Privacy Policy
This Privacy Policy describes how Primary Source Labs, Inc. ("we," "us," or "our") collects, uses, and shares information when you use the Primary Source platform, including the Alvis mobile application, our website, web application, and related services (collectively, the "Service").
By creating an account or otherwise accessing the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
1. Information We Collect
Account Information
When you create an account, we collect your email address, and optionally your name and profile avatar. Authentication is managed through our identity provider.
User Content
The Service allows you to create and store content, including:
- Audio recordings
- Transcriptions generated from your recordings
- AI-generated artifacts such as summaries, reports, key points, and follow-up questions
- Tags, assignments, and organizational metadata you create
- Relationships between artifacts
Sensitive Information in Recordings
Your voice recordings may contain sensitive personal information, including but not limited to health information, political opinions, religious or philosophical beliefs, financial details, or information about personal relationships. We process this information solely to provide the transcription and artifact generation services you have requested. We do not analyze or categorize your recordings based on the sensitive information they may contain.
Biometric Data Notice
We do not extract, collect, or store biometric identifiers (such as voiceprints) from your audio recordings. Your recordings are processed solely for speech-to-text transcription and AI artifact generation. We do not use your recordings to identify or verify your identity based on voice characteristics.
If we introduce features in the future that involve biometric data processing (such as speaker identification), we will update this policy and obtain any consent required by applicable law before enabling such features for your account.
Usage Data
We automatically collect information about how you interact with the Service, including feature usage, session information, device type, operating system, app version, and general interaction patterns. We use crash reporting tools to help us diagnose technical issues and improve reliability.
Payment Information
If you make purchases through the Service, payment transactions are processed by the Apple App Store, Google Play Store, or our payment processing partner. We do not directly collect or store your credit card numbers or banking information. We receive transaction confirmations and subscription status from these providers.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process your audio recordings into transcriptions and AI-generated artifacts
- Synchronize your content across devices
- Process payments and manage your subscription
- Send service-related communications (e.g., account verification, security alerts, feature updates)
- Analyze usage patterns (such as feature usage, session data, and interaction patterns) in aggregate or anonymized form to monitor and improve the performance, reliability, and security of the Service
- Respond to your requests and provide support
- Comply with legal obligations
We do not read, review, or analyze the substance of your recordings, transcriptions, or artifacts to improve the Service. If we ever wish to use your content for any purpose beyond providing the core Service functionality, we will seek your explicit, separate consent. See our Terms of Service (Section 6) for details on the license grant.
3. AI Processing
A core function of the Service is processing your voice recordings using artificial intelligence. Here is how that works:
- Transcription: Your audio recordings are sent to our transcription provider to convert speech to text. The audio data is processed for transcription purposes and is not retained by the provider beyond what is necessary to deliver the service.
- Artifact Generation: Your transcriptions are sent to our AI provider to generate structured artifacts such as summaries, key points, reports, and follow-up questions. The text data is processed to generate these outputs and is not retained by the provider beyond what is necessary to deliver the service.
- Audio Generation: Text from your artifacts may be sent to our audio provider to generate spoken audio. The text data is processed to produce the audio output and is not retained by the provider beyond what is necessary to deliver the service.
A current list of our service providers is maintained at primarysource.network/privacy/subprocessors.
We do not use your recordings, transcriptions, or artifacts to train or fine-tune AI models. We select AI providers whose terms prohibit using customer data for model training, and we contractually require that our providers do not use your content for this purpose. If we ever offer an opt-in program for contributing data to improve AI capabilities, your explicit consent will be required before any of your content is used for that purpose.
4. Sharing and Collaboration
The Service includes features that allow you to share your content with others:
- Individual Sharing: You may share artifacts with specific individuals via share links. Recipients can view shared content without creating an account.
- Groups and Teams: You may share content with groups or teams you belong to or create. All members of a group or team may access shared content.
- Public Sharing: You may choose to make content publicly accessible. Publicly shared content may be viewed by anyone with the link.
All sharing is initiated by your explicit action. We will not share your content with other users or make it publicly available without your direction. You are responsible for the content you choose to share and should consider the sensitivity of information before sharing it.
5. Third-Party Services
We use third-party services to operate the Service. These providers receive only the data necessary to perform their function. A current list of our sub-processors, including the specific providers for each category below, is maintained at primarysource.network/privacy/subprocessors.
- Transcription and Audio Generation Provider — receives audio recordings for transcription and text for audio generation
- AI Provider — receives transcription text to generate artifacts
- Authentication and Database Provider — manages user accounts, authentication, and cloud data storage
- Cloud Storage Provider — stores audio files securely
- Payment Provider — processes in-app purchases and manages subscriptions
- Hosting Provider — hosts our website and backend services
- Crash Reporting — helps us diagnose technical issues and improve reliability
We do not sell your personal information to any third party. We share data with third-party providers only as necessary to operate the Service. We require all third-party providers to maintain appropriate data protection commitments, including data processing agreements where required by applicable law, that obligate them to process data only as instructed and to implement appropriate security measures.
6. Cookies and Tracking Technologies
Our website and web application use essential cookies required for the Service to function, including authentication and session management cookies. We do not use third-party advertising or tracking cookies.
You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.
Do Not Track. We do not track users across third-party websites. Because we do not engage in the type of cross-site tracking that Do Not Track signals are designed to address, our Service does not change its behavior in response to DNT signals.
Global Privacy Control. We honor Global Privacy Control (GPC) opt-out preference signals.
7. Data Security
We implement technical and organizational measures designed to protect your information. These include:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest
- Audio files stored in encrypted cloud storage
- Authentication managed through our identity provider using industry-standard protocols
- Access controls limiting employee access to user data on a need-to-know basis
However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at legal@primarysource.network.
8. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users via email to the address associated with their account, in accordance with applicable law, including any timeframes mandated by applicable federal, state, and international regulations.
9. Law Enforcement and Legal Requests
We may disclose your information if required to do so by valid legal process, such as a subpoena, court order, or warrant. We will not voluntarily provide your content (recordings, transcriptions, or artifacts) to law enforcement or government agencies without valid legal process.
When legally permitted, we will notify you of any law enforcement request for your data before disclosing it, so that you may seek a protective order or other appropriate remedy. We may not be able to provide notice when prohibited by law (such as when a gag order is in effect) or when we believe notification would endanger any person.
10. Data Retention and Deletion
We retain your information for as long as your account is active or as needed to provide the Service.
If you wish to delete your account and all associated data (recordings, transcriptions, artifacts, and other content), you may do so through the account deletion feature in the Service or by contacting us at legal@primarysource.network.
Upon receiving a deletion request, we will initiate removal of your data. Content is initially soft-deleted and permanently removed from our systems within 30 days. Some data may be retained longer if required by law or for legitimate business purposes such as fraud prevention or compliance with financial record-keeping obligations.
Retention periods by category:
- Account information: Retained for the life of the account.
- Recordings, transcriptions, and artifacts: Retained until you delete them or request account deletion.
- Usage data: Retained in identifiable form for up to 24 months, after which it is aggregated or deleted.
- Payment records: Retained as required by applicable tax and financial regulations.
11. Your Rights
You have the right to:
- Access your personal information and the content you have created
- Export your data in a structured, commonly used format (such as Markdown or JSON) using the vault export feature in the Service
- Correct inaccurate personal information in your account
- Delete your account and associated data through the in-app deletion feature or by contacting us
- Opt out of usage-pattern analysis for service improvement by contacting us
To exercise any of these rights, use the relevant feature in the Service or contact us at legal@primarysource.network.
12. US State Privacy Rights
Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive consumer privacy laws have specific rights regarding their personal information.
Categories of Personal Information We Collect
In the preceding 12 months, we have collected the following categories of personal information:
| Category | Examples | Source |
|---|---|---|
| Identifiers | Email address, name, account ID | You provide directly |
| Internet / electronic activity | Feature usage, session data, device type, OS, app version | Collected automatically |
| Audio / visual information | Voice recordings | You provide directly |
| Inferences | AI-generated artifacts (summaries, key points, follow-ups) | Derived from your content |
We have not sold or shared (for cross-context behavioral advertising) any personal information in the preceding 12 months. We disclose the following categories of personal information to service providers for business purposes: identifiers (to authentication, payment, and hosting providers), internet/electronic activity (to crash reporting and hosting providers), and audio/visual information (to transcription, audio generation, and cloud storage providers).
Your Rights
Depending on your state of residence, you may have the right to:
- Access: Request that we disclose the categories and specific pieces of personal information we have collected about you.
- Delete: Request that we delete the personal information we have collected from you, subject to certain exceptions.
- Correct: Request correction of inaccurate personal information.
- Limit Use of Sensitive Personal Information: Request that we limit our use of sensitive personal information (including audio recordings) to what is necessary to provide the Service. Because we already limit our use of your content to providing the core Service, no additional action is required in most cases.
- Opt-Out of Sale: We do not sell your personal information. If we ever change this practice, we will provide a clear opt-out mechanism.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Appeal: If we decline your request, you may have the right to appeal by contacting us.
Global Privacy Control: We honor GPC opt-out preference signals as a valid opt-out request.
To submit a request, contact us at legal@primarysource.network or use the in-app privacy features. We will verify your identity before processing any request.
13. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, this section applies to you in addition to the rest of this policy.
Data Controller
Primary Source Labs, Inc. is the data controller for your personal information. You can contact us at legal@primarysource.network.
Legal Bases for Processing
We process your personal information on the following legal bases:
- Contractual necessity (Art. 6(1)(b)): Processing your account data, recordings, transcriptions, and artifacts is necessary to provide the Service you signed up for.
- Legitimate interest (Art. 6(1)(f)): Analyzing usage patterns in aggregate to improve the Service, and ensuring the security and integrity of the Service. You may object to processing based on legitimate interest by contacting us.
- Legal obligation (Art. 6(1)(c)): Retaining certain data as required by tax, financial, or other legal requirements.
- Consent (Art. 6(1)(a)): If we ever process your content for purposes beyond providing the core Service (such as service improvement based on content analysis), we will obtain your explicit consent. You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.
International Data Transfers
Your data is transferred to and processed in the United States, where our servers and service providers are located. We use Standard Contractual Clauses (SCCs) approved by the European Commission to provide adequate safeguards for the transfer of personal data outside the EEA. You may request a copy of these safeguards by contacting us at legal@primarysource.network.
Your GDPR Rights
In addition to the rights described in Section 11, you have the right to:
- Restriction of processing: Request that we restrict the processing of your personal information in certain circumstances.
- Data portability: Receive your personal information in a structured, commonly used, machine-readable format, and transmit it to another controller.
- Object to processing: Object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
- Withdraw consent: Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing.
- Lodge a complaint: File a complaint with a supervisory authority in your EU/EEA member state. A list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Sub-Processor Commitments
We require all third-party processors to maintain Data Processing Agreements that obligate them to process data only as instructed, implement appropriate technical and organizational security measures, and assist us in responding to your data rights requests.
14. Children's Privacy
The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from someone under 18, we will delete that information promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email to the address associated with your account before the changes take effect. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.
16. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Primary Source Labs, Inc.
Email: legal@primarysource.network
440 N Barranca Ave #1042
Covina, CA 91723