WebappskiWebappski

Privacy Policy for End Users

AI Form Copilot Voice Assistant

Last Updated: 2025-11-12

Service Provider (Data Processor): Fundacja Rozwoju Przedsiębiorczości „Twój StartUp" (operating the organized business part: Artur Kuzmenka) ul. Żurawia 6/12, office 766 00-503 Warsaw, Poland VAT ID (EU): PL5213641211 Email: info@webappski.com

1. Introduction

This Privacy Policy explains how AI Form Copilot ("the Service", "we", "us") processes your personal data when you use the voice-powered form filling widget on websites operated by our business clients.

Important: The website you are visiting (the "Website Owner") is the Data Controller responsible for collecting and using your data. AI Form Copilot acts as a Data Processor on behalf of the Website Owner. This means:

  • The Website Owner determines what data is collected and how it's used
  • We process data only as instructed by the Website Owner
  • For questions about your data rights, contact the Website Owner first

2. What Data We Collect

2.1 Data Collected When You Use Voice Input

When you click "Fill with Voice" and speak:

Voice Recording (Audio):

  • Your voice is recorded temporarily in your browser
  • The audio is transmitted to our servers via HTTPS
  • We (AI Form Copilot) do NOT store audio files - audio exists only in memory during transcription process (typically several seconds), then automatically deleted from memory
  • Audio is sent to OpenAI Whisper API for speech-to-text conversion
  • However, OpenAI (our sub-processor) retains audio for up to 30 days for abuse monitoring per their API policy (see OpenAI Data Usage Policy)
  • We cannot control or shorten OpenAI's retention period

Voice Transcription (Text):

  • Your spoken words are converted to text.
  • The transcription is sent to OpenAI GPT-4o-mini for field mapping.
  • We do not store the transcript text in our systems. In technical logs we store only usage metadata (e.g., text length, detected language, audio duration) for up to 30 days, then it is automatically deleted.
  • Important: OpenAI may retain request data (including audio/text) for up to 30 days for abuse monitoring; early deletion at OpenAI is not available; data is not used for model training.

Extracted Form Data:

  • Values derived from your speech are used in-memory to populate the form.
  • We do not store extracted values in our logs. Only non-content usage metadata (e.g., number of fields filled) may be logged for up to 30 days.

2.2 Form Field Metadata

We analyze the structure of web forms to provide intelligent AI-powered assistance:

Field Information Sent to AI (OpenAI GPT-4o-mini) — After Pre-Filtering:

  • Non-sensitive field labels only (e.g., "Full Name", "Email Address") - sensitive labels filtered locally first
  • Placeholder text (e.g., "Enter your name", "Min 8 characters")
  • Non-sensitive field types only (e.g., text, email, tel) - password/payment types excluded
  • Form title from the webpage
  • First 3 options from dropdown/checkbox fields (for context)
  • Field structure metadata:
    • HTML tag names (e.g., "nz-select", "mat-select", "ion-datetime")
    • CSS classes (for UI library detection)
    • ARIA attributes (role, aria-haspopup, aria-controls)
    • Data attributes (isPrivate, explicitLabel)

Not sent in request body to OpenAI: Page URL and Browser User-Agent. Note: standard HTTPS request headers (including User-Agent) are handled at transport level and are not included in our application payload.

⚠️ IMPORTANT - How Field Filtering Works (Data Minimization):

  1. Local pre-filtering happens FIRST - Sensitive field labels are filtered locally BEFORE any transmission to OpenAI:
  • Fields with types: password, credit-card-number, cvv, ssn
  • Fields with labels matching our denylist: "Password", "Credit Card", "CVV", "SSN", "Social Security", "IBAN", "Passport", "Driver License", "Tax ID", "Medical Record", "Health Insurance", "Religious Belief", "Political Party", "Trade Union"
  • Fields marked with data-ai-private attribute by the Website Owner

  1. Only non-sensitive field metadata is sent to OpenAI GPT-4o-mini for form structure analysis and badge generation

  2. GPT assists with nuanced sensitivity detection for context-dependent fields (e.g., "Salary Range" may be sensitive in some forms but not others)

  3. Backend applies additional hard guardrails to ensure critical fields remain excluded

  4. Only verified non-sensitive fields are shown to you in the voice input interface

What This Means for You:

  • Existing form field VALUES are NEVER sent to OpenAI - We do NOT read or transmit data already filled in the form by you or others
  • Your spoken input IS sent to OpenAI - When you speak ("My name is John Smith"), your voice transcription is sent to OpenAI GPT-4o-mini for field mapping
  • Sensitive labels (passwords, payment, health, etc.) are NEVER sent to OpenAI - filtered locally first before transmission
  • Pre-filtering happens in your browser/our backend - Sensitive field metadata filtered before any external transmission
  • ⚠️ Company-specific sensitive labels (e.g., "Internal Reference Code", "Confidential Project Name") require the Website Owner to mark them with data-ai-private attribute

Important Distinction:

  • What we DON'T send: Data already in form fields (e.g., if "Name" field contains "Jane Doe", we don't send "Jane Doe")
  • What we DO send: Your spoken words (e.g., if you say "My name is John Smith", we send this transcription to OpenAI for analysis)

Important Note on Filter Exhaustiveness: Our local denylist filtering materially reduces risk but cannot catch all variants of sensitive field labels. If you notice field labels that should be private but are not filtered, contact the Website Owner to add data-ai-private attribute to those fields.

2.3 Technical Data

Data Collected:

  • Page URL (processed by our infrastructure for diagnostics/compatibility; not sent to OpenAI)
  • User-Agent (compatibility/security; not sent to OpenAI)
  • Browser language preference (for UI localization)
  • IP address (logged automatically by Google Cloud infrastructure for security; up to 30 days)

URL Privacy Note: Avoid personal data in URL query parameters. Although the URL is not sent to OpenAI, it may appear in application payloads processed by our infrastructure.

Infrastructure Security Logs — Independent Controller Role: For infrastructure security logs strictly necessary to operate the Service (timestamps, status/error codes, request duration, User-Agent, and IP as logged by Google Cloud), we act as an independent controller under GDPR Art. 6(1)(f) (legitimate interests) and Recital 49. Logs are processed in EU regions (europe-central2 / eur3), retained up to 30 days, not combined with Customer Content, and not used for profiling/marketing. Data subjects may contact info@webappski.com regarding these logs.

2.4 Consent Audit Data (Consent Receipt)

When you click "I Accept" on the consent modal, we store minimal proof of your consent:

Data Collected:

  • Pseudonymous user ID (UUID, randomly generated, not linked to your identity)
  • Consent timestamp (date and time when you clicked "I Accept")
  • Consent method (checkboxes + button click)
  • Policy version shown to you (e.g., "v1.0")
  • Content hash (SHA-256 fingerprint of the consent text you saw)
  • Widget version (e.g., "1.0.0")
  • UI language (language in which consent was displayed to you)
  • Checkbox states (whether you checked "I have read" and "I am 16+" boxes)
  • IP Hash (daily-rotating) - Privacy-preserving identifier for deduplication (see below)
  • Linked User IDs - List of related consent records from same user (for audit purposes)

IP Hashing Mechanism (Privacy by Design):

To help identify users in legal disputes while protecting privacy, we implement a GDPR-compliant hybrid identification system:

How it works:

  1. Daily-rotating IP hash: Your IP address is hashed using SHA256 with current date: SHA256(IP + date)
  2. Hash changes daily: Tomorrow, the same IP will produce a different hash (privacy protection)
  3. Not reasonably reversible by us: We cannot derive your raw IP without additional data we do not store (the hash is cryptographically one-way)
  4. Deduplication only: Used to link consent records from same user within 24 hours
  5. Automatic linking: If you use the widget multiple times (new browser, incognito mode), your consent records are automatically linked via linkedUserIds

Example:

  • Today (2025-10-18): Your IP 185.123.45.67 → Hash 7d3f8a9b...
  • Tomorrow (2025-10-19): Same IP 185.123.45.67 → Hash 2c8e1f4a... (different!)
  • Result: Hash is NOT permanent identifier - it rotates daily for privacy

Why we do this:

  • Legal defense (GDPR Art. 7(1)): If you claim you never gave consent, we can find your consent record to prove compliance
  • Deduplication: Prevents same user from creating unlimited consent records (e.g., clearing LocalStorage, using incognito)
  • Privacy protection: We do NOT store your raw IP permanently - only daily-rotating hash

Privacy guarantees:

  • Hash rotates every 24 hours (not permanent identifier)
  • Not reasonably reversible to get original IP address (we do not store the necessary data to reverse the hash)
  • GDPR Article 25 compliant (Privacy by Design, Data Minimization)
  • Used only for deduplication within same day
  • Not shared with OpenAI or other third parties
  • Stored separately from operational logs

Purpose:

  • GDPR Art. 7(1) compliance - We must be able to prove that you gave consent
  • Security and audit - Legal protection for both you and us
  • Dispute resolution - If you claim you never consented, we can show the record
  • Deduplication - Finding all consent records from same user (across devices/browsers)

Legal Basis:

  • Your consent for the voice feature (GDPR Art. 6(1)(a))
  • Our legitimate interests (GDPR Art. 6(1)(f)) - Proving compliance with GDPR requirements, preventing abuse, finding users in legal disputes

Retention:

  • Maximum 24 months, then automatically deleted
  • May be shorter based on Website Owner's policy
  • IP hash rotates daily (not retained beyond 24 months)

Recipients:

  • Stored in Google Cloud/Firebase (EU/Poland region: europe-central2 / eur3)
  • NOT shared with OpenAI or any other third parties
  • Access restricted to authorized administrators only

What We DO NOT Collect:

  • Raw IP addresses (only daily-rotating hash, never permanent IP storage)
  • ❌ Cookies are NOT set by our widget
  • ❌ No cross-site tracking or profiling
  • ❌ No permanent user identifiers beyond consent UUID

Your Rights:

  • You can request access to your consent records (if you provide UUID or approximate date)
  • You can request deletion after 24 months or earlier if justified
  • You can contact us at info@webappski.com for consent audit inquiries

Finding Your Consent Records:

If you need to verify your consent or request deletion, you can provide:

  • Your pseudonymous UUID (if you saved it)
  • Approximate date when you gave consent
  • Website domain where you used the widget
  • Browser/device information (User-Agent)

We will search our database using these criteria and the IP hash mechanism to locate your consent record.

3. How We Use Your Data

Purpose: Form completion assistance only

Your data is used to:

  1. Convert your voice to text (via OpenAI Whisper)
  2. Map your speech to appropriate form fields (via OpenAI GPT-4o-mini)
  3. Translate your input to the form's language if needed
  4. Debug errors and improve service quality (system logs)

We DO NOT:

  • Use your data for marketing
  • Share your data with third parties (except OpenAI as our subprocessor)
  • Train AI models on your data
  • Profile or track you across websites
  • Sell your data

4. Data Sharing & Third Parties

4.1 OpenAI (Subprocessor)

Your voice and transcribed text are sent to OpenAI for processing:

OpenAI Whisper API (speech-to-text):

  • Audio transmitted via HTTPS
  • Audio stored for 30 days (OpenAI abuse monitoring policy)
  • Data NOT used for model training (per OpenAI API terms)

OpenAI GPT-4o-mini API (field mapping):

  • Voice transcription and field metadata sent via HTTPS
  • Data stored for 30 days (OpenAI abuse monitoring policy)
  • Data NOT used for model training (per OpenAI API terms)

OpenAI Privacy: https://openai.com/policies/privacy-policy OpenAI Data Processing Addendum: https://openai.com/policies/data-processing-addendum

4.2 Google Cloud Platform (Infrastructure)

  • System logs are stored in Google Cloud Logging (EU regions: europe-central2 / eur3), with 30 days retention.
  • Firestore stores client configuration and pseudonymous consent receipts (UUID, timestamp, modal version, etc.) as described in §2.4. No transcript text or extracted values are stored.
  • Google acts as subprocessor for infrastructure services

4.3 No Other Third Parties

We do NOT share your data with:

  • Advertisers
  • Data brokers
  • Marketing platforms
  • Analytics services (we use Plausible Analytics which is privacy-first and cookie-less for our own website only, NOT for tracking widget users)

5. Data Retention

Data Type Storage Location Retention Period Notes/Sanitization
Audio recording (our systems) Memory buffer only 0 seconds Not stored by us
Audio recording / transcript (OpenAI) OpenAI servers (USA) Up to 30 days OpenAI abuse monitoring; not used for training
Transcript text (our systems) Not stored (only metadata kept, see below)
Usage metadata (len/lang/duration, counts) Google Cloud Logging (EU) 30 days No content; automatic deletion
Field metadata (non-sensitive only) OpenAI API (USA) Up to 30 days Pre-filtered locally; sensitive labels excluded
Infrastructure logs (IP, UA, timestamps) Google Cloud infrastructure logs (EU) 30 days Security/abuse prevention; independent controller
Consent audit data (UUID, timestamp, etc.) Firestore (EU) Up to 24 months Pseudonymous; not shared with OpenAI

After 30 days, all data is automatically and permanently deleted (except consent receipts, which are deleted after up to 24 months).

Litigation Hold: Retention periods may be extended where required by law or necessary to establish, exercise, or defend legal claims (litigation hold).

6. Your Data Rights (GDPR)

Important: To exercise your GDPR rights regarding voice/form data processing, please contact the Website Owner (Data Controller) first. We act as Data Processor and will process your request only on the Controller's documented instructions.

For infrastructure security logs where we act as independent controller, you may contact us directly at info@webappski.com.

Identity Verification: For security, we may request additional information to reasonably verify your identity before acting on a request.

6.1 Scope — What Personal Data We Actually Hold

We do NOT store your audio recordings or transcript content. The only personal data we may hold are:

  1. Consent audit records (pseudonymous UUID, timestamp, consent UI version, daily-rotating IP hash, linked user IDs) — see §2.4; retention up to 24 months
  2. Technical/infrastructure logs (IP address, User-Agent, timestamps, status/error codes) — see §2.3; retention up to 30 days
  3. Usage metadata (audio duration, detected language, text length, field count) — without content; retention up to 30 days

What we do NOT have:

  • ❌ Audio recordings (not stored by us; OpenAI retains for up to 30 days)
  • ❌ Transcripts (not stored by us; OpenAI retains for up to 30 days)
  • ❌ Form field values you spoke (not stored; only processed in-memory)

6.2 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and access to that data.

What we can provide:

  • Copy of your consent receipt (if you provide UUID, approximate date, or domain name)
  • Confirmation of data processing activities and categories of data we hold
  • Information about retention periods and recipients (OpenAI, Google Cloud)
  • Technical information from infrastructure logs (if reasonably identifiable and does not compromise security)

What we CANNOT provide:

  • ❌ Audio recordings or transcripts (we don't store them; OpenAI retains for technical purposes but does not provide individual access to end users)

How to request: Contact the Website Owner (Data Controller) with your request. For infrastructure logs, you may contact us directly at info@webappski.com.

Note: Technical log extracts (if any) are provided only to the extent reasonably identifiable and without compromising security or other users' privacy.

6.3 Right to Rectification (Article 16)

This right is limited in our context:

  • Consent audit records are legal registers and cannot be altered retroactively (to preserve evidence integrity)
  • Infrastructure logs are technical records and cannot be individually modified
  • Usage metadata does not contain personal identifiers that need correction

If you believe there is an error in your consent record, contact the Website Owner. We may add an annotation or delete the record (upon Controller's instruction) if appropriate.

6.4 Right to Erasure / "Right to be Forgotten" (Article 17)

What we can delete:

  • Consent receipts — can be deleted upon request (via Website Owner's instruction or your direct request to us)
  • Note: Deletion may be refused if retention is required for legal compliance or to establish/defend legal claims

What deletes automatically:

  • Infrastructure logs & usage metadata — automatically deleted after 30 days
  • Data at OpenAI — automatically deleted after up to 30 days (we cannot expedite this; OpenAI's technical retention policy)

Technical limitations:

  • Our infrastructure logs (Google Cloud Logging): Individual log entries cannot be manually deleted during the 30-day retention period (no API available)
  • OpenAI retention: OpenAI retains audio/transcript data for up to 30 days for abuse monitoring; we cannot expedite deletion unless the Website Owner has enabled Zero Data Retention (ZDR) with OpenAI

How to request:

  1. Contact the Website Owner (Data Controller) for voice/form data
  2. For consent receipts or infrastructure logs, you may contact us at info@webappski.com
  3. We will document your request and confirm applicable deletion timelines

Prevention is best: If you are concerned about data retention, do not use the voice feature—type form data manually instead.

6.5 Right to Restrict Processing (Article 18)

You may request restriction of processing in specific circumstances (e.g., while we verify accuracy of data or assess your objection).

Limitations: This right applies only to data we actually store (consent receipts and limited technical logs). We cannot restrict OpenAI's processing during their 30-day technical retention period.

How to request: Contact the Website Owner (Data Controller).

6.6 Right to Data Portability (Article 20)

This right applies to data you provided based on consent or contract, in a structured, commonly used, machine-readable format.

What we can provide:

  • Consent receipt in JSON format (if identifiable by UUID/date/domain)

Limitations: We do NOT have portable "content" (audio/transcripts/form values) to transfer.

How to request: Contact the Website Owner (Data Controller).

6.7 Right to Object (Article 21)

You can object to processing based on legitimate interests.

Easiest way to object: Simply do not use the voice feature and type form data manually instead.

For infrastructure security logs (processed under our legitimate interests), you may object by contacting us at info@webappski.com. We will assess whether our legitimate interests override your rights.

6.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in your EU Member State.

Poland (our location): Urząd Ochrony Danych Osobowych (UODO) Website: https://uodo.gov.pl/ Email: kancelaria@uodo.gov.pl

Before filing a complaint: Please contact the Website Owner (Data Controller) first. We will assist in resolving your concern.

7. Data Security

We implement industry-standard security measures:

Encryption:

  • All data transmitted via HTTPS (TLS 1.2+)
  • No unencrypted data transmission

Access Control:

  • System logs accessible only to authorized administrators
  • API keys stored securely in Firebase Cloud Functions secrets
  • No client-side exposure of credentials

Infrastructure Security:

  • Firebase Cloud Functions (Google Cloud Platform)
  • Automatic security patches and updates
  • DDoS protection via Google Cloud

Incident Response:

  • If a data breach occurs, we will notify the Website Owner (Data Controller) without undue delay so that they can meet their obligations to supervisory authorities and data subjects. Where we are an independent controller for infrastructure logs, we will handle notifications in accordance with applicable law.

8. Children's Privacy

Age Restriction: Our Service is NOT intended for children under 16 years of age (or the lower age permitted by your EU Member State, between 13 and 16 as per GDPR Article 8).

Our Policy:

  • We do NOT knowingly target or collect data from children
  • If you are under 16, DO NOT use the voice feature
  • The Website Owner (Data Controller) is responsible for obtaining parental consent if they allow minors to use voice features
  • Where applicable, the Website Owner must implement an appropriate age-gate and obtain verifiable parental consent before enabling voice features for minors

COPPA (US): For US users under 13, parental consent is required before using voice features (per Children's Online Privacy Protection Act).

For Parents/Guardians:

If you believe your child has used the voice feature without proper consent, please contact the Website Owner (Data Controller) of the website where the widget was used.

Upon the Website Owner's instruction, we can:

  • Disable the voice feature for specific forms/domains
  • Delete the associated consent receipt (if one exists)

Important: We do NOT store audio recordings or transcripts. Any voice data sent to OpenAI is retained by them for up to 30 days (technical retention policy; we cannot expedite deletion unless Zero Data Retention is enabled by the Website Owner).

To contact us directly: If the Website Owner is unresponsive or if you need assistance locating the controller, you may email us at info@webappski.com and we will help facilitate the request.

9. International Data Transfers

Data Location:

  • Our Google Cloud services run in EU regions (europe-central2 / eur3).
  • Transfers to the United States occur when using OpenAI (Whisper/GPT).

Legal Basis for Transfers:

  • OpenAI: EU Standard Contractual Clauses (SCCs); data not used for model training.
  • Google Cloud: EU processing under Google Cloud Data Processing Terms (EU regions).
  • UK and Swiss users: Transfers rely on the UK Addendum to the EU SCCs / IDTA and the Swiss FDPIC-compatible clauses, respectively.

Your Rights: You can object to international transfers by not using the voice feature.

10. User Responsibilities & Warnings

⚠️ CRITICAL - What NOT to Speak:

DO NOT use voice input for the following types of information:

Highly Sensitive Data:

  • Passwords, PINs, security codes, 2FA codes
  • Government-issued ID numbers (SSN, passport, driver's license, tax IDs)
  • Financial information (credit card numbers, CVV codes, bank account numbers)
  • Medical records, diagnoses, prescriptions, health insurance numbers
  • Biometric data
  • Any information you consider confidential or trade secrets

Why? While we use AI to identify and hide sensitive fields from the voice input UI, our detection is NOT perfect. Additionally, we CANNOT prevent you from speaking sensitive information if you choose to do so.

If in doubt, type manually instead of using voice.

You are responsible for:

  • Choosing what information to speak aloud
  • Understanding that spoken data is transmitted to OpenAI and logged for 30 days
  • Using voice input only for non-sensitive form fields

Important Limitations:

  • We cannot prevent you from voluntarily speaking sensitive information into the system
  • You assume the risk if you choose to speak sensitive data despite our warnings and field filtering
  • Field labels sent for analysis: While we pre-filter sensitive labels, company-specific confidential field labels may still be transmitted unless marked with data-ai-private by the Website Owner

For highly sensitive forms, we strongly recommend typing manually instead of using voice input.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting.

Notification:

  • Major changes: We will notify the Website Owner, who may notify you
  • Minor changes: Updated "Last Updated" date at the top of this document

Your Consent: Continued use of the voice feature after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Information

Data Processor (AI Form Copilot): Fundacja Rozwoju Przedsiębiorczości "Twój StartUp" (Artur Kuzmenka) ul. Żurawia 6/12, office 766 00-503 Warsaw, Poland VAT ID (EU): PL5213641211 Email: info@webappski.com

Data Controller (Website Owner): Contact the website you are visiting for their contact information.

For Data Protection Inquiries:

For infrastructure security logs (independent controller role) or general privacy questions, contact: info@webappski.com.

For voice/form processing (processor role), please contact the Website Owner first; we will act on their documented instructions.

Polish Data Protection Authority: Urząd Ochrony Danych Osobowych (UODO) Website: https://uodo.gov.pl/ Email: kancelaria@uodo.gov.pl

13. Legal Basis for Processing (GDPR Article 6)

For Voice Data and Form Metadata Processing: The legal basis for processing your voice data and form metadata is determined by the Website Owner (Data Controller). We act as a Data Processor following the Website Owner's documented instructions. The Website Owner typically relies on:

  • Consent (Article 6(1)(a)) - Your consent when clicking "Fill with Voice"
  • Contract (Article 6(1)(b)) - Processing necessary to provide the service you requested

For Infrastructure Security Logs (Independent Controller Role per GDPR Article 6(1)(f)): For infrastructure security logging (IP addresses, timestamps, error codes), we act as an Independent Controller based on:

  • Legitimate Interests (Article 6(1)(f)) - Network and information security (GDPR Recital 49)
  • This is separate from voice data processing where we act solely as Processor for the Website Owner
  • Logs are processed in EU regions and not combined with Customer Content

How Consent is Obtained:

  • First-time use: When you click "Fill with Voice" for the first time, the Website Owner should display a consent notice explaining that:
    • Your voice will be sent to OpenAI for transcription
    • Form field labels will be sent to OpenAI for analysis
    • Your data will be logged for 30 days
    • Data will be transferred to the United States
  • Continuing use: Each time you click "Fill with Voice", you reaffirm your consent
  • Explicit consent required: If forms contain Special Categories of Personal Data under GDPR Article 9 (health, political opinions, religious beliefs), the Website Owner MUST obtain separate explicit consent before allowing voice input

What Consent Covers:

  • ✅ Voice recording and transcription via OpenAI Whisper
  • ✅ Sending your voice transcription and pre-filtered non-sensitive form metadata to OpenAI GPT for mapping
  • ✅ International transfer to the United States for OpenAI processing
  • ✅ OpenAI's up-to-30-day technical retention (early deletion not available unless Zero-Data-Retention is enabled)
  • ℹ️ Note: Where the Website Owner enables OpenAI's Zero-Data-Retention profile, OpenAI does not retain request data.

Not Based on Consent:

  • Infrastructure security logs (IP, timestamps, UA) are processed under our legitimate interests (Art. 6(1)(f)) and are limited to EU regions.

Not Sent to OpenAI:

  • Page URL and Browser User-Agent (processed by our infrastructure only).

⚠️ IMPORTANT: OpenAI Data Retention Limitation

By clicking "Fill with Voice" or "Enable Voice Input", you explicitly acknowledge and consent to the following:

  1. OpenAI (our Sub-processor) retains voice data for up to 30 days for abuse monitoring per their API policy (https://openai.com/policies/usage-policies)
  2. We CANNOT provide immediate deletion before 30 days due to technical limitations of OpenAI's system
  3. You acknowledge this limitation and consent to 30-day retention
  4. Alternative available: If you do NOT accept this limitation, DO NOT USE voice input - you can fill forms manually instead (typing)

Legal Basis: Your informed and specific consent to this processing condition is required under GDPR Article 6(1)(a). This is a technical limitation of the Sub-processor we use, which we transparently disclose to you before you use the voice feature. Voice input is an optional feature - you can always choose to fill forms manually.

This consent is separate from your right to erasure: While GDPR Article 17 gives you the right to erasure "without undue delay", this right has limitations. In this case, the technical architecture of the service (OpenAI's 30-day abuse monitoring retention) means immediate deletion is not feasible. By providing informed consent to this limitation, you acknowledge that you understand and accept the 30-day retention period as a condition of using the voice input feature.

What Consent Does NOT Cover:

  • ❌ Special Categories (Article 9) data - requires separate explicit consent
  • ❌ Marketing or tracking - we do NOT use your data for these purposes
  • ❌ Third-party sharing beyond OpenAI/Google Cloud - we do NOT share with others

Withdrawal of Consent:

  • You can withdraw consent at any time by simply NOT using the voice feature
  • Type form data manually instead of using voice
  • Withdrawal does NOT affect lawfulness of processing before withdrawal
  • Data already in 30-day retention cannot be immediately deleted (automatic deletion after 30 days)

Consent for Children:

  • Users under 16 require parental consent (GDPR Article 8)
  • US users under 13 require parental consent (COPPA)
  • Website Owner is responsible for obtaining parental consent before allowing minors to use voice feature

14. Automated Decision-Making

AI Processing: We use AI (OpenAI GPT-4o-mini) to map your speech to form fields.

No Profiling: We do NOT use automated decision-making that produces legal effects or significantly affects you.

Human Review: You review and confirm all AI-suggested values before form submission.

Appendix: Technical Details

For detailed technical information about data flows, see our Technical Documentation at [TECHNICAL.md].

Key Technical Points:

  • Audio: WebM/WAV format, streaming (never stored)
  • Encryption: TLS 1.2+ (HTTPS)
  • APIs: OpenAI Whisper, GPT-4o-mini
  • Logs: Google Cloud Logging (30 days, then auto-deleted)
  • Cache: 5 minutes in-memory only (no persistent storage)

By using the AI Form Copilot voice feature, you acknowledge that you have read, understood, and agree to this Privacy Policy.