Privacy Policy

1.1 Information You Provide (Required for Service Delivery)

You are required to create an account to use Voises. The following information is necessary for us to provide the App’s core functionality. If you choose not to provide required information, we may not be able to provide you with the service or certain features:

• Account Information: Name, email address, and authentication credentials when you create an account.
• Ratings and Feedback: Session ratings, content feedback, preference selections, and any other evaluative input you provide within the App.
• Preferences: Your preferred session styles, guide voice selections, session lengths, focus areas, and personalization settings.
• Subscription Information: Subscription plan type, billing period, and Credit purchase history. Payment card information is processed and stored exclusively by the Apple App Store; we do not directly collect or store your payment card details.

You may also be required to input text into the App via open text fields, including responses to prompts, daily check-ins, free-form entries, journal-style reflections, and any other written input. To the extent this text includes personal information, it may be processed as described in this Privacy Policy. You should not include sensitive or confidential personal information in open text fields.

We may collect other information from you with your consent or as otherwise permitted or required by Applicable Law.

1.2 Information Collected Automatically

When you use the App, we automatically collect certain technical and usage information:

• Device Information: Device type, operating system, unique device identifiers, and mobile network information.
• Usage Data: App usage patterns, session frequency and duration, feature interactions, and engagement metrics.
• Analytics Data: Crash reports, performance data, and diagnostic information collected through Firebase Analytics.
• Attribution Data: Information about how you discovered and installed the App, collected through Meta (Facebook) and TikTok advertising SDKs for ad attribution and campaign measurement purposes.

1.3 AI-Generated Data

To provide personalized guided audio sessions, the App processes your User Content through AI models to generate customized content. Both the inputs sent to AI models and the AI-generated outputs (including session scripts and spoken content) are stored as part of your Personalization Memory. This processing also creates derived data such as personalization parameters and content generation logs.

If you include personal information in your check-in responses, text inputs, or other User Content, that information may be transmitted to our AI providers and may be reflected or reproduced in your Generated Content (e.g., your guided audio session may reference details you shared). Avoid providing sensitive information, confidential information, or other information you are not comfortable having processed by AI systems and stored as part of your Personalization Memory.

2.1 Required Processing (Necessary for Service Delivery)

We may use your information for the following purposes, which are necessary to deliver the App’s service to you:

• Generating Sessions: Processing your User Content through AI models to create personalized guided audio sessions.
• Personalization: Storing and recalling your check-in history, session data, ratings, preferences, and patterns as part of your Personalization Memory to deliver relevant and personalized experiences.
• Service Delivery: Managing your account, processing Subscriptions and Credits, and delivering the App’s core features.
• Communications: Sending you service-related notifications and account updates.
• Safety and Security: Detecting and preventing fraud, abuse, and security incidents.
• Legal Compliance: Complying with applicable laws, regulations, and legal processes as permitted by Applicable Law.

2.2 Improvement and Analytics Processing

The following uses help us improve the App and measure the effectiveness of our efforts. Where required by Applicable Law, these uses are based on your consent or our legitimate interests:

• Service Improvement: Analyzing usage patterns, identifying issues, and improving the App’s features and content quality using aggregated and/or de-identified data.
• Analytics: Understanding how users interact with the App and measuring the effectiveness of features through Firebase Analytics.
• Advertising Attribution: Measuring the effectiveness of our advertising campaigns and understanding how users discover the App through Meta and TikTok attribution SDKs.
• Promotional Communications: Where you have opted in and as otherwise permitted by Applicable Law, sending you marketing and promotional communications. You may opt out at any time.

3.1 AI and Content Generation

• Anthropic (Claude API): We transmit User Content (including check-in data, emotional state, wellness goals, and session preferences) to Anthropic’s API to generate personalized audio session scripts. Anthropic processes this data in accordance with their API data usage policies. You can learn more about Anthropic’s privacy practices here (opens in new tab).
• Deepgram (Speech to Text): When you use the voice note input feature, your audio is transmitted to Deepgram’s API for real time transcription into text. Deepgram processes this audio solely to return a text transcript and does not store recordings long term. You can learn more about Deepgram’s privacy practices here (opens in new tab).

3.2 Voice Synthesis

• ElevenLabs: We transmit Generated Content (session scripts) to ElevenLabs’ API for conversion into spoken audio using synthetic voices. You can learn more about ElevenLabs’ privacy practices here (opens in new tab).

3.3 Infrastructure and Data Storage

• Firebase (Google): We use Firebase for user authentication, cloud data storage, and analytics. Firebase collects device identifiers, usage data, and crash reports. You can learn more about Google’s privacy practices within Firebase here (opens in new tab).

3.4 Advertising and Attribution

• Meta (Facebook) SDK: We integrate the Meta SDK for advertising attribution. This SDK may collect device identifiers, app events, and attribution data to measure campaign effectiveness on Meta platforms. You can access Meta’s privacy policy here (opens in new tab).
• TikTok SDK: We integrate the TikTok SDK for advertising attribution. This SDK may collect device identifiers, app events, and attribution data to measure campaign effectiveness on TikTok. You can access TikTok’s privacy policy here (opens in new tab).

In accordance with Apple’s App Tracking Transparency (ATT) framework, the App will request your permission before tracking your activity across other companies’ apps and websites for advertising purposes. You can change your tracking preferences at any time in your device’s Settings under Privacy & Security > Tracking. If you decline tracking, we will not share your device identifier with advertising platforms for attribution purposes, though we may still use Apple’s SKAdNetwork for privacy-preserving campaign measurement.

10.1 Data Controller

Montra Interactive Inc. is the data controller responsible for your personal data.

Montra Interactive Inc.
200 Bay Street, North Tower, Suite 1200
Toronto, ON M5J 2J2, Canada
Email: support@montra.com

10.2 Lawful Bases for Processing

We process your personal data on the following lawful bases. To provide clarity, we map each specific processing purpose to its corresponding legal basis:

Consent (Article 6(1)(a)):

• Collection and processing of your check-in data, emotional state, stress levels, and wellness goals for generating personalized AI content.
• Retention of sensitive wellness data in your Personalization Memory.
• Advertising attribution and analytics tracking via Meta and TikTok SDKs in jurisdictions where local tracking rules (such as the ePrivacy Directive) require consent for non-essential cookies or similar technologies. You may withdraw tracking consent through the controls currently made available, which may include device-level settings (e.g., “Limit Ad Tracking” on iOS or “Opt Out of Ads Personalization”) or by contacting us at support@montra.com.
• Promotional and marketing communications (opt-in required, withdrawal available at any time).

Performance of a Contract (Article 6(1)(b)):

• Account creation, authentication, and management.
• Subscription management, Credit allocation, and payment processing.
• Delivery of the App’s core personalized audio guidance service functionality.
• Service-related notifications and account communications.

Legitimate Interests (Article 6(1)(f)):

• App security monitoring, fraud detection, and abuse prevention.
• Aggregated and de-identified analytics for service improvement (where consent is not required by local tracking rules).
• Maintaining service performance, debugging, and infrastructure monitoring.

We have conducted balancing tests for each legitimate interest to ensure they do not override your fundamental rights and freedoms.

Legal Obligation (Article 6(1)(c)):

• Compliance with tax, accounting, and financial regulatory requirements.
• Responding to lawful government and regulatory requests.
• Data breach notification obligations.

10.3 Processing of Special Category Data

Certain information you provide—such as data relating to your emotional state, stress levels, and mental wellbeing—may be considered health-related data or special category data under Article 9 of the GDPR. We process this data on the basis of your explicit consent (Article 9(2)(a)), which you provide before you first submit sensitive wellness information through the App’s check-in and input features (see Section 12 for details). The corresponding Article 6 basis for this processing is consent (Article 6(1)(a)) for personalization and session generation purposes, and performance of a contract (Article 6(1)(b)) to the extent that processing is necessary to deliver the core service you have requested.

You may withdraw your consent to the processing of special category data at any time by deleting your account or contacting us at support@montra.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal but may render it impossible for us to provide the App’s personalized services, as this data is essential to generating relevant content.

10.4 Your Rights Under the GDPR

Under the GDPR, you have the following rights:

• Right of Access (Article 15): Obtain confirmation of whether we process your data and request a copy.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your data in certain circumstances.
• Right to Restriction of Processing (Article 18): Request that we restrict processing in certain circumstances.
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Right Regarding Automated Decision-Making (Article 22): Not be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects. The App uses AI to generate wellness content but does not make legal, medical, financial, or similarly significant automated decisions about you.
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of alleged infringement. For UK residents, the relevant authority is the Information Commissioner’s Office (ICO).

To exercise these rights, contact us at support@montra.com. We will respond within one (1) month, extendable by up to two additional months for complex or numerous requests, with notice provided within the initial month.

10.5 Data Retention Under GDPR

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy. See Section 5 for our detailed retention schedule. When your personal data is no longer necessary, we will securely delete or anonymize it.

10.6 International Transfers from the EEA/UK

As described in Section 9, your personal data may be transferred to Canada and the United States. For transfers from the EEA or UK, we rely on Standard Contractual Clauses and, where applicable, the European Commission’s adequacy decision for Canada. We ensure that any onward transfers by our third-party service providers also incorporate appropriate safeguards.