Murmur

Privacy Policy

Last updated: January 22, 2025

1. Introduction

This Privacy Policy describes how Benri LLC ("we," "us," or "our") collects, uses, and protects your information when you use the Murmur application and related services (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address (via Supabase Authentication)
  • Timezone and scheduling preferences
  • Profile settings you choose to provide

Voice Recordings and Transcripts

When you use the Service, we collect:

  • Voice recordings from your diary sessions
  • Transcripts generated from your recordings
  • AI-generated insights, summaries, and analyses

Active Memory Data

To power the Active Memory feature, we create and store vector embeddings of your transcripts. These embeddings enable semantic search across your journal history.

Device Information

We collect device information to provide notifications:

  • Device tokens for push notifications
  • VoIP tokens for incoming call notifications
  • Device type and operating system version

Usage Information

We may collect basic usage data including:

  • Feature usage patterns
  • Session duration and frequency
  • Error logs and crash reports

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process voice recordings, generate transcripts, and create AI-powered insights
  • Enable Active Memory: Store and index your content for searchable recall
  • Send Notifications: Deliver scheduled call reminders and app notifications
  • Improve the Service: Analyze usage patterns to enhance features and fix issues
  • Provide Support: Respond to your inquiries and troubleshoot problems
  • Ensure Security: Detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate Murmur. These services may have access to your data as necessary to perform their functions:

Supabase

We use Supabase for authentication, database storage, and file storage. Your account credentials and content are stored on Supabase infrastructure.

LiveKit

We use LiveKit for real-time audio communication during voice diary sessions. Audio is transmitted through LiveKit's servers during active calls.

Google Gemini

We use AI to transcribe your recordings and generate insights. Your voice content is sent to Google's servers for processing.

Apple Push Notification Service (APNs)

We use APNs to deliver push notifications and VoIP call alerts to iOS devices.

5. Data Storage and Security

We implement security measures to protect your data:

  • Data is encrypted in transit using TLS/SSL
  • Data is encrypted at rest in our database
  • Access to production systems is restricted and logged
  • We regularly review and update our security practices

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active. You may request deletion of your data at any time (see Your Rights below).

Upon account deletion or data deletion request:

  • Your voice recordings will be permanently deleted
  • Your transcripts and AI-generated content will be deleted
  • Your Active Memory embeddings will be removed
  • Your account information will be deleted

Some data may be retained for legal compliance or legitimate business purposes, such as fraud prevention.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know: Request information about the categories and specific pieces of personal information we collect
  • Delete: Request deletion of your personal information
  • Opt-out: We do not sell personal information, so this right does not apply
  • Non-discrimination: Exercise your rights without receiving discriminatory treatment

Exercising Your Rights

To exercise any of these rights, please contact us through our contact page. We will respond to your request within the timeframes required by applicable law.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us through our contact page.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or via email prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our contact page.

← Back to home