Firestore data within 30 days.

Audio data: Since audio is never stored, there is nothing to delete. Audio exists only in browser memory during active recording sessions.

IdeaFox is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Effective Date" at the top of this page. Continued use of IdeaFox after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or your data, contact us at: crissfun96@gmail.com

For data deletion requests, please include the email address associated with your Google sign-in (if applicable).