Privacy Policy

Last updated: 12 June 2026

1. Introduction

Welcome to Supavoice S.N.C. (“we,” “us,” or “our”). We develop singing and audio applications (the “Apps”) and operate the Supavoice website (the “Website”).

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and app store requirements.

2. Data Controller

Supavoice S.N.C.
Via Casa Ferrari, 24
27040 Mornico Losana (PV)
Italy
P.IVA: 02950980181
REA: PV-313335
Email: hey@supavoice.it

3. Data We Collect

We adhere to a principle of data minimization. We only collect data that is necessary for our services.

A. Information You Provide

  • Account Data: User ID, email address, or third-party authentication tokens (e.g., Sign in with Apple/Google/TikTok) used to manage your account across devices. For some apps you may sign in with your email address via a one-time link or code; we do not store a password for these accounts.
  • Billing & Tax Data: For purchases made on our website, we collect your name, billing address, and (where you provide it) your tax identifier (e.g., Codice Fiscale), used to process payment and meet invoicing and tax obligations.
  • Gift Coupon Data: If you send or redeem a gift coupon, we process the coupon code and, for a sent gift, the recipient’s email address and your message.
  • Communications Data: Your email address and the delivery/unsubscribe state used to send you service emails (one-time sign-in codes, purchase receipts, gift notices) and occasional product updates.
  • Support Data: If you contact us, we collect your email and the content of your message.

B. Information Collected Automatically

  • Usage & Analytics: We use our own custom, privacy-focused analytics system. We track user interactions (e.g., “Song Started,” “Lesson Completed”) associated with your unique User ID. We do not share this analytics data with third-party trackers.
  • Device Information: Device model, operating system version, and general region (derived from IP) to ensure app compatibility and security.
  • Technical Logs: Server logs including IP addresses, which are retained briefly for security and abuse prevention.

C. Voice & Audio Data

  • Real-Time Processing: Our Apps process audio from your microphone in real-time to provide pitch feedback. By default, this data is processed locally or temporarily in memory and is not stored on our servers.
  • Replays: If you choose to generate a performance video (“Replay”), the audio is temporarily processed to create the file. If you are a subscriber and choose to save Replays to the cloud, the audio file is encrypted and stored securely.
  • Optional Research Data (Opt-In Only): You may explicitly choose to contribute voice recordings to help us train and improve our AI models. This is strictly voluntary. These recordings are:
    • Not used for biometric identification.
    • Anonymized (detached from your personal identity) before training.
    • Used solely to improve pitch detection and audio processing technologies.

D. Website Advertising Data

On our Website only, we may utilize tools from advertising partners (such as Google Ads or Meta Ads) to measure the effectiveness of our marketing campaigns. These tools may use cookies or tracking pixels to detect if you downloaded our App after clicking an ad. This tracking does not occur within the App itself.

4. How We Use Your Data

We use your data for the following legal bases:

  • Performance of Contract: To provide the singing feedback, track your course progress, sync your account across devices, and send transactional emails (one-time sign-in codes, purchase receipts, and gift notices).
  • Legitimate Interests: To analyze app stability, fix bugs, prevent fraud, and send occasional product updates to existing customers. You can opt out of product emails at any time via the one-click unsubscribe link in every such email.
  • Consent: For the optional contribution of voice data for research/training.

5. Data Sharing

We do not sell your personal data. We only share data with trusted service providers necessary to operate our business:

  • Cloud Infrastructure: We use AWS and Cloudflare to host our services. Data is encrypted at rest.
  • Email Delivery: We use Amazon SES (AWS) to send service and product emails.
  • Payment Processors: Stripe (for website purchases, including Stripe Tax for VAT/tax calculation) and App Store/Google Play (for in-app purchases) handle billing. We do not store credit card numbers.
  • Advertising Measurement: We may share technical identifiers (e.g., cookies, hashed data, or mobile install referrers) with partners like Google, Apple, Meta, or TikTok solely to attribute app installs and measure marketing performance. We prioritize server-side integration to minimize data collection within the App.
  • Legal Compliance: We may disclose data if required by law or a valid court order (e.g., Court of Milan).

6. International Data Transfers

Our servers are located in the European Union (EU). If data is transferred outside the EEA, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs).

7. Data Security

We implement industry-standard security measures:

  • Encryption: All data is encrypted in transit (TLS/SSL) and sensitive data (like cloud replays and database records) is encrypted at rest.
  • Access Control: Internal access to data is strictly limited to authorized personnel.

8. Data Retention

  • Account Data: Retained as long as your account is active. If you request deletion, your personal data is removed within 30 days.
  • Legal & Security Exceptions: We retain certain data after deletion as required by law or security needs:
    • Billing Records: 10 years (Italian tax law obligation for website purchases).
    • Security Logs: Up to 90 days for fraud prevention.
    • Deletion Records: Up to 2 years to demonstrate compliance with your request.
    • Unsubscribe Records: Retained for as long as needed to honor your opt-out from product emails.
  • Gift Coupons: Coupon records are retained until the coupon is redeemed or expires.
  • Analytics Data: Retained for up to 5 years for long-term product trend analysis.
  • Voice Research Data: If you opt-in, anonymized voice samples are retained for the duration necessary to train our models, up to a maximum of 5 years, or until you withdraw consent.

9. Children’s Privacy

Our Services are generally intended for users age 13 and older.

  • Age Verification: We may implement age gates to prevent users under 16 from accessing features that involve optional data processing (such as contributing voice data for training).
  • If we discover we have collected personal data from a child under the applicable age of digital consent without parental permission, we will delete it immediately.

10. Your Rights (GDPR & CCPA)

You have the right to:

  • Access and obtain a copy of your data.
  • Rectify inaccurate data.
  • Delete your account and data (“Right to be Forgotten”).
  • Object to processing or withdraw consent at any time.
  • Export your data (Portability).

To exercise these rights, please contact us at hey@supavoice.it. You can also delete your account directly within the App settings. Every product email also includes a one-click unsubscribe link to stop receiving them.

11. Changes to This Policy

We may update this policy as our apps evolve. Significant changes will be notified via the App or email.

Contact Us For any privacy concerns, please contact: Supavoice S.N.C. Email: hey@supavoice.it