Privacy Policy

Last updated: April 29, 2026

1. Introduction

Internet of Humans, Inc. ("IoH," "Ruune," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Ruune mobile application, desktop application, web dashboard, and the optional Ruune hardware recorder, together with all related cloud services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree with this Policy, please do not use the Services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required)
  • Display name (optional, set by you)
  • Authentication identifiers from sign-in providers you use (Apple ID, Google account ID)
  • Encrypted authentication tokens needed to keep you signed in

2.2 Audio Recordings and Generated Content

When you record audio through the Ruune mobile app, desktop app, or hardware device, we process and store:

  • Audio recordings you capture
  • Transcripts generated from your recordings
  • Speaker labels and voice embeddings used to identify speakers across your own recordings
  • AI-generated summaries, action items, tasks, and notes
  • Chat messages you exchange with our AI assistant about your notes
  • Recording markers, including optional photos you attach to moments in a recording

If you enable Private Mode in settings, the underlying audio file is automatically deleted from our servers after transcription and summarization. Your transcript and notes are retained.

2.3 Calendar Data

If you choose to connect a calendar (Google Calendar, Microsoft Outlook, or your device's native calendar), we access upcoming events so we can auto-link recordings to meetings and send optional reminders. We only read calendar entries; we do not modify your calendar. You can disconnect calendar access at any time in Settings.

2.4 Photos and Attachments

If you add a photo marker to a recording or attach a screenshot to a support ticket, we upload and store those images on your behalf. Photo library access is only requested when you choose to attach a photo.

2.5 Device and Usage Information

We automatically collect limited technical information to operate and improve the Services:

  • Device model, operating system version, and app version
  • A push notification token, so we can deliver notifications you have opted into
  • Crash and diagnostic logs
  • Information about any Ruune hardware device you pair, including firmware version and connection status
  • High-level app-interaction events, such as when a note is created

We do not collect precise location. If you use the optional WiFi transfer feature with the Ruune hardware recorder, iOS may briefly surface location permission to read the connected WiFi network name; location coordinates are not stored or transmitted.

2.6 Support Communications

When you contact us through Settings → Help & Feedback or by email, we store the content of your message, any screenshots you attach, and your email address so we can respond.

2.7 Payment Information

If you purchase a subscription, your payment is processed by a third-party payment processor (for example, Apple, Google, or Stripe). We receive only the transaction status and subscription tier; we do not receive or store your full payment card number.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services
  • Transcribe your recordings and generate summaries, action items, and other AI content
  • Enable natural-language search and chat over your own notes
  • Link notes to the calendar events you choose to connect
  • Deliver push notifications you have opted into, such as transcription-complete alerts
  • Respond to your support requests
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations

We do not use your recordings, transcripts, notes, or chat content to train our AI models or the AI models of our providers. We do not sell your personal information, and we do not share your personal information with third parties for their own advertising.

4. Third-Party Service Providers

We work with a small set of vetted processors to operate the Services:

  • Supabase, Inc. — database, authentication, file storage, and serverless functions. Your account data, notes, and audio are hosted on Supabase infrastructure.
  • AI transcription and summarization providers — we send your audio and transcripts to trusted AI providers (which may include OpenAI, Anthropic, Deepgram, AssemblyAI, or similar) solely to generate transcripts and summaries for you. These providers are contractually required not to train on your content.
  • Apple and Google — used only if you choose to sign in with Apple or Google, and used for push notification delivery on iOS and Android.
  • Microsoft and Google — used only if you choose to connect Outlook or Google Calendar.
  • Expo / EAS — used for mobile push-token registration and app updates.
  • Resend — used to send transactional emails such as feedback acknowledgments.
  • Payment processors — Apple, Google, or Stripe, depending on the purchase channel.

We may also disclose information where required by law, in response to a valid legal request, to enforce our Terms, or in connection with a merger, acquisition, or sale of assets in which your data would remain subject to an equivalent privacy policy.

5. Data Storage and Security

We apply industry-standard safeguards to protect your data:

  • All data is encrypted in transit using TLS
  • Audio files, transcripts, and database rows are encrypted at rest
  • Row-level security rules restrict access to your data to your authenticated account
  • Access by IoH personnel is strictly limited and logged
  • We regularly review our security posture and vendor controls

No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.

6. Data Retention and Deletion

We retain your content for as long as your account is active. You control your data and can delete it at any time:

  • Individual recordings and notes can be deleted at any time from within the Ruune app.
  • Your entire account and all associated data can be permanently deleted from the mobile app via Settings → Danger Zone → Delete Account, or from the web dashboard via Settings → Danger Zone → Delete Account. This removes your notes, recordings, chats, calendar connections, settings, and authentication record.
  • You may also email [email protected] to request account deletion.

Deletion takes effect immediately. Backup copies are purged from our systems within 30 days. We may retain limited records where retention is required by law (for example, tax or fraud-prevention records).

7. Your Rights and Choices

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your personal information and account
  • Export or receive a portable copy of your information
  • Object to or restrict certain processing
  • Opt out of non-essential communications
  • Withdraw consent where processing is based on consent

To exercise these rights, use the in-app controls described above or contact us at [email protected]. We will respond within the timeframes required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

7.1 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act, as amended by the CPRA, California residents have the right to know the categories and specific pieces of personal information we collect, to request deletion, to correct inaccurate information, and to opt out of any sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA.

7.2 EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our lawful bases for processing are: performance of our contract with you (providing the Services), your consent (where required, such as for optional calendar access), compliance with legal obligations, and our legitimate interests (for example, fraud prevention and improving the Services). International transfers to processors outside your region are covered by appropriate safeguards such as Standard Contractual Clauses.

8. Permissions Requested by the App

The Ruune app requests operating-system permissions only when needed, and only for the purposes listed below:

  • Microphone — to record audio notes.
  • Notifications — to alert you when a transcription completes or a calendar reminder fires. Prompted after sign-in, not at launch.
  • Photo Library / Camera — only when you attach a photo marker to a recording or a screenshot to a support ticket.
  • Calendar — only when you choose to link your calendar to auto-associate notes with meetings.
  • Bluetooth — only if you pair a Ruune hardware recorder, for sync.
  • Local Network / WiFi / Location — only if you opt into WiFi file transfer from a Ruune hardware recorder. The location check is required by iOS to read the WiFi SSID and is not stored.

You can revoke any permission at any time from your device's system settings.

9. Recording Consent

Important: Recording laws vary by jurisdiction. Some locations require all-party consent before recording a conversation. You are solely responsible for complying with applicable laws regarding recording consent in your jurisdiction. Ruune provides features that can help you manage consent, but we do not provide legal advice. If you have questions about recording laws in your area, consult a legal professional.

10. Children's Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We use appropriate safeguards, such as Standard Contractual Clauses where required, to ensure your information remains protected consistent with this Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and, where required, notifying you in-app or by email. Your continued use of the Services after changes become effective constitutes acceptance of the updated Policy.

13. Google API Services User Data Policy

Ruune's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

13.1 Google API Scopes We Request

Across the Ruune mobile app, desktop app, and web dashboard, we request only the following Google OAuth scopes, and only when you choose to sign in with Google or connect Google Calendar:

  • openid, email, profile — used solely to identify you and create or sign in to your Ruune account.
  • https://www.googleapis.com/auth/calendar.readonly — used solely to read your upcoming Google Calendar events so Ruune can auto-link recordings to meetings and surface meeting reminders inside the app.

We do not request write access to your Google Calendar, and we do not request access to Gmail, Google Drive, Google Contacts, or any other Google service.

13.2 Limited Use Compliance

Consistent with Google's Limited Use requirements, we:

  • Use Google user data only to provide or improve user-facing features that are prominent in the Ruune product (specifically: Google Sign-In and auto-linking your recordings to your calendar meetings).
  • Do not transfer Google user data to others except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • Do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • Do not allow humans to read your Google user data, except: (a) with your affirmative consent for specific data; (b) as necessary for security purposes, such as investigating abuse; (c) to comply with applicable law; or (d) for internal operations, and only when the data has been aggregated and anonymized.
  • Do not use Google user data, including the contents of your calendar events, to develop, improve, or train generalized or non-personalized AI or machine-learning models. This applies to our own models and to any third-party AI providers we use.

13.3 Revoking Access

You can disconnect Ruune from your Google account at any time from within the Ruune app under Settings → Calendar, or by visiting myaccount.google.com/permissions. Disconnecting immediately revokes Ruune's access to your Google Calendar and identity data.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Internet of Humans, Inc.
Email: [email protected]