Privacy Policy

Hiroi (間) — a real-time meeting translation and language-learning app for iOS.

Last updated: 13 June 2026 · Hiroi is currently in beta.

This policy explains what data Hiroi handles, where it goes, and the choices you have. If anything is unclear, email papawing@gmail.com.

The short version

1. Who we are

Hiroi is developed by Hon Wing Yuen, an individual developer ("we," "us," "Hiroi"). Contact: papawing@gmail.com. For data-protection law, the developer is the data controller for the limited personal data described below.

2. Information we collect

2.1 Account identity (Sign in with Apple)

Hiroi uses Sign in with Apple as the only way to sign in. When you sign in, we receive and store:

We do not set or store passwords, and generally do not receive your real email address.

2.2 Meeting audio (processed transiently, not stored by us)

When you run a live meeting, your microphone audio is streamed directly from your device to Soniox, a third-party speech-to-text provider, which performs real-time transcription and translation, processed in the United States.

Hiroi does not record, save, or store your meeting audio on its own servers. The audio passes through transiently solely to produce the live transcript and translation you see. Soniox's handling of that audio is governed by Soniox's own terms and privacy policy.

2.3 Transcripts, summaries, and saved phrases (stored on your device)

The transcripts, meeting history, summaries, and saved phrases Hiroi produces are stored locally on your device. They are not uploaded to Hiroi's servers. Unless you choose to create a web share link (see section 2.7), we have no copy of your meeting content. Deleting the app or your account removes that local data.

2.4 AI features (transcript text sent to Google Gemini)

When you ask Hiroi to generate a post-meeting summary or a language-learning explanation, the relevant transcript text is sent to Google's Gemini API to produce that result. These requests are proxied through Hiroi's backend so you don't supply your own AI key; Google processes the text under its own terms. We send only the text needed for the feature you requested — not your audio.

2.5 Usage metering

To manage plans and quotas, Hiroi's backend records how many minutes you use each month, keyed to your opaque Apple user identifier. We store the usage tally and, if you shared it, your display name. Other than the optional, in-memory web-share relay described in section 2.7, we do not store transcripts, audio, or meeting content on our backend.

2.6 What we do NOT do

2.7 Web link sharing (optional)

If you choose to share a meeting via a web link (so people without the app can read it in a browser), Hiroi relays the live transcript text (the same source and translation lines you see) through our backend in real time so viewers can follow along. This text is held only in memory for the duration of the share, is never written to storage, and is deleted when the link ends (when you stop sharing, or automatically after the meeting). Access is gated by an unguessable link. Your audio is never sent — only text crosses the relay. If you do not create a web link, nothing changes: your transcript stays on your device.

3. How we use your information

DataPurposeLegal basis (GDPR/UK GDPR)
Apple user IDAuthenticate you; tie usage to one accountPerformance of a contract
Name (if shared)Personalize the app; show names in our usage viewConsent / legitimate interests
Audio (transient)Real-time transcription & translationPerformance of a contract
Transcript text (to Gemini)Summaries & learning explanations you requestPerformance of a contract
Usage minutesPlan/quota enforcement, future billingPerformance of a contract / legitimate interests

4. Third-party sub-processors

ProviderFunctionData involved
AppleSign in with Apple; App Store distributionApple user ID, optional name/relay email
Soniox (US)Speech-to-text and translationLive meeting audio, processed transiently
Google (Gemini API)AI summaries & learning explanationsTranscript text you submit
CloudflareBackend hosting; usage-minute storage; optional web-share relayApple user ID, usage minutes, optional name; live transcript text (in memory only) if you create a web link

Each provider processes data under its own privacy terms. Because Soniox processes audio in the United States, your data may be transferred to and processed in the US even if you are located elsewhere.

5. International data transfers

Hiroi uses globally distributed providers. Meeting audio is processed in the United States (Soniox); other providers (Google, Cloudflare, Apple) may process data in the US or other countries. Where required by GDPR/UK GDPR, transfers outside the EEA/UK rely on the providers' own transfer safeguards (such as Standard Contractual Clauses).

6. Data retention

7. Your rights and choices

7.1 Delete your account (everyone)

You can delete your account any time: Settings → Delete Account. This erases your server-side usage data and stored name and wipes your local data on that device (meetings, learning content, glossary, speakers). Deletion is permanent. (Signing out is different: it keeps your local data and usage tally.)

7.2 GDPR / UK GDPR

You may request access to, correction of, or deletion of your personal data, object to or restrict processing, and lodge a complaint with your local data-protection authority. Because most content lives only on your device and we store very little (an opaque ID, usage minutes, optional name), you can exercise most rights directly in-app, or by emailing papawing@gmail.com.

7.3 California (CCPA/CPRA)

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. California residents may request to know what we hold, request deletion, and not be discriminated against. Email papawing@gmail.com or use in-app account deletion.

7.4 Other regions

Residents of Canada (PIPEDA), Brazil (LGPD), and other jurisdictions have comparable rights. Contact us to exercise them.

8. Children's privacy

Hiroi is not directed to children. It is intended for users aged 16 and over (and at least 13 where allowed). We do not knowingly collect data from children under these ages.

9. Security

We keep service-provider API keys server-side and never embed them in the app. Sign-in uses short-lived session tokens. No method is perfectly secure, but we take reasonable measures to protect the limited data we hold. As Hiroi is in beta, some protections are still being hardened.

10. Changes to this policy

We may update this policy as Hiroi evolves (for example, when paid plans launch). We will revise the "Last updated" date and, for material changes, provide notice in the app.

11. Contact

Questions or requests: papawing@gmail.com.


日本語の概要

これは要約です。正式な内容は上記の英語版が優先されます。完全な日本語訳は今後追加予定です。