AIMass
region

Privacy

Thank you for using the Vurbo.ai software (hereinafter referred to as “the Product”) provided by our company (“we”, “our”, “the Company”).

We value your privacy and protect your personal data in accordance with:

  • Taiwan Personal Data Protection Act
  • EU General Data Protection Regulation (GDPR)
  • Applicable U.S. state privacy laws (e.g., CCPA/CPRA, where relevant)

This Privacy Policy explains what data we collect, how we use it, how it is protected, and the rights you may exercise.

Scope of Data Processing: Two Independent Data Streams
The Product operates under two distinct data streams, each with its own rules and processing purposes.
Licensing & Account Data (Personal Data | GDPR Applies)

To provide licensing, subscription, and authentication services, we collect only the minimum data required:

  • Email address
  • License key or subscription ID
  • License activation and usage status
  • Google / Apple login identifiers

※ We do not collect your passwords.

Storage Location

This data is stored on our authorization servers located in the EU.

GDPR Role

For this data stream, the Company acts as the Data Controller, determining how and why the data is processed.

Legal Basis (GDPR Article 6 – Contract Necessity)

Your data is used solely for:

  • License activation
  • Subscription validation
  • Customer support and service delivery

Your data is not used for:

  • Advertising
  • Behavioral tracking
  • AI model training
  • Any undisclosed purposes
In-Product Usage Content (Not Personal Data | GDPR Not Applicable)

When using speech-to-text, transcription, summarization, translation, or related features, all content:

Remains fully on your local device

We do not collect, transmit, or store:

  • Audio recordings
  • Transcriptions
  • Translation text
  • User-entered content
  • Usage content logs
Processing Workflow (Device → Third-Party Service)

Your device sends content directly to:

  • Microsoft Azure – Speech-to-Text
  • OpenAI – Summaries, translation, and other text-based processing

The Company does not access or receive this content at any stage.

GDPR Role Clarification

Since content is not stored or accessed by us, but we determine the processing path (e.g., choice of processors), the Company is considered a Data Controller, and Azure / OpenAI act as Data Processors for these operations.

Encryption & Transmission Security
During transmission between your device and third-party providers, content is protected using:
  • TLS 1.2 or higher secure transport protocols
  • Encryption suites offering AES-256 (or higher) equivalent security strength

These measures protect content against unauthorized access, interception, or tampering.

Storage of Usage Content (Local-Only Design)
Content generated through the Product—such as transcription text, audio files, translation results, and related text—is:
  • Stored locally on your device only
  • Never uploaded, transmitted, or stored on our servers
  • Not accessible to the Company in any form

This architecture significantly reduces any risk of data exposure.

Cloud Translation (Anonymized Data | GDPR Not Applicable)
If you choose to use the "Share via QR Code Translation" feature:
  • Only an anonymized version of the transcript is uploaded
  • No names, emails, account data, phone numbers, codes, or identifiable markers
  • The data cannot be linked back to any individual
  • Stored in the Company’s cloud translation database

Because the data is fully anonymized, it is not considered personal data under GDPR (Recital 26). We still apply appropriate security measures to protect it.

GDPR Data Flow
Licensing & Account Data (GDPR Applies)

User (Email)

Google / Apple Authentication

Company Authorization Server (EU)

Usage Content (Company Does Not Access)

User Device

(Direct Transmission)

Microsoft Azure / OpenAI

User Device (Result Displayed)

Cloud Translation (Anonymized Data)

User Device (Anonymized Transcript)

(User-initiated upload)

Company Cloud Translation Database

Viewers via QR Code

Personal Data Protection Commitments
We comply with the data protection requirements of Azure and OpenAI and commit to:
  • Not using your content for AI model training without your explicit consent
  • Not performing behavioral analysis, advertising, or promotional targeting
  • Not building user behavioral profiles
  • Not conducting cross-platform tracking
Disclosure of Data to Third Parties
We will never provide, sell, rent, or exchange your data with third parties unless:
  • You have given explicit consent
  • Required by law
  • Necessary to prevent harm to life, health, or safety
  • Necessary for public safety
  • Necessary to protect your lawful rights
GDPR Rights (For Residents of the EU)
You may exercise the following rights:
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to specific processing activities

Please contact us at: [email protected]

Policy Updates
This Privacy Policy may be updated due to regulatory or technical changes. Updates will be posted on:
  • The official Vurbo.ai website
  • In-product interface or user manuals
  • Release notes when applicable
Privacy Summary
  • Only licensing and account data are stored by the Company (in the EU) and covered by GDPR.
  • All usage content stays on your device; we never access it.
  • Real-time AI processing occurs directly between your device and Azure / OpenAI.
  • QR Code Translation uses anonymized data and is not considered personal data.
  • Our system follows a strict “data minimization” design for maximum privacy and security.