Privacy Policy for Phonolite

Last Updated: March 3, 2026

This Privacy Policy describes how Phonolite ("we," "us," or "our") collects, uses, and protects your information when you use our website at https://phonolite.rocks and the Phonolite Obsidian plugin (collectively, the "Service").

By using the Service, you agree to this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you sign in with Google, we receive your name, email address, and profile picture from Google. We store your name and email in our database to identify your account.

1.2 Usage Data

We track how much audio you transcribe (in minutes) and how many tokens your transcripts consume each month. This is used solely to enforce your plan's usage limits and to reset them on your billing date.

1.3 API Keys

If you create API keys to use the Phonolite plugin, we store those keys (hashed) in our database. We do not store them in plaintext.

1.4 Payment Information

Payments are processed by Stripe. We store your Stripe customer ID and subscription plan so we know your access level. We never see or store your credit card number or banking details — those remain with Stripe.

1.5 Session Cookies

We use a session cookie (JWT) to keep you signed in. No tracking cookies or advertising cookies are used.

2. Audio and Transcript Data

Cloud transcription mode: Audio you record is sent to Groq's API for transcription. We do not store your audio files. Groq's privacy policy governs their handling of data in transit.

Local transcription mode: When using the Phonolite plugin's local mode, audio is processed entirely on your device using an on-device Whisper model. No audio data is sent to us or any third party.

In both modes, your transcript is sent to Groq's LLM API for structured note generation. We do not store transcript content beyond what is needed to complete the request.

3. How We Use Your Information

We use your information to:
- Provide and operate the Service
- Enforce usage limits based on your subscription plan
- Communicate with you about your account or the Service
- Improve the Service

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use the following third-party services to operate the Service:

- Google: OAuth sign-in (receives your sign-in request)
- Stripe: Payment processing and subscription management (receives payment details)
- Groq: Processes audio and transcript data to perform transcription and note structuring

The following are infrastructure providers through which data passes in transit to run the Service, but which do not independently access or store your data:

- MongoDB Atlas: Database hosting
- Vercel: Website and API hosting

Each of these providers has their own privacy policy governing their handling of data.

5. Data Retention

We retain your account data for as long as your account is active. You may request deletion of your account and associated data by contacting us at the email below.

6. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

7. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will post an updated version on this page.

8. Contact

If you have questions or requests regarding this Privacy Policy, please contact us at:

Email: support@phonolite.rocks