Privacy Policy

Last updated: April 3, 2026

Overview

Hey Codex ("we", "our", or "the app") is an audio transcription and AI writing tool operated by Tejeshwar. We take your privacy seriously. This policy explains what data we collect, how we use it, and how we protect it.

This policy applies to the Hey Codex iOS application, watchOS companion app, custom keyboard extension, and the website at appex.app.

What We Collect

  • Account information: Email address and name when you sign up via email/password or Google OAuth (through Supabase Auth).
  • Audio recordings: Audio files you record or upload for transcription. These are stored securely on Cloudflare R2 and only accessible to you (unless you create a share link).
  • Transcriptions and insights: Text generated from your audio by our AI processing pipeline.
  • Notes: Content you create within the app, synced between devices via our backend.
  • Text sent to AI tools: When you use the keyboard's AI features (rewrite, tone, translate, expand, continue), the surrounding text is sent for processing. We do not store this text after the response is returned.
  • Subscription status: We receive subscription status information from RevenueCat and Apple App Store to determine your plan tier. We do not receive or store your payment card details.
  • Usage data: Basic request counts for rate limiting and usage tracking (e.g., transcription count for the free tier limit). No analytics tracking, no ad identifiers.

How We Process Your Audio

When you submit audio for transcription, it is processed through our AI pipeline:

  • Google Gemini 2.5 Pro (primary) receives your audio to generate transcriptions and structured insights (summaries, action items, decisions, key topics).
  • AssemblyAI (fallback) is used for transcription if the primary provider is unavailable.

Audio is transmitted to these providers over encrypted connections. We do not use your audio or transcriptions to train AI models. These providers process data in accordance with their own privacy policies.

How We Use Your Data

  • To transcribe your audio and generate insights.
  • To process AI text tool requests from the keyboard.
  • To sync your notes across devices.
  • To enforce usage limits (free tier: 5 transcriptions/month).
  • To prevent abuse.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in this policy (AI providers for processing, cloud storage for hosting).

Data Storage

  • Audio files are stored on Cloudflare R2 (encrypted at rest).
  • Account data, transcriptions, insights, and notes are stored in Supabase (PostgreSQL) with row-level security ensuring you can only access your own data.
  • Authentication is handled by Supabase Auth, supporting email/password and Google OAuth.

All data in transit is encrypted via TLS. We do not store data in regions where we do not operate infrastructure.

Shared Documents

When you create a share link for a recording, the transcription, insights, and optionally the audio become accessible to anyone with the link. Audio in shared documents is served via pre-signed URLs that expire after 1 hour.

Share links use UUID-based access and do not require the recipient to have an account. You can deactivate any share link at any time from within the app.

Custom Keyboard

The Hey Codex keyboard extension requires Full Access to process AI text requests. The keyboard does not log keystrokes, does not collect typing patterns, and does not access text in password or secure fields. Text is only sent when you explicitly tap an AI action button.

Subscriptions

Subscription purchases and billing are handled entirely by Apple App Store through RevenueCat. We receive information about your subscription status (active, expired, trial) but do not have access to your payment method or billing details.

Data Retention

  • Your recordings, transcriptions, and notes are kept until you delete them.
  • Text sent via AI keyboard tools is not stored after the response is returned.
  • If you delete your account, all associated data (recordings, transcriptions, notes, insights, and audio files) is permanently deleted.

Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

Security

All data in transit is encrypted via TLS. Audio files are stored in encrypted cloud storage. Row-level security ensures you can only access your own data. While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure.

Your Rights

You can:

  • Delete any recording, note, or insight at any time.
  • Deactivate any shared document link.
  • Delete your account and all associated data.
  • Request a copy of your data by contacting us.
  • Contact us at tejuamirthi@gmail.com for any privacy-related requests.

Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the app after changes constitutes acceptance. For significant changes, we will make reasonable efforts to notify you.

Contact

For questions about this privacy policy or your data, email tejuamirthi@gmail.com.

See also our Terms of Service.