Privacy Policy
Auto Captions: AI Subtitles·Last updated: April 16, 2026
1Overview & Key Facts
The short version: Auto Captions processes your video entirely on your device. Only the audio portion is briefly sent to our transcription service. We do not sell your data, we do not run ads, and we do not require an account.
| Topic | Answer |
|---|---|
| Video leaves your device? | Never |
| Audio stored permanently? | No — processed in real time only |
| User accounts / login? | Not required |
| Ads or ad tracking? | None |
| Data sold to third parties? | Never |
| Personal info (name, email)? | Not collected |
| Crash & analytics data? | Anonymous — via Firebase |
| Subscription data? | Purchase history via RevenueCat |
2Who We Are
Auto Captions: AI Subtitles (package name com.autocaptions.app) is developed and operated by Martti Randma, an individual developer based in Estonia, European Union.
Under the EU General Data Protection Regulation (GDPR), Martti Randma acts as the data controller for personal data processed through this application.
Contact: martti.randma@gmail.com
3Data We Collect & Why
3.1 Audio Data (Speech-to-Text Transcription)
When you initiate transcription, the app extracts the audio track from your selected video using FFmpeg — entirely on your device. This audio is then transmitted over an encrypted HTTPS connection to our API proxy (a Cloudflare Worker) which forwards it to the ElevenLabs Scribe v2 speech-to-text API.
Important: Audio is used solely to generate a word-level transcript. It is not stored, logged, or retained by our proxy or by ElevenLabs beyond the duration of a single API request. Your video file itself is never transmitted — all video compositing and rendering takes place on your device.
Legal basis (GDPR Art. 6(1)(b)): Processing is necessary to perform the service you requested.
3.2 Crash Reports (Firebase Crashlytics)
If the app crashes, Firebase Crashlytics automatically collects:
- Device model and operating system version
- App version and build number
- Stack trace and error message at the time of the crash
- A randomly generated installation ID (not linked to your identity)
Legal basis (GDPR Art. 6(1)(f)): Legitimate interest in maintaining a stable, secure application.
3.3 Analytics Data (Firebase Analytics)
Firebase Analytics collects anonymous, aggregated usage data including:
- Screen views and navigation flows
- Feature interactions (e.g., export initiated, platform selected)
- App session length and frequency
- Device country/region (coarse, not precise location)
- Device type, OS version
No personal identifiers such as name, email, or IP address are collected.
Legal basis (GDPR Art. 6(1)(f)): Legitimate interest in improving the application based on usage patterns.
3.4 Performance Data (Firebase Performance Monitoring)
Firebase Performance Monitoring collects anonymous metrics such as app startup time, network request latency, and rendering performance. This data does not contain personal information or media content.
Legal basis (GDPR Art. 6(1)(f)): Legitimate interest in ensuring acceptable app performance.
3.5 Subscription & Purchase Data (RevenueCat)
If you purchase a subscription, RevenueCat receives information from Google Play Billing necessary to manage your subscription, including:
- Purchase token and transaction ID (provided by Google Play)
- Subscription status (active, expired, trial, etc.)
- Purchase history and renewal dates
RevenueCat does not receive your payment card details; those are handled exclusively by Google Play.
Legal basis (GDPR Art. 6(1)(b)): Processing is necessary to fulfil your subscription purchase and deliver paid features.
3.6 Data We Do NOT Collect
- Name, email address, phone number, or any account credentials
- Precise GPS location
- Contacts, microphone access beyond audio extraction, or camera roll metadata
- Advertising identifiers (IDFA, GAID) — no ads are served
- The video file itself (never leaves your device)
- The final captioned video output
4Third-Party Services
| Service | Purpose | Data Sent | Privacy Policy |
|---|---|---|---|
| ElevenLabs | Speech-to-text (Scribe v2) | Audio file (not stored) | elevenlabs.io/privacy |
| Cloudflare Workers | Secure API proxy | Audio in transit (not stored) | cloudflare.com/privacypolicy |
| Firebase Crashlytics | Crash reporting | Anonymous crash data | firebase.google.com/support/privacy |
| Firebase Analytics | Usage analytics | Anonymous usage events | firebase.google.com/support/privacy |
| Firebase Performance | Performance monitoring | Anonymous metrics | firebase.google.com/support/privacy |
| RevenueCat | Subscription management | Purchase tokens, status | revenuecat.com/privacy |
| Google Play Billing | Payment processing | Managed by Google | policies.google.com/privacy |
Each of these services operates under its own privacy policy. We have entered into appropriate data processing agreements with these providers where required under GDPR.
5Data Sharing
We do not sell, rent, or trade your data. Data is shared only in the following limited circumstances:
- Service providers: The third-party services listed in Section 4 receive data solely to provide the described functions.
- Legal requirements: We may disclose data if required by law, court order, or to protect the rights, property, or safety of users or the public.
- Business transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction.
6Data Retention
| Data Type | Retention Period |
|---|---|
| Audio (transcription) | Not retained — discarded immediately after API response |
| Video files | Never leave your device — zero retention on our end |
| Crash reports (Crashlytics) | 90 days (Firebase default) |
| Analytics events | Up to 14 months (Firebase default, aggregated) |
| Performance metrics | 30 days (Firebase default) |
| Subscription data (RevenueCat) | Duration of subscription plus period required by law |
Data stored locally on your device can be removed by uninstalling the app.
7Security
We implement appropriate technical and organisational measures to protect your data:
- All data transmitted to external services is encrypted in transit using TLS 1.2 or higher.
- Our API proxy does not log request payloads or audio content.
- API credentials are stored in Cloudflare Secrets and are never embedded in the app binary.
- The app requests only the device permissions strictly necessary for its function.
If you believe a security incident has occurred, please contact us at martti.randma@gmail.com.
8Children's Privacy
Auto Captions: AI Subtitles is not directed at children under the age of 13 (or under 16 where required by local law). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with information, please contact us at martti.randma@gmail.com.
9Your Rights — GDPR (EU / EEA Users)
If you are located in the EU or EEA, you have the following rights under the GDPR:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data.
Request that we restrict processing in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests.
Where processing is based on consent, withdraw it at any time.
File a complaint with your national data protection authority.
To exercise any of these rights, contact us at martti.randma@gmail.com. We will respond within 30 days. In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) — aki.ee.
10Your Rights — CCPA (California Users)
If you are a California resident, the CCPA/CPRA grants you these rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information collected.
- Right to Delete: Request deletion of personal information.
- Right to Correct: Request correction of inaccurate information.
- Right to Opt-Out of Sale: We do not sell or share personal information. No opt-out is necessary.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
| Category | Collected? | Sold? |
|---|---|---|
| Identifiers (name, email, IP) | No | No |
| Commercial information | Yes — via RevenueCat | No |
| Internet / network activity | Yes — anonymous | No |
| Audio / visual data (video) | No | No |
| Audio for transcription | Transient — not retained | No |
| Geolocation | No | No |
| Sensitive personal information | No | No |
Contact: martti.randma@gmail.com. We will respond within 45 days.
11International Data Transfers
We are based in Estonia (EU). Some third-party providers may process data outside the EEA, including in the United States. We rely on:
- Adequacy decisions issued by the European Commission;
- Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
- The EU-U.S. Data Privacy Framework where providers are certified.
12Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and may post an in-app notification. Your continued use of the app constitutes acceptance of the updated policy.
13Contact
For any questions or requests relating to this Privacy Policy:
Martti Randma
Individual Developer · Estonia, European Union
Email: martti.randma@gmail.com
We aim to respond within 30 days.