Privacy Policy – ShadowFlow

1. Acceptance and Scope

By using this app, the user declares that they have read, understood, and fully accepted this Privacy Policy.

If you do not agree with the terms, do not use the services.

This policy applies to the ShadowFlow app and the transcription services operated by the developer.

This policy is published in its own section, independently from the Terms of Use, and must be considered together with the summarized notices presented in the app, on the website, or in the data collection flow, when applicable.

2. Use by Minors

This app is intended for users aged 13 or older.

Users under 18 must use it under the supervision and consent of a legal guardian.

No active age verification is performed.

If we become aware of improper collection of minors' data, we will delete it immediately.

3. What Data We Collect

We may collect and process the following data, depending on use of the app and the service:

These data may be collected directly from the user, from the app, from Google login flows, from Google Play purchase flows, from uploads sent to the service, and from technical records generated during operation.

These data may be stored in databases, operational records, file storage, and cloud environments used by ShadowFlow and by vendors engaged for authentication, payments, hosting, processing, storage, technical support, and fraud prevention.

These data are used for app operation, usage control, authentication, service delivery, security, technical support, statistics, and continuous improvement.

As part of the normal service, we do not request sensitive personal data. The user must not submit sensitive data, confidential third-party information, or content they do not have the right to process, unless this is strictly necessary and permitted by law.

4. Login with Google Account

Login with a Google account may be requested during app installation, before final acceptance of the terms.

In this case, we process the email address and the Google account identifier for access control, free usage eligibility, purchase linking, and association with the device UUID.

During authentication, account credentials or tokens may be used to validate login. We do not access contacts, files, calendar, email content, or any other Google account data beyond what is necessary for authentication and operation of the service.

No sensitive data is accessed or processed without explicit consent.

5. Why We Use the Data (Including Audio Transcription)

The data collected are used for:

When you submit an audio file for transcription, the file and the request data are processed by automated systems operating on our own infrastructure or on cloud services.

To operate the service, we may transmit to the server data such as UUID, request token, file hash, size in bytes, audio duration, file name, language selected for transcription, platform, accepted terms version, date/time of acceptance, and purchase identifiers, when applicable.

We seek not to include personal data in the audio content. To operate the service, the audio may be associated with technical identifiers (for example, UUID, request token, and purchase identifiers). The email address may be used when the user provides it or logs in.

The generated subtitle is intended exclusively for educational purposes, such as supporting language study.

Even with good-quality audio, the process may generate transcriptions with failures, missing excerpts, or punctuation errors.

The quality of the audio may directly affect the transcription result.

Each request is considered an independent service.

The service is considered completed at the time the subtitle is delivered.

Data processing is limited to the purposes stated in this policy. If it becomes necessary to process data for a new, incompatible, or additional purpose, ShadowFlow will update the applicable notice and request new consent or adopt the required legal basis, when necessary.

6. Retention and Deletion

7. Statistical and Anonymized Use

We may use aggregated and anonymized data for statistics and internal analysis.

These data do not identify users and are not shared with third parties for commercial purposes.

8. Sharing with Third Parties

9. Storage and Data Location

Data may be stored or processed on servers located in Brazil or abroad, always in compliance with this policy and applicable law.

Currently, when it is practical to specify, the most likely countries for storage or processing by engaged vendors include Brazil and the United States, without prejudice to the use of other locations linked to the infrastructure for authentication, storage, processing, app distribution, and digital billing.

In such cases, international transfers will occur only when permitted by applicable law, and we adopt contractual, organizational, and technical measures to seek a level of data protection compatible with applicable law.

We reserve the right to provide data to legal authorities, upon court order, valid request from a competent authority, or applicable legal obligation.

11. User Responsibility

The user declares that they hold the legal rights over the audio files submitted.

Improper use of copyrighted content may result in service blocking, loss of credits, and account deletion.

The service is not responsible for improper submissions.

12. Security

We adopt technical, administrative, and organizational measures to protect stored data against unauthorized access, use, alteration, disclosure, or destruction.

However, no system is infallible.

By using the app, the user acknowledges that residual risks exist.

13. Updates to this Policy

This policy may be modified at any time.

The most recent version will always be available in the latest app update and on the official website.

When required by applicable law, ShadowFlow may present a summarized notice before or at the time of collection, with a link or reference to this full version.

By accepting this policy, the user authorizes the collection and use of the data described.

It is possible to revoke consent for the transcription service at any time through the app settings or through the privacy channel, subject to applicable legal and technical limitations.

It is also possible to request limitation of the use or disclosure of data in the cases provided by law.

Upon revocation, the transcription service will be disabled. We may still retain and process the minimum data necessary for security, fraud prevention, auditing, regular exercise of rights, and legal compliance.

ShadowFlow does not sell personal data and, in its current practice, does not share personal data for cross-context behavioral advertising. Therefore, there is currently no specific opt-out flow for sale or sharing. If this practice changes, the user will be informed in advance through the official channels and this policy will be updated.

If, exceptionally, sensitive data are received at the user's initiative or due to legal requirement, they will be used only for service execution, security, fraud prevention, regular exercise of rights, and compliance with legal obligation, subject to applicable restrictions.

The regular exercise of privacy rights will not result in undue discrimination, except for technical, legal, anti-fraud, or strictly necessary limitations for provision of the requested service.

At this time, ShadowFlow does not respond differently to browser Do Not Track signals. If it starts to recognize equivalent automatic mechanisms required by law for a given practice, this will be informed in this policy.

15. Contact, Exercise of Rights, and Complaints

The controller responsible for the processing of personal data related to ShadowFlow is ShadowFlow itself, represented by its developer/controller, domiciled in Brazil. Vendors providing infrastructure, authentication, payments, and processing used to operate the service generally act as operators/processors on behalf of ShadowFlow, according to the purpose of the service and applicable law.

Privacy Officer / DPO: Fábio Liebl

The data subject may request, as permitted by applicable law: access, confirmation of processing, information about categories and, where applicable, specific data processed, sources and purposes of processing, correction, rectification, updating, deletion, erasure, cancellation, confidentiality, objection when applicable, portability when applicable, withdrawal of consent, and limitation of use or disclosure, as provided by law.

To exercise these rights or submit a complaint, send a message to the privacy email including: (i) identification of the data subject or their representative; (ii) a clear description of the request, right to be exercised, or complaint; (iii) data that help locate the record; and, when necessary, documents for identity and representation verification.

Requests will be reviewed and answered within a reasonable period and/or within the period required by applicable law. When necessary, we may request additional information to confirm the identity of the requester, locate the data, and prevent fraud.

Privacy complaints will be recorded, reviewed, and answered through the privacy channel. If the data subject is not satisfied with the response, they may contact the competent authority in their jurisdiction.


Last updated: March 19, 2026
Version: 1.0.4