Privacy Policy

Last updated: April 23, 2026

fio ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and retain information when you use the fio mobile application ("App"). fio is rated 17+ on the Apple App Store and is not intended for minors under 17.

1. Information We Collect

Account information: When you create an account, we collect your name, email address, and authentication credentials (password hash, or OAuth identifiers if you sign in with Apple or Google).

Content you save: URLs you add to fio and the extracted article text used to generate episodes.

Generated content: AI-generated podcast episodes (audio files), transcripts, and cover art created from your saved items.

Usage data: Playback history, listening progress, and in-app interaction patterns (via PostHog product analytics) used to improve the experience.

Diagnostic data: Crash reports and error telemetry (via Sentry) to diagnose bugs. This data is scoped to technical context and does not include the content of your saved articles.

Subscription data: If you purchase a subscription, Apple provides us with an anonymized transaction identifier and entitlement status. We do not receive your payment card information at any time.

2. How We Use Your Information

To provide and maintain the App's core functionality (saving items, generating podcasts, playback)
To authenticate your identity and secure your account
To generate personalized AI podcast episodes from your saved content
To diagnose bugs, prevent abuse, and improve reliability
To send service-related communications (account, security, billing)

We do not use your saved content or generated episodes to train AI models, and we do not sell your personal data.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under the following lawful bases:

Contract (Art. 6(1)(b) GDPR): to deliver the App's core features (account, saving items, generating episodes, playback) that you request.
Legitimate interests (Art. 6(1)(f)): to secure our service, prevent fraud and abuse, debug crashes, and measure product performance in an aggregated way.
Consent (Art. 6(1)(a)): for AI processing of your saved content (you are asked before the first episode is generated) and for any non-essential analytics on applicable devices.
Legal obligation (Art. 6(1)(c)): where we must retain records to comply with tax, accounting, or law-enforcement requirements.

4. Third-Party Services (Subprocessors)

We use a small number of trusted subprocessors to power fio. A short summary is below; the full, up-to-date subprocessor list (with locations and purpose) is maintained on a separate page.

Supabase — authentication, Postgres database, and file storage (episodes, transcripts, cover art)
Jina AI — extracts clean article text from the URLs you save
Anthropic (Claude) — analyzes extracted text and writes the podcast script
Microsoft Azure AI Speech (Neural TTS) — primary text-to-speech (voice synthesis)
OpenAI — fallback text-to-speech and fallback cover art generation
Google (Gemini / Imagen) — primary cover art generation
Sentry — crash reporting and error monitoring
PostHog — product analytics (usage patterns, retention)

Your saved URLs and extracted article text are sent to AI subprocessors solely to generate your episodes. Your name and email are never shared with AI processing services. We do not sell your data to any third party.

5. International Data Transfers

fio's infrastructure is primarily located in the United States. If you access the App from outside the U.S., your personal data will be transferred to and processed in the U.S. and other countries where our subprocessors operate.

For transfers of EU/UK/Swiss personal data to the U.S., we rely on one or more of the following safeguards as applicable:

The EU-U.S. Data Privacy Framework (and UK Extension / Swiss-U.S. DPF) for subprocessors that are self-certified;
Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary technical and organizational measures;
Your explicit consent where required.

You can request a copy of the applicable SCCs by contacting us.

6. AI Processing Consent

Before generating your first podcast episode, the App asks for your explicit consent and explains which services process your content. You can allow or deny AI processing at any time in Settings. If you deny AI processing, you can still save and browse items — only episode generation requires AI consent.

7. Data Retention

We retain data only as long as needed for the purposes described in this Policy. The table below summarizes retention by category:

Data category	Retention period
Account information (name, email, auth credentials)	For the life of your account. Deleted within 30 days of account deletion.
Saved URLs	Until you delete the item, or within 30 days of account deletion.
Extracted article text (used to generate episodes)	Purged within 24 hours of episode generation. Not used for model training.
Generated episodes, transcripts, cover art	Until you delete the episode, or within 30 days of account deletion.
Usage / playback data (PostHog)	Up to 12 months from event date, then aggregated or deleted.
Crash / error logs (Sentry)	90 days.
Subscription and billing records	Up to 7 years after the transaction, to comply with tax and accounting obligations.
Encrypted backups	Rolling 35-day window, after which backups are overwritten.

When you delete your account, all associated data is removed from active systems within 30 days and from encrypted backups within the backup-rotation window described above.

8. Your Rights (General)

Subject to applicable law, you have the right to:

Access your personal data stored in the App
Correct inaccurate personal data
Delete your account and all associated data via Settings
Export a copy of your personal data in a portable format, following a verified request
Object to or restrict processing based on legitimate interests
Withdraw consent at any time where processing is based on consent
Lodge a complaint with your local data-protection authority

To exercise any of these rights, contact us at privacy@tryfio.app. We will respond within the time limits required by your local law (for example, one month under GDPR, subject to extension for complex requests).

9. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights:

Right to know what personal information we collect, use, disclose, and (if applicable) sell or share
Right to delete personal information we have collected from you
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising
Right to limit use and disclosure of sensitive personal information
Right to non-discrimination for exercising any of the above rights

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not use or disclose sensitive personal information for purposes other than those permitted by §1798.121.

Global Privacy Control (GPC): our web properties treat a valid GPC signal as a request to opt out of sale/sharing. Because fio does not sell or share personal information, this has no practical effect on data flows, but the signal is recorded.

To exercise your California rights, email privacy@tryfio.app with "California Privacy Request" in the subject. We will verify your request using information already associated with your account. Authorized agents may submit requests with written permission and proof of identity.

10. Children's Privacy

fio is rated 17+ on the Apple App Store and is intended only for users 17 and older. We do not knowingly collect personal information from anyone under 17. If we learn that we have collected personal information from a user under 17, we will delete it promptly. Parents or guardians who believe a minor has created an account can contact us at privacy@tryfio.app.

11. Security

We implement industry-standard security measures to protect your data, including encrypted data transmission (TLS 1.2+), encryption at rest for file storage and backups, scoped access controls on our infrastructure, and least-privilege service keys. No system is perfectly secure, and we cannot guarantee absolute security.

12. Security Incident Notification

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify our lead supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware, in line with Article 33 of the GDPR. Where required by law, we will also notify affected users without undue delay and describe the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

13. Data Protection Officer & EU Representative

fio is an independent side project operated by a single developer. Based on the nature and scale of our processing, we do not meet the conditions in Article 37 GDPR that would require the appointment of a formal Data Protection Officer, and we do not meet the thresholds that require the formal designation of an Article 27 EU Representative. You can reach our privacy contact directly at privacy@tryfio.app. If EU-facing volume grows beyond the Article 27 thresholds, we will appoint a representative and update this section.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the App or by email, and we will update the "Last updated" date at the top of this page.

15. Contact Us

For privacy questions or to exercise your rights: privacy@tryfio.app

For general support: support@tryfio.app