Privacy Policy
1. General
This privacy policy informs you about what personal data is collected, processed, and used when you use the app "eXODA KI". Protecting your data is important to us. We comply with the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
2. Controller
The controller responsible for data processing is:
T. Stephan
Kookamp 40
46354 Südlohn
Germany
E-Mail: info@exoda.de
Phone: +49 171 3833568
3. What data is collected?
3.1 Audio recordings
The app accepts voice recordings via your device's microphone. These recordings are transmitted exclusively for transcription and text improvement to the service OpenAI (OpenAI, L.L.C., San Francisco, USA). Audio files are deleted locally on your device after processing is complete.
3.2 Transcribed text
The text transcribed and improved by OpenAI is:
- Stored in your device's clipboard
- Saved locally in a log file (
results_log.txt) on your device - Not permanently stored on our servers
3.3 Local settings
The following data is stored exclusively locally on your device in the app settings (SharedPreferences):
- Selected language
- Default folder
- Balance (bonus seconds)
- Tutorial progress
- Device ID (locally generated, see section 3.5)
3.4 Firebase services
The app uses the following Firebase services from Google (Google Ireland Ltd.):
- Firebase Core: Basic app initialisation
- Cloud Firestore: Management of voucher codes and their redemption
- Firebase Storage: Storage of app-related data
When using Firebase, the following data may be transmitted to Google servers:
- IP address
- Device type and operating system
- App version
- Times of use
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in providing app functionality).
3.5 Device ID
When the app is first launched, an anonymous, random device ID is generated and stored locally. This is used exclusively to manage voucher code redemptions per device. The ID contains no personal information and is not linked to other data.
3.6 Voucher system
When a voucher code is redeemed, the following data is stored in Cloud Firestore:
- Voucher code
- Anonymous device ID
- Time of redemption
- Voucher value
4. Data transfer to third parties
4.1 OpenAI (USA)
Audio recordings are transmitted to OpenAI for transcription (Whisper API) and text improvement (GPT-4o API). OpenAI processes this data in accordance with its own privacy policy: openai.com/policies/privacy-policy
Note: According to its own policy, OpenAI stores API requests for up to 30 days for abuse detection and then deletes them. The data is not used to train AI models (API usage).
Data transfer to the USA is based on Art. 49(1)(a) GDPR (consent) and/or the standard contractual clauses (SCCs) implemented by OpenAI.
4.2 Google / Firebase (EU/USA)
Firebase services are operated by Google. Data may be processed on servers in the EU and the USA. Google uses standard contractual clauses: policies.google.com/privacy
4.3 No further third parties
Beyond the above, no data is sold, disclosed, or used for advertising purposes with any other third parties.
5. Permissions
| Permission | Purpose |
|---|---|
| Microphone | Recording voice input for transcription |
| Internet | Communication with OpenAI API and Firebase |
| File system | Storage of audio recordings and logs |
| Clipboard | Pasting the transcribed text |
| Accessibility (macOS) | System-wide paste (Cmd+V) into other apps |
6. Retention periods
| Data | Retention period |
|---|---|
| Audio recordings | Deleted immediately after transcription |
| Transcribed text | Locally in log file, until deleted by user |
| Local settings | Until the app is uninstalled |
| Voucher redemptions (Firebase) | Permanently to prevent abuse |
| Device ID | Until the app is uninstalled |
7. Your rights
Under the GDPR you have the following rights:
- Right of access (Art. 15 GDPR): You can request information about data stored about you.
- Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.
- Right to erasure (Art. 17 GDPR): You can request deletion of your data, provided no statutory retention obligations apply.
- Restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
To exercise your rights, please contact: info@exoda.de
You also have the right to lodge a complaint with a data protection supervisory authority.
8. Data security
Communication between the app and the services used (OpenAI, Firebase) takes place exclusively via encrypted HTTPS connections. API keys are stored locally and in encrypted form and are not disclosed to third parties.
9. Minors
The app is not specifically aimed at minors under the age of 16. Personal data of minors is not knowingly collected.
10. Changes to this privacy policy
We reserve the right to adapt this privacy policy as needed to reflect changes in the law or changes to the app. The current version can always be found in the app and on this website.
Last updated: March 2026