Privacy
Privacy Policy
Alfaaz processes family stories, voice recordings, and account data to run the product. This policy describes, in plain language, what we hold, why, where it lives, how long it stays, and how families can ask for export, correction, or deletion. For anything sensitive or unclear, write to us before sharing an elder's data.
01
Who we are (controller / fiduciary)
Alfaaz is operated by Pulkit Mendiratta, trading as a sole proprietorship (eenmanszaak) under the name "Alfaaz", in Amsterdam, the Netherlands (KvK 42039821).
We are the data controller under the EU General Data Protection Regulation (GDPR) and the Dutch implementation (UAVG), and the data fiduciary under India’s Digital Personal Data Protection Act, 2023 (DPDP Act).
Contact / Grievance Officer: Pulkit Mendiratta — privacy@alfaaz.me. We aim to respond within 30 days.
Because Alfaaz is established in the EU, the GDPR applies to our processing wherever you are located. Because elders are located in India, the DPDP Act also applies to their personal data.
02
The data we collect
- Account & family data — email, name, family membership, and authentication data (managed by our auth provider). Used for login, notifications, invitations, and access control.
- Elder information (provided by the family member) — the elder’s name and nicknames, WhatsApp phone number, language, gender (for grammatically correct speech), relationship to the family, and optional context notes ("what lights them up"). Used to run and personalise conversations.
- Conversation data — incoming voice recordings (the elder’s voice notes), outgoing AI-generated voice notes, transcripts, conversation topic, and session metadata (timestamps, message IDs). Used to hold conversations and preserve stories.
- Extracted knowledge (AI-generated) — people, places, events, emotional moments, inferred personality traits, life-chapter narratives, an elder profile, and unfinished story threads, derived by AI from transcripts. Used to build and personalise the family’s story archive.
- Waitlist data — email and language preferences provided on our landing page.
- Payment data — handled entirely by Stripe. We do not store card numbers or bank details. Payments are one-time and manual — there is no subscription or automatic renewal.
- Website analytics — limited product analytics (see "Cookies and analytics"). We hash direct identifiers before they leave our servers where we can.
03
Special-category and sensitive data
Life stories naturally include sensitive information — health, religion, caste, political views, or accounts of personal relationships — and voice recordings, which can be sensitive/biometric under some laws.
- We do not solicit sensitive information, and we do not use it to make any decision about you or the elder.
- We rely on explicit consent (GDPR Art. 9(2)(a); DPDP consent) as the basis for processing it, given and managed through the family member who sets up the elder (see "How consent works").
- We do not create voiceprints, speaker-identification profiles, or biometric identifiers. Voice is used to transcribe speech to text and for family playback only.
- You can ask us to redact specific sensitive content from transcripts and extracted records.
04
Why we process your data, and our legal basis
| Purpose | Data | Legal basis (GDPR) |
|---|---|---|
| Holding voice conversations | Phone, name, language, gender, voice | Consent; performance of contract |
| Preserving stories | Transcripts, extracted entities, life chapters | Consent |
| Personalising conversations | Elder profile, known entities, past context | Consent; legitimate interests |
| Family notifications | Email, elder name, session summary | Performance of contract |
| Account management | Email, name, family membership | Performance of contract |
| Sensitive content within stories | As it arises in conversation | Explicit consent (Art. 9(2)(a)) |
| Service improvement | Aggregated, de-identified usage statistics | Legitimate interests |
| Diagnostics and data-quality review (early access) | Affected Content and processing records, minimum necessary | Legitimate interests; explicit consent for sensitive content |
| Legal compliance | As required | Legal obligation |
Under the DPDP Act, our processing of elder and account-holder data is based on consent for the specified purposes above, which can be withdrawn (see "Your rights").
We do not: sell personal data; use stories for advertising; use conversations to train AI models; or use any Content for marketing without separate, explicit consent.
05
How consent works in Alfaaz (the family-member model)
Alfaaz is unusual: the account holder (family member) sets up the elder, and the elder takes part over WhatsApp.
- The family member confirms, when registering an elder, that they are authorised to do so, that the elder has agreed to take part, and that they have explained that Alfaaz sends AI-generated voice messages.
- The elder’s first WhatsApp message identifies Alfaaz and its purpose, and the elder can decline or stop at any time simply by not replying. No story questions continue if the elder does not engage.
- The family member is responsible for informing the elder and for the elder’s participation (see our Terms of Service, Section 5).
- Either the elder, or a family member on their behalf, can ask us to stop processing and delete the elder’s data at any time by emailing privacy@alfaaz.me. Family members can also delete an elder in the dashboard.
06
Who we share data with (sub-processors)
We share data only with service providers that help us run Alfaaz, each receiving only what it needs. We do not sell or rent your data. A current, detailed list — including each provider’s purpose, the data it receives, its location, and its retention — is maintained in our Sub-processor list at /sub-processors. In summary, we use providers for: AI conversation and story extraction, AI scoring of stories, voice transcription and synthesis, WhatsApp message delivery, hosting and file storage, the database, authentication, email, payments, and product analytics.
07
International data transfers
Alfaaz is operated from the Netherlands. Elders are in India; account holders and our service providers may be in the EU, the UK, the United States, India, or elsewhere, so your data may be transferred across borders.
Safeguards we rely on, where applicable:
- Standard Contractual Clauses (SCCs) and, where available, EU-US Data Privacy Framework participation by our providers, for transfers out of the EEA;
- Data Processing Agreements with providers that act as our processors;
- under the DPDP Act, transfers to countries not restricted by the Government of India; we monitor the restricted-country list and adjust if required.
08
Voice recordings
- When an elder sends a voice note, we receive and process that audio to transcribe it and to let the family play it back.
- Outgoing voice notes are AI-generated (text-to-speech) — they are not the elder’s voice.
- We do not build voiceprints or use voice to identify anyone.
- Voice transcription and synthesis are performed by ElevenLabs. Audio sent to ElevenLabs is processed to produce text or speech; retention on ElevenLabs’ side is governed by their policy and the tier we use, and we are working to minimise it (see the sub-processor list for current status). Audio we store for family playback lives in our file storage (Vercel Blob) and is deleted when the elder is deleted.
09
Children’s and third parties’ data
9.1 Alfaaz is for adults. We do not knowingly let anyone under 18 create an account.
9.2 People mentioned in stories. Elders naturally mention others — including children and grandchildren. Records (names, facts) may be created for mentioned people, including minors. This data is derived from the elder’s narrative, not collected from those people. We do not build profiles of, or contact, mentioned individuals. A family member can edit or delete any such record in the dashboard, and any person can ask us to remove information about them at privacy@alfaaz.me.
10
Your rights
Depending on where you live, you have rights over your personal data. To exercise any of them, email privacy@alfaaz.me; we verify identity to prevent unauthorised access, respond within 30 days, and charge no fee.
- Everyone: access, correction, deletion, withdrawal of consent, and a copy of your data in a portable format. Family members can also edit and delete most data directly in the dashboard.
- India (DPDP Act): grievance redressal via our Grievance Officer (above); the right to nominate another person to exercise your rights in case of death or incapacity (relevant for elders — contact us to register a nominee); and the right to complain to the Data Protection Board of India.
- EU/EEA (GDPR): in addition to the above, the rights to restriction and to object, and the right to lodge a complaint with your local Supervisory Authority (in the Netherlands, the Autoriteit Persoonsgegevens).
- UK (UK GDPR): the equivalent rights, and the right to complain to the Information Commissioner’s Office (ICO).
- California (CCPA/CPRA): the rights to know, delete, correct, and to limit the use of sensitive personal information; we do not sell or "share" personal information for cross-context behavioural advertising, and we will not discriminate against you for exercising your rights.
- Canada (PIPEDA): access and correction rights, and the right to complain to the Office of the Privacy Commissioner of Canada.
Exercising rights for an elder: rights can be exercised by the elder directly, by a family member with verifiable family membership on the elder’s behalf, or by a registered nominee.
11
Data retention and deletion
| Data | Retention |
|---|---|
| Account data (email, name) | Until account deletion |
| Elder information, voice, transcripts, extracted knowledge, profile | Until the elder is deleted (plus a 14-day grace period for restoration) |
| Waitlist entries | Until you unsubscribe or 12 months of inactivity |
| Application logs | ~90 days (rolling) |
| Legal/consent records | As long as required to meet a legal obligation |
Deleting an elder: a family member deletes the elder; the elder is soft-deleted immediately, a 14-day grace period allows restoration, and after that all voice recordings, conversations, extracted data, and the elder record are permanently deleted, including associated audio files. Deleting your account: email privacy@alfaaz.me; we complete verified deletions within 30 days. Data already sent to AI providers is deleted per their retention policies (see the sub-processor list); we request deletion from other providers as applicable. Short-lived copies may persist in encrypted backups before expiring.
12
Security
- Encryption in transit (HTTPS/TLS); database and file storage encrypted at rest.
- WhatsApp messages are end-to-end encrypted by WhatsApp until they reach our processing endpoint.
- Authentication on all endpoints; family-scoped authorisation so you only see your Family’s data; least-privilege credentials; admin access separated.
- Webhook signatures verified (HMAC-SHA256 for messaging, Svix for auth, Stripe signatures for payments).
- Breach notification: we will notify the relevant authority within 72 hours where the GDPR requires it (and as soon as practicable under the DPDP Act), and affected individuals without undue delay where required.
No system is perfectly secure; we cannot guarantee absolute security, and you should not treat Alfaaz as your only copy of anything important (see Terms, Section 10).
14
AI processing disclosure
Alfaaz uses AI to: transcribe the elder’s voice to text; generate conversational questions; synthesise voice responses; extract people/places/events/moments and a story summary from each session; and build life chapters and an elder profile across sessions. AI also scores conversations internally (for example, how moving or shareable a story is) to help surface the right content to the family.
AI does not decide your account access or eligibility, does not create biometric profiles, does not publish your stories anywhere, and is not trained on your conversations. Family members can review, edit, and delete AI-generated Content, and choose conversation topics.
15
Early access: diagnostics and quality review
Alfaaz is in early access, and accounts created before 1 August 2026 form our Early Access Programme. During this period we sometimes need to look at real data to fix real problems. When an error, mis-transcription, failed extraction, or archive inconsistency is reported or detected, authorised personnel may access and review the affected conversation data (voice recordings, transcripts, and extracted records) to diagnose and correct the issue, verify the accuracy of AI-generated output, repair data-quality problems in a family’s archive (for example, de-duplicating people, places, or events), and confirm that our safety and content checks work as intended. This continues to apply to content created by Early Access accounts after the early-access period ends.
- Review is issue-driven: it happens when something needs fixing or verifying, never as routine monitoring of your conversations.
- We use the minimum data necessary and work with de-identified or pseudonymised data wherever practicable.
- What we learn is used only to fix the Service and your archive, never for marketing, advertising, or AI model training (Terms, Sections 8.3 and 8.4).
- Legal basis: our legitimate interest in providing a reliable and safe Service (GDPR Art. 6(1)(f)); where sensitive content is involved, the explicit consent described in "Special-category and sensitive data"; and, under the DPDP Act, one of the specified purposes you consent to. Questions or objections: privacy@alfaaz.me.
16
We deliver and receive messages over WhatsApp using a third-party messaging provider (listed in the sub-processor list). WhatsApp itself is operated by Meta under its own privacy policy (https://www.whatsapp.com/legal/privacy-policy).
- An elder is only contacted after a family member registers them and a conversation is initiated.
- We use the phone number only for the storytelling service — no marketing, promotions, or ads over WhatsApp.
- We receive voice-note audio and message metadata (timestamp, message ID). We do not access the elder’s WhatsApp contacts, profile photo, status, or other WhatsApp data.
17
Changes to this policy
We may update this policy. For material changes we will update the date above, take reasonable steps to notify registered users (e.g., by email or in the product), and, where required, give 30 days’ notice before the change takes effect.
18
Contact and complaints
Pulkit Mendiratta (Grievance Officer / data contact), trading as Alfaaz — privacy@alfaaz.me, Wibautstraat 186, Amsterdam, Netherlands.
You may also complain to a regulator: the Dutch Autoriteit Persoonsgegevens (EU/NL), your local EU Supervisory Authority, the UK ICO, the Data Protection Board of India, or the California Privacy Protection Agency, as applicable to you.
Trust & care