GDPR Compliance

Last updated: May 2026  ·  General Data Protection Regulation (EU) 2016/679

ReadToLoud is committed to complying with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA). This page outlines how we fulfil our GDPR obligations.

1. Data Controller

The data controller for ReadToLoud is the app developer. For GDPR inquiries, contact us at: [email protected]

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract performance: Processing necessary to provide the service you've subscribed to or purchased.
• Legitimate interests: Improving app performance and security via anonymous crash reports.
• Consent: Where you explicitly consent to processing (e.g., enabling iCloud sync).

3. Categories of Personal Data

• Audio recordings: Processed locally or via encrypted API calls. Not stored permanently.
• Documents: PDFs, DOCX, scanned images — processed to provide AI analysis. Not stored beyond session.
• Technical data: Anonymous crash logs, device type, OS version. No personal identifiers.
• iCloud data: Stored in your own Apple iCloud account, governed by Apple's privacy policy.

4. Data Retention

• Audio and document content is not retained after processing.
• Anonymous usage statistics may be retained for up to 12 months.
• Purchase records are managed by Apple and subject to Apple's data retention policies.

5. Your GDPR Rights

As an EEA resident, you have the following rights:

• Right of access — Request a copy of personal data we hold about you.
• Right to rectification — Request correction of inaccurate data.
• Right to erasure ("right to be forgotten") — Request deletion of your personal data.
• Right to restriction of processing — Request that we limit how we use your data.
• Right to data portability — Request your data in a machine-readable format.
• Right to object — Object to processing based on legitimate interests.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

6. International Data Transfers

When AI processing requires data to be sent to third-party providers, transfers outside the EEA are conducted under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

7. Supervisory Authority

If you believe we have not addressed your concern satisfactorily, you have the right to lodge a complaint with your national data protection authority. In Hungary, this is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH): naih.hu.

8. Contact

[email protected]