Last updated: March 12, 2026
Reflector respects your privacy and is committed to protecting your personal data. This privacy policy explains what data we process, how we use, process, and protect it in accordance with the EU General Data Protection Regulation (GDPR).
1. Who is the controller of your data?
The controller that determines the purposes and means of processing your personal data is:
Email: legal@reflector.cc Web: https://www.reflector.cc
2. What personal data do we process?
We process only the data necessary to provide and improve the Service. We do not ask you for your name, surname, or email address to register an account.
We mainly process the following categories of data:
- Technical and operational data:
- technical identifiers assigned to the device or app installation (e.g., pseudonymous ID that allows us to associate AI credits and settings with a specific installation),
- information about the app version, user interface language, and preferred recording language,
- metadata about your recordings (creation time, duration, size, language, processing status). This data does not contain the actual audio recording.
- Content data processed temporarily (during AI analysis):
- your audio recording,
- the text transcript of your recording,
- analysis, summary, and other AI outputs.
This content data is processed only temporarily, as described in section 4.
3. For what purpose and on what legal basis do we process data?
We process your data solely for the purpose of providing the Reflector service, improving its functionality, and ensuring technical operation.
- Legal basis: Processing is necessary for the purposes of the controller's legitimate interests (Article 6(1)(f) GDPR), in particular to:
- provide the core functionality of the app (store settings, associate AI credits with a given installation),
- temporarily process recordings using AI at your request,
- ensure the secure and stable operation of the infrastructure.
To the extent that the processing is considered necessary for the performance of a contract between you and us, we may also rely on Article 6(1)(b) GDPR.
4. Our commitment: "Privacy-First" and immediate deletion
Protecting your privacy is the foundation of the Reflector app design.
- Local storage: Your audio recordings, transcripts, and AI analyses are stored exclusively locally on your device after creation and processing. Under normal circumstances, we do not have direct access to them.
- Temporary processing: Your content data (audio, transcript, analysis) is present on our servers and on our processors' servers only for the time strictly necessary to perform AI analysis and deliver the result back to the app.
- Immediate deletion: Immediately after successful delivery of the analysis to your app, all content data (audio recording, text transcript, and AI analysis) is immediately and permanently deleted from cloud storage and all servers.
5. How long do we retain data?
- Technical and operational data: We retain this data for as long as necessary to provide the Service, typically for the lifetime of the app installation on your device and for the period required to fulfil legal obligations (e.g., accounting records with payment partners).
- Content data (Audio, Transcript, Analysis): We do not retain this data after processing is completed. It is deleted immediately after the result is delivered to the app and then remains stored only on your device.
6. Who do we share data with? (Processors)
To provide the Service, we use trusted partners (processors) who meet data protection standards. These partners have access only to the minimum data necessary and only for the time necessary.
They include in particular:
- Apple (Payments, app distribution): for processing payments for subscriptions and distributing the app via the App Store,
- Google (Cloud infrastructure, AI, technical analytics): for temporary storage of audio files and technical processing of transcripts or analyses,
- AI model and compute infrastructure providers (e.g., RunPod or similar services): for compute-intensive AI processing.
Where data is transferred to third countries (e.g., the USA), this is done on the basis of mechanisms approved by the EU (such as Standard Contractual Clauses (SCCs) or the Data Privacy Framework), where applicable.
7. Your rights (GDPR)
In relation to the processing of personal data, you have in particular the right to:
- access your personal data,
- rectification of inaccurate or incomplete data,
- erasure (the "right to be forgotten") in the cases provided for by the GDPR,
- restriction of processing,
- object to processing based on legitimate interests,
- data portability to the extent provided by law,
- lodge a complaint with a supervisory authority (in Slovakia, this is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk).
You can exercise your rights by contacting us at legal@reflector.cc.
8. Changes to this Policy
We may update this Policy from time to time, for example due to changes in legislation or in how the Service works. We will inform you of any material changes in the app or through other appropriate channels. The updated Policy takes effect on the date of its publication.