The short version. Recordo is built by Recordo LLC. We collect what we need to run the app for you: your account, the notes and reminders and recordings you capture, and basic device and usage information. We use Google Gemini and OpenAI to power the AI features. We contract with them so they cannot keep or train on your content. We do not sell your personal data, we do not show advertising, and we do not allow our AI providers to use your content to train their general-purpose models. Read on for the details — and please get in touch at privacy@recordo.app if anything is unclear.
This Privacy Policy describes how Recordo LLC, a limited liability company organized under the laws of the Republic of Armenia ("Recordo," "we," "us," or "our"), collects, uses, shares, and protects personal data in connection with the Recordo mobile application, the recordo.app website, and related services (together, the "Service"). This policy is part of, and incorporated into, our Terms of Service.
For matters subject to the General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR"), Recordo LLC is the controller of personal data described in this policy.
This policy covers personal data we collect from or about people who:
This policy does not cover websites, products, or services operated by anyone other than us, even if we link to them.
Recordo is marketed to people with ADHD and to other neurodivergent users. We do not ask you to confirm or disclose any diagnosis, and using the Service does not require you to identify yourself as having ADHD or any other condition.
You might, however, choose to write about ADHD, mental health, medication, therapy, or other personal topics in the notes you store with us. Where the law treats that kind of content as a special category of personal data (for example, "data concerning health" under GDPR Article 9), we treat it on the following basis:
Recordo is a productivity tool, not a medical device. See Sections 2 and 3 of our Terms of Service for the medical disclaimers.
We use the personal data described in Section 3 for the following purposes:
For clarity: the general analytics, service-improvement, and marketing statements in this Section 5 do not mean that we use Google Calendar data for advertising, marketing, data brokerage, generalized analytics, or any purpose unrelated to the calendar features you chose to enable.
If you are in the European Economic Area, the United Kingdom, or another jurisdiction whose data-protection law requires us to identify a legal basis for each purpose, we rely on:
| Purpose | Legal basis |
|---|---|
| Provide the Service (account, sync, AI-assisted features, exports) | Performance of a contract (GDPR Art. 6(1)(b)) |
| Processing of content that may amount to special-category data (e.g., references to your health or to ADHD) | Your explicit consent (Art. 9(2)(a)), given when you choose to enter such content into the Service |
| Subscription administration and billing communications | Performance of a contract (Art. 6(1)(b)) |
| Security, abuse prevention, fraud detection | Legitimate interests (Art. 6(1)(f)) — keeping the Service secure |
| Analytics and Service improvement | Legitimate interests (Art. 6(1)(f)) — improving the Service. You can object — see Section 13. |
| Marketing communications (if any) | Consent (Art. 6(1)(a)) — withdrawable at any time |
| Legal compliance, response to lawful requests | Legal obligation (Art. 6(1)(c)) and/or legitimate interests (Art. 6(1)(f)) |
The Service uses artificial intelligence to transcribe voice, classify notes, draft text, organize tasks, run search, and power the AI coach personalities. We use the following AI providers, acting as our subprocessors:
Our commitments to you about AI processing:
AI providers operate on infrastructure they control (primarily in the United States). Your content is transmitted to them under transport-layer encryption.
To run the Service we engage the following service providers (called "processors" or "subprocessors" under data-protection law). Each has a contract with us that limits how they may use your data.
| Provider | Role | Primary region |
|---|---|---|
| Vercel, Inc. | API hosting and serverless compute | United States |
| Supabase, Inc. | Database, authentication, file storage | United States |
| Google LLC (Firebase) | Push notifications, mobile analytics, crash reporting | United States |
| PostHog Inc. | Product analytics | United States |
| RevenueCat, Inc. | Subscription management | United States |
| Apple Inc. | App distribution and in-app purchase (iOS users) | United States |
| Google LLC (Play) | App distribution and in-app purchase (Android users) | United States |
| Google LLC (Gemini), OpenAI, L.L.C. | AI processing — see Section 7 | United States |
We may add or change processors from time to time. Material changes will be reflected in a revised version of this policy.
We share personal data only in the limited circumstances described below.
Under contracts that require them to process the data only on our instructions and to protect it.
If you connect Google Calendar, we use Google as the source of the calendar data and may store synced calendar metadata and event data with our infrastructure providers such as Vercel and Supabase only to provide the calendar features inside Recordo. We do not disclose Google Calendar data to advertisers, data brokers, information resellers, or our AI providers for training.
We may disclose personal data when we believe in good faith that disclosure is required to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to detect, prevent, or address fraud, security, or technical issues; or to protect against harm to our rights, property, or safety, or that of our users or the public.
If we are involved in a merger, acquisition, reorganization, financing, or sale of all or substantially all of our assets, personal data may be transferred as part of that transaction. We will require the recipient to honor this policy or give you notice and a chance to opt out of further processing.
What we do not do.
We keep personal data only for as long as we need it for the purposes described in this policy, or as required by law.
| Data category | Retention |
|---|---|
| Notes, tasks, lists, routines, reminders, chat history with AI coach personalities | Retained while your account is active. You can delete any item at any time from the app. |
| Connected Google Calendar account email, selected calendar metadata, and synced external calendar events | Retained while the Google Calendar connection remains active so we can provide the calendar features you enabled. If you disconnect Google Calendar, we delete cached imported calendars and synced external calendar events from Recordo. Connection records may be retained for a limited period where required for security, fraud-prevention, or legal compliance. |
| Voice recordings uploaded for transcription | Processed and then deleted from our servers shortly after transcription; transcribed text is retained as your content. |
| Photos uploaded for content capture | Processed for content extraction and then deleted from our servers shortly after; extracted text and items are retained as your content. |
| Account profile and credentials | Retained while your account is active. On account closure, deleted within 30 days, except where we are required to retain it for legal, accounting, tax, or fraud-prevention purposes. |
| Usage analytics in identifiable form | Up to 24 months from collection. After that, aggregated or anonymized. |
| Crash and security logs | Up to 12 months. |
| Subscription / billing records | As required by applicable tax, accounting, and consumer-protection law (typically up to 7 years). |
| Support communications | Up to 24 months after the matter is closed. |
| Backups | Cycled out as part of normal backup rotation, typically within 30–60 days. |
You can delete your account at any time from the in-app settings or at recordo.app/delete-account. We will action the request within 30 days.
Recordo LLC is based in the Republic of Armenia. Our service providers (Section 8) operate primarily in the United States. When you use the Service, your personal data is transferred to, stored in, and processed in the United States, and may be accessed by us from Armenia.
Where required by applicable law, we put in place safeguards for these transfers. In particular:
You can request a copy of the safeguards we rely on by writing to privacy@recordo.app.
We use technical and organizational measures intended to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These include:
No system is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authority, in line with applicable law.
Depending on where you live, you may have some or all of the following rights with respect to personal data we hold about you:
To exercise any of these rights, write to privacy@recordo.app. We will respond within the time limits required by applicable law (typically within one month for GDPR / UK GDPR requests, 45 days for CCPA requests). We may need to verify your identity before acting on your request.
This section provides additional information for California residents under the California Consumer Privacy Act / California Privacy Rights Act ("CCPA").
In the past 12 months, and on a going-forward basis, we collect the categories of personal information described in Section 3 of this policy. We collect these categories directly from you, automatically from your device when you use the Service, and from our service providers (Section 8). We use this information for the business and commercial purposes described in Section 5.
You may choose to include in your notes information that the CCPA classifies as "sensitive personal information," for example references to your health or to a mental-health condition. Where you do so, we use that information solely to provide the Service you have requested (i.e., to store, organize, and surface your own notes back to you), and not for any purpose listed in Cal. Civ. Code §1798.121(a) that would trigger the right to limit use.
In the past 12 months, and on a going-forward basis, we have disclosed each category of personal information described in Section 3 to the service providers listed in Sections 7 and 8, for the business purposes described in Section 5.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA.
To exercise these rights, contact privacy@recordo.app. If your request is denied, you can appeal by replying to our response.
Recordo is intended for adults. You must be at least 18 years old to use the Service. We do not knowingly collect personal data from anyone under 18. If you believe we have collected personal data from a child, please contact us at privacy@recordo.app and we will take appropriate steps to delete it.
We may update this Privacy Policy from time to time to reflect changes to our practices, to the Service, or to applicable law. When we make material changes, we will:
We encourage you to review this policy from time to time.
If you have questions, requests, or complaints about this Privacy Policy or our handling of your personal data, please contact us:
We aim to respond to privacy requests within 30 days.
If you are in the EEA, you can also lodge a complaint with the data-protection authority in the EU member state where you live or work, or where you believe the alleged infringement occurred.
If you are in the UK, you can lodge a complaint with the Information Commissioner's Office (ico.org.uk).
If you are in Canada, you can contact the Office of the Privacy Commissioner of Canada.
If you are in Australia, you can contact the Office of the Australian Information Commissioner.