Audiu Privacy Policy

Last updated: October 23, 2025 | Version: 1.0.5+6

1. Scope & Data Controller

This Privacy Policy describes how Rudnex ("we", "us", or "our") collects, uses, and protects your information when you use the Audiu mobile application.

Data controller: Rudnex
Contact: contact@rudnex.com

2. Information We Collect

Mobile App Data

• Account Information: Email, password (hashed), name, age, country, username
• Profile Information: Name, email, age, country, optional profile image URL (Google Sign-In)
• Profile Completion: Age and country are collected once during initial login/registration via the Complete Profile screen before full app access; cannot be edited in-app (contact us to update)
• Authentication Data: Session tokens, provider information (Google Sign-In), accepted terms, linked social providers
• Account Linking Data: Social credentials stored separately when linking multiple authentication methods (e.g., linking Google to email/password account)
• OTP Verification Data: Temporary verification codes for secure account linking (expires after 10 minutes, linking window 30 minutes)
• Usage Data: Watch history (story titles, playback positions, timestamps), favorites, listen later queue
• Playback Preferences: Volume settings, background play preferences, last played story, current queue (stored locally on device)
• Offline Content: Optional offline downloads (feature coming soon, not yet available)
• Device Information: Basic device type and operating system for compatibility

Note: We do not collect crash/error logs, location data, contact information, or advanced device fingerprinting.

Data We Do NOT Collect

• Crash/Error Logs: Limited error logging for debugging purposes only (no personal data included)
• Location Data: No location permissions requested or location data collected
• Contact Information: No access to device contacts or phone numbers
• Advanced Device Data: No device fingerprinting or detailed hardware information
• Camera/Microphone: No camera or microphone access
• Third-Party Analytics: No advertising tracking; minimal analytics for app performance only

3. How We Use Information

• Account Management: Authenticate users, store profile information, manage country-specific age verification (13-16+ based on regional requirements)
• Account Linking: Securely link multiple authentication methods (e.g., Google, email/password) to a single account using OTP verification
• Content Delivery: Stream audio stories, sync content across devices
• Personalization: Track watch history, manage favorites and listen later queue, remember playback positions
• User Preferences: Store volume settings, background play preferences, audio device settings
• App Functionality: Maintain session state, sync user data across devices, provide seamless experience
• Security: Prevent abuse, ensure age compliance, maintain secure authentication, validate OTP codes for account linking
• Data Management: Automatic cleanup of inactive accounts (accounts inactive for 2+ years are automatically deleted)
• Audit Logging: Track account linking activities and security events for safety and compliance

4. Syncing & Data Processing Roles

Syncing Behavior

• What Syncs: Favorites, playlists, and watch history sync to your account when you are logged in.
• When: Sync occurs on sign‑in, during normal use when online, and when connectivity is restored.
• Conflicts: Latest change generally applies (last‑write‑wins). We aim to preserve your most recent actions.
• Local‑Only Mode: If you are signed out, preferences and offline content remain on the device only.

Controller vs. Processors

• Data Controller: Rudnex (for Audiu app data).
• Processors: PocketBase (backend platform) and Hetzner Cloud (infrastructure provider) process data on our behalf under a DPA.
• Independent Services: Google Sign‑In and Google Fonts handle limited data (e.g., IP for font delivery) under their own privacy terms.

5. App Permissions (Android)

Our app requests only essential permissions:

• Internet/Network Access – Required for streaming audio and API access
• Storage Permissions – For offline downloads (scoped storage on Android 13+, legacy storage on older versions)
• Bluetooth – For seamless audio device connection and control (including BLUETOOTH_CONNECT and BLUETOOTH_SCAN)
• Notifications – For playback controls and download alerts (POST_NOTIFICATIONS on Android 13+)
• Background Services – For continuous audio playback while screen is off (FOREGROUND_SERVICE_MEDIA_PLAYBACK)
• Audio Settings – For volume control and audio focus management (MODIFY_AUDIO_SETTINGS)
• Wake Lock – To prevent device sleep during audio playback
• Vibration – For notification alerts

We do NOT request:

• Location access
• Contacts or phone numbers
• SMS or call logs
• Camera or microphone
• Unnecessary file system access

6. Sharing & Third‑Party Services

Third‑Party Integrations

• PocketBase: Used for secure authentication and content storage
• Google Sign‑In: Optional social login service
• Google Fonts: Fonts are served by Google; when your device requests font files, your IP address is processed by Google to deliver the resource. See Google Fonts privacy at developers.google.com/fonts/faq/privacy.
• Hetzner Cloud: Data hosting and storage infrastructure

Data Storage & Processing

• PocketBase Database: User accounts, preferences, and usage data stored securely
• Database Collections: Users, watch_history, favorites, listen_later, stories content
• Hetzner Infrastructure: Data processed and stored on Hetzner Cloud servers
• Data Location (Regions): Primary hosting in EU/EEA Hetzner regions (e.g., Germany/Finland). Exact region may vary based on deployment.
• Data Processing Agreement (DPA): We rely on Hetzner's standard DPA for controller–processor obligations.
• International Transfers: If personal data is transferred outside the EEA, we implement appropriate safeguards (e.g., Standard Contractual Clauses) where required by law.
• Data Encryption: All data transmission uses HTTPS encryption
• Password Security: Passwords hashed using bcrypt before storage
• CASCADE DELETE: Automatic deletion of related data (watch history, favorites, listen later) when user account is deleted

Data Sharing Policy

• We never sell your personal information
• We never share your personal data with advertisers
• Data disclosure occurs only to comply with legal requirements, protect our rights and prevent abuse, or provide essential app functionality

7. Data Security

• HTTPS‑only transport for all network communications
• Secure token and session management via PocketBase authentication
• Minimal app permissions following principle of least privilege
• Password hashing using bcrypt for secure credential storage
• Encrypted local storage for sensitive information
• Secure cloud infrastructure via Hetzner with appropriate safeguards
• No crash reporting - no error logs or crash data collected

8. Data Retention

• Account Data: Retained while your account is active; removed immediately after deletion via in-app deletion or within 7 days after email request.
• Usage Data (watch history, favorites, listen later): Retained while your account is active to provide core functionality; you can clear items at any time; all data is immediately removed when you delete your account.
• Playback Preferences: Stored locally on your device only and retained until you clear app data, uninstall the app, or reset preferences.
• Offline Downloads: Feature not yet available. When released, downloads will remain on your device until you delete them or uninstall the app.
• Session Data: Automatically cleared when you log out.
• Crash/Error Logs: Not collected.
• Automatic Cleanup: Accounts that have been inactive for 2 years or more are automatically deleted to comply with data minimization principles and GDPR requirements.

Data Deletion Guarantee: We implement dual-layer deletion (CASCADE DELETE + explicit deletion) to ensure complete removal of your data with no orphaned records.

You can delete your account at any time via the in-app "Delete Account" option in Settings, or by contacting us at contact@rudnex.com.

9. Your Rights

• Access your personal data (profile information, usage data, preferences)
• View your account information (name, email, age, country) in the profile section
• Delete your account and all associated data via in-app "Delete Account" in Settings (watch history, favorites, listen later queue are immediately removed)
• Clear Data locally by uninstalling the app (removes playback preferences and local data; account data remains on server unless deleted via Settings)
• Revoke Google Sign‑In access via your Google account settings
• Control your playback preferences and volume settings

Note: Profile information (age, country) is collected once during initial registration and cannot be edited in-app (contact us if you need to update this information). The edit profile feature was intentionally removed as all required information is collected during the initial Complete Profile screen.

Account Linking: You can link multiple authentication methods (e.g., Google, email/password) to your account via secure OTP verification sent to your email.

Data Export: Data export feature is planned for a future update.

Contact us at: contact@rudnex.com for any data‑related requests.

Note: This is the same email address used for the "Share Feedback" feature in the app.

10. Children's Privacy & Regional Age Requirements

Audiu implements age verification measures to comply with international children's privacy laws, including COPPA, GDPR, and other regional regulations. The minimum age requirement varies by country to ensure full legal compliance.

Regional Age Requirements

• GDPR Countries (EU): Age requirements vary from 13-16 years based on individual Member State implementations:
  • 13 years: Belgium, Denmark, Estonia, Finland, Latvia, Malta, Portugal, Sweden, United Kingdom
  • 14 years: Austria, Bulgaria, Cyprus, Italy, Lithuania, Spain
  • 15 years: Czech Republic, France, Greece
  • 16 years: Croatia, Germany, Hungary, Ireland, Luxembourg, Netherlands, Poland, Romania, Slovakia
• COPPA Countries (US, Canada, Australia): 13 years minimum
• Other Regions: Generally 13-14 years based on local privacy laws

Age Verification Process

• Mandatory Profile Completion: All users (including Google Sign-In) must complete their profile with age and country information before accessing the app
• Country-Specific Validation: Age requirements are automatically applied based on your selected country during the Complete Profile screen
• Neutral Age Gate: Users provide their birth year or confirm eligibility; the screen does not encourage children to falsify age
• Single Collection Point: Age and country are collected once during initial login/registration and cannot be edited in-app (contact us to update)
• Anti‑Circumvention: If profile completion is not finished, app access is blocked until completion
• Compliance Monitoring: We regularly review and update age verification measures to maintain compliance with evolving regulations

Data Handling for Minors

• Automatic Compliance: If we learn we have data from a user below the required age for their country, we will promptly suspend the account and delete associated personal information
• Parental Rights: Parents or guardians may contact us regarding their child's account or data in any jurisdiction
• GDPR Rights: In GDPR territories, additional rights may apply for users under the digital consent age

Important: We do not knowingly collect personal information from children below the required age for their country. The age verification system is designed to prevent such collection while respecting regional legal requirements.

11. International Users

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

• Post the updated policy with a revised date
• Notify users of significant changes through the app
• Maintain previous versions for reference

13. Account Deletion

You can delete your account and all associated personal data at any time.

In-App Deletion (Recommended)

• How to Delete: Go to Profile → Settings → "Delete Account" (red button at bottom)
• Immediate Effect: Account deletion is processed immediately and cannot be undone
• What is Deleted Immediately:
  • Account details (name, email, age, country)
  • Watch history (all playback history and progress)
  • Favorites (all saved favorite stories)
  • Listen later queue (all queued stories)
  • Session data and authentication tokens
  • All user-specific data from our servers
• Local Data: Local app data (playback preferences, volume settings) will be cleared. To fully remove all local data, uninstall the app after account deletion.
• Deletion Guarantee: We use dual-layer deletion (CASCADE DELETE + explicit deletion) to ensure no orphaned data remains on our servers.

Email Deletion (If You Can't Access the App)

• Email Us: Send an email to contact@rudnex.com from your registered email address
• Subject Line: "Audiu Account Deletion Request"
• Processing Time: We will process your request within 7 days

Automatic Deletion

• Inactive Accounts: Accounts that have been inactive for 2 years or more are automatically deleted to comply with GDPR data minimization requirements
• Notification: We may send a notification before automatic deletion (if email is accessible)

14. Contact Information

Email: contact@rudnex.com
Operator: Individual Developer (Rudnex)
App: Audiu – Audio Story Streaming

15. About the Developer

This app is developed and maintained by an individual developer under the name Rudnex. While not a registered company, Rudnex operates this project and its website to provide audio story streaming services with care for user privacy and transparency.

Website: https://rudnex.com

This application was built using AI-assisted development tools, including AI Cursor Agent, to accelerate and enhance the development process.