Privacy

How we handle your data.

Short version: your audio never leaves your computer. We store the bare minimum — your email (to deliver license keys) and basic purchase data (via Stripe, for compliance). That's it. Long version below.

Effective: April 2026 · Last updated: April 18, 2026

1. What we collect

Fluents operates on a local-first model. The app runs on your computer, reads your own CV, processes audio on-device, and routes LLM calls through your own API key. We, the vendor of Fluents, typically never see your meeting content.

1.1 What stays on your computer

• Meeting audio: transcribed locally via Moonshine ONNX. Never uploaded.
• Transcripts & meeting history: stored in JSON files in your home directory.
• Your CV and personal context: in profile.json, local only.
• API keys (OpenRouter / OpenAI / Anthropic): stored locally, used directly from your machine.

1.2 What we (the vendor) actually collect

• Email address: required for delivering your license key after purchase.
• Payment info via Stripe: we never see your card details. Stripe is PCI-DSS compliant and holds that data.
• Machine ID (anonymous hash): a SHA-256 hash of your hardware ID, used to enforce the 2-device license limit. Non-reversible.
• Basic activation events: timestamp of license activation, never what you do inside the app.

2. What we send to your LLM provider

When you ask Fluents to generate a response, text is sent to the LLM provider you configured (OpenRouter, OpenAI, or Anthropic) — using your API key. We do not proxy, log, or intercept these calls.

What is sent: the transcribed question, relevant context from your CV, and the conversation history (last 4 exchanges). What is NOT sent: raw audio, your full profile, other unrelated transcripts.

These providers have their own privacy policies. Consult them directly:

• OpenRouter: openrouter.ai/privacy
• OpenAI: openai.com/policies/privacy-policy
• Anthropic: anthropic.com/legal/privacy

3. Third-party processors (the only ones)

• Stripe — payment processing. Receives: email, card, address. Governed by Stripe's privacy policy.
• Resend — transactional email (license delivery). Receives: email, license key. Governed by Resend's privacy policy.
• Cloudflare — Worker (license validation) + Pages (website hosting). Receives: IP addresses for rate limiting. Governed by Cloudflare's privacy policy.

No Google Analytics. No Facebook Pixel. No ad networks. No "marketing automation" trackers.

4. Data retention

• License records — kept for as long as the license is active, plus 2 years for tax/audit purposes.
• Payment records — kept for 5 years (Brazilian tax law, art. 174 do CTN).
• Refund requests — kept for 7 years.
• Machine ID bindings — kept while license is active. Removed when you self-deactivate a device.

5. Your rights (GDPR, LGPD, CCPA)

You can, at any time:

• Access the data we hold about you
• Correct inaccurate data (name, email)
• Delete your data — this invalidates your license
• Export your data in a machine-readable format
• Object to any processing

Email privacy@fluents.app — we respond within 30 days.

6. Security

License keys are validated via offline HMAC-SHA256. Cloudflare Worker (license service) runs on Cloudflare's edge network with TLS 1.3 enforced. Payment processing handled entirely by Stripe (PCI-DSS Level 1).

7. Children

Fluents is not marketed to or intended for users under 16. We do not knowingly collect data from minors.

8. Changes to this policy

If we change this policy, we'll email active users and update the "Last updated" date. Material changes get 30 days' notice.

9. Contact

Questions about privacy? privacy@fluents.app
Legal / DPO inquiries: legal@fluents.app
General: hi@fluents.app

Fluents is operated by AraraHQ Tecnologia da Informação Ltda. (CNPJ registered in Brazil).