Privacy Policy

Your voice is NOT recorded. Audio from your microphone is streamed in real-time to Google Cloud's Gemini API (Vertex AI) for processing. The audio stream exists only in-memory during your active session. No audio files, recordings, or voice samples are saved — not on our servers, not on Google's servers, not anywhere.

We use Google Cloud's Vertex AI (enterprise tier), which is contractually distinct from consumer Google products. Google does not use Vertex AI customer data to train or improve their models. Your conversations are processed, not retained by Google.

Text transcripts of voice conversations are generated during the session and may be retained for quality improvement and service operation purposes. These transcripts contain the text content of what was said, not the audio itself.

Sophia uses voice enrollment to recognise returning learners and prevent abuse of the free service. For anonymous users (those who have not signed in with Google), voice enrollment is required to use the Service. Signed-in users are not required to enroll.

How consent is obtained

Sophia asks for your consent conversationally during your first session. The question is asked verbally by Sophia in plain language (e.g., "I'd save a small voice signature of yours. No recordings, just a fingerprint of how you sound. Is that okay?"). You respond verbally with a clear yes or no. You have up to 5 minutes to make your decision.

If you consent

• We collect: approximately 5–10 seconds of audio during the consent conversation.
• We derive: a voice signature — a mathematical vector of numbers, not audio.
• We discard: the raw audio immediately after processing. Processing happens in-memory on our servers. No audio file is written to disk.
• We store: the voice signature in Google Cloud Firestore (us-central1, Iowa, USA), tied to an anonymous identity record.
• Retention: 180 days of inactivity, then the record is auto-deleted by a scheduled sweep. Active use extends retention.
• Legal basis: your explicit verbal consent, given during the conversational enrollment flow, revocable at any time. This constitutes valid consent under GDPR Article 9 (explicit consent for biometric data) and PIPEDA Principle 3 (knowledge and consent).

If you decline

If you decline voice consent or do not respond within the decision window, Sophia will end the session. No audio is retained and no voice signature is created. You may still use Sophia by signing in with Google — signed-in users are not required to provide voice consent.

Consent audit trail

To demonstrate that consent was meaningfully obtained, we record the following for every consent interaction:

• The version of the consent prompt Sophia used
• The exact question Sophia asked
• A text transcript of your verbal reply
• The consent outcome (affirmative, declined, or equivocal)
• A SHA-256 hash of the audio clip (a fingerprint proving what audio existed, not the audio itself)
• Timestamp, session ID, and browser user agent

This audit trail exists so we can prove to regulators and to you that consent was asked for properly, answered clearly, and recorded accurately. It cannot be used to reconstruct your voice.

Deletion and your rights

• Signed-in users: delete via Settings.
• Anonymous users: delete via /privacy/me.
• Email: privacy@davidlabs.ca. Self-serve deletions are processed immediately. Email requests are processed within 30 days.

Why we do this

Voice signatures prevent the same person from creating multiple free accounts, keeping fair access for everyone. They also let Sophia greet you by name and track your progress across sessions without requiring sign-in. Voice is both the identity mechanism and the abuse prevention gate — without it, we have no way to ensure fair use of the free anonymous service.

• Location: processed in Google Cloud us-central1 (Iowa, USA).
• Sharing: we never share voice signatures with any third party. Google Cloud provides the infrastructure only — it has no access to interpret the signature.

If you clear browser storage and lose access to your enrollment session, email privacy@davidlabs.ca to request deletion — we can locate records using reasonable efforts based on any identifiers you provide.

Your data is stored in Google Cloud Firestore, hosted in the United States (us-central1 region). All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We follow Google Cloud's security best practices, including identity and access management, audit logging, and network security controls.

Access to user data is restricted to authorized David Labs personnel on a need-to-know basis. We do not provide direct database access to third parties.

Session data and transcripts: Retained for up to 90 days after the session date for quality improvement, then automatically deleted unless the session has been safety-flagged (see Section 7).

Account information: Retained as long as your account is active. Upon account deletion, personal information is removed within 30 days.

Payment records: Transaction records are retained as required by applicable tax and financial regulations.

Aggregated analytics: De-identified, aggregated data may be retained indefinitely as it cannot be linked back to individual users.

Sophia includes automated safety protocols designed to protect users, particularly minors. If the system detects indicators of distress, harm, or crisis during a session, the following occurs:

• Crisis intervention resources are displayed on screen
• The session is flagged internally for safety review
• Session data from safety-flagged sessions becomes an immutable record — it cannot be deleted or modified by the user, David Labs staff, or automated systems
• An internal review ticket is created containing only session metadata (session ID, timestamp, user type) — no disclosure content is included in the ticket

Safety-flagged session records are retained indefinitely as a safeguarding measure. This data is encrypted, access-restricted, and reviewable only by designated safety personnel.

Important: Sophia is not a crisis counselor, therapist, or emergency service. Safety protocols are designed to connect users with qualified human support services. Sophia does not investigate, diagnose, or provide therapeutic advice.

David Labs is committed to complying with the Children's Online Privacy Protection Act (COPPA) and equivalent international regulations governing children's data.

Users Under 13

We do not knowingly collect personal information from children under 13 without verifiable parental consent. If a user indicates they are under 13 during account creation, the signup process is halted and a parental consent flow is initiated. Without completed parental consent, no account is created and no data is retained.

Users Aged 13 to 17

Users between 13 and 17 may create accounts with reduced data collection. Credit purchases require a payment method belonging to a parent or legal guardian, serving as implicit parental authorization. We apply enhanced privacy protections to minor accounts, including data minimization and restricted retention periods.

Parental Rights

Parents and legal guardians have the right to:

• Review the personal information we have collected from their child
• Request deletion of their child's personal information
• Refuse to permit further collection of their child's information
• Receive a copy of their child's data in a machine-readable format

To exercise these rights, contact us at parents@davidlabs.ca with proof of identity and relationship to the minor. We will respond within 30 days.

Exception: Safety-Flagged Records

Session data from safety-flagged sessions (see Section 7) cannot be deleted, even at the request of a parent or guardian. This is a safeguarding measure designed to protect the child. Safety-flagged records are encrypted and access-restricted.

For general privacy questions: privacy@davidlabs.ca

For children's accounts and parental consent: parents@davidlabs.ca

For legal matters: legal@davidlabs.ca