Privacy

A plain-language privacy summary.

Alfaaz processes family stories, voice recordings, and account data to run the product. This page describes, in plain language, what we hold, why, where it lives, how long it stays, and how families can ask for export, correction, or deletion. For anything sensitive or unclear, write to us before sharing an elder's data.

What Alfaaz collects

Alfaaz collects three groups of data: account information from the family member who signs up, basic information about the elder being interviewed, and the conversations Alfaaz creates with the elder over time. Each group serves a specific purpose and is described below.

Concretely, the data we hold is:

  • Account: the family member's name, email, and authentication identifiers managed by Clerk. We do not store passwords; Clerk does.
  • Elder: the elder's name, their relation to the family member who set up the account, the elder's WhatsApp number, and the language they prefer to speak in.
  • Conversations: the voice notes the elder sends, machine-generated transcripts in their language, and the AI follow-up questions Alfaaz sends back.
  • Archive: story summaries, life chapters, people, places, events, open threads, and the original audio attached to conversation messages.
  • Operational metadata: timestamps, conversation status, and the bookkeeping needed to keep the service running. No location, no device fingerprinting, no advertising identifiers.

Why each kind is collected

Account data lets the family sign in and pick back up where they left off. Elder data lets Alfaaz reach the right person on WhatsApp in the right language. Conversation and memoir data is the product itself. Without it, there is nothing to preserve.

Family stories are never used for advertising, profiling, or training AI models. The third-party processors Alfaaz uses for transcription and AI follow-up questions run those steps under agreements that prevent them from retaining family content for their own model training.

Where it lives

Alfaaz runs on a small set of infrastructure providers, each with a specific role. The full processor list, including their privacy policies, is published on the trust page so it stays in one place rather than being copied here.

Alfaaz serves Indian families, but some infrastructure partners process data in the United States today. We are actively evaluating stronger India-resident data handling over time.

How long it's kept

Account and elder data are kept for as long as the family wants to use Alfaaz. If the family closes the account, the data is deleted on request. See the deletion section below.

Voice recordings, transcripts, story summaries, life chapters, and extracted memory are kept for the life of the archive. The whole point of Alfaaz is that the archive grows over time and remains accessible to the family who built it. We do not silently expire completed conversations.

Operational logs and analytics events are retained for a short window, typically a few months, for debugging and product improvement. They are not joined back to identify individual elders or families for any other purpose.

What Alfaaz never does

These are not aspirational claims. They are the operating boundaries Alfaaz is built around. If any of them ever needs to change for genuine product reasons, we will say so plainly and update this page before the change takes effect.

There are a few things Alfaaz commits to never doing, regardless of business pressure:

  • We do not sell, rent, or share family stories or voice recordings with advertisers.
  • We do not use family voices, transcripts, or memoir content to train AI models.
  • We do not let other families read or hear another family's memoir.
  • We do not use the elder's WhatsApp number for anything other than the conversations the family signed up for.
  • We do not retain payment card details on our own servers; those will be handled directly by Stripe when public plans launch.

Family rights and deletion

Families can ask Alfaaz to export, correct, or delete the data tied to their account. Concretely, that means:

  • Export: receive a copy of available archive content, transcripts, and the original audio.
  • Correction: fix factual errors in transcripts, names, or memoir content.
  • Deletion: permanently remove the elder's recordings, transcripts, story summaries, extracted memory, and account. Alfaaz also asks third-party processors to delete their copies where applicable.
  • Withdrawal: close the account and stop all future conversations at any time, with no penalty.

How to make a request

Email privacy@alfaaz.me from the email address attached to the family account. Most requests are handled within 14 days; deletion takes a little longer when third-party processors are involved.

If you are asking about data for an elder you did not enroll, please reach out from a family member who has access to the account so we can verify the request. This is a safety measure, not a hurdle.

Cookies and analytics

Alfaaz uses Clerk to manage authentication. Clerk sets the cookies needed to keep a family member signed in. Without them, the site cannot remember that you are logged in.

Alfaaz uses PostHog for product analytics, to understand which pages families read before signing up and which parts of the family home feel slow or confusing. Personal identifiers sent to PostHog are hashed before they leave our servers, so PostHog does not see raw email addresses or phone numbers. We do not use PostHog for advertising or for tracking across other websites.

Alfaaz does not run third-party advertising trackers, retargeting pixels, or social media trackers on its marketing pages.

About minors

Alfaaz is intended for adult family members preserving the stories of an adult elder. The product is not designed for use by children, and we do not knowingly collect data from anyone under 18. If a family member under 18 has set up an account, write to privacy@alfaaz.me and we will close it.

International families and Indian law

Alfaaz is built primarily for Indian elders and Indian-origin families living anywhere in the world. Our handling of personal data is aligned with India's Digital Personal Data Protection Act, 2023 (DPDP Act). Where families are based in regions with their own data laws (the EU, the UK, California), we honour the parts of those laws that apply to a service of our size, including reasonable export and deletion rights.

Updates to this policy

When something material changes (a new processor, a different retention period, a new data category) we update the date at the top of this page and email families before the change takes effect. We do not retroactively widen what we collect without telling you.