Glory Note Privacy Policy
Glory Note (hereinafter referred to as "we") is provided by Shenzhen UltraEasy Technology Co., Ltd. We attach great importance to the protection of your personal data and commit to strictly complying with data protection laws and regulations in the jurisdictions where our business operates, including but not limited to the General Data Protection Regulation (GDPR) of the European Union.
This Privacy Policy clearly explains: the data we collect, the purposes of processing, legal basis, retention period, sharing with whom, your rights, and cross-border data protection measures.
Data controller information
¡ñ Data controller: Shenzhen UltraEasy Technology Co., Ltd.
¡ñ Registered address: 2202, Building A, Huizhi R&D Center, Longteng Community, Xixiang Street, Bao'an District, Shenzhen City, Guangdong Province, P.R.China
¡ñ Data Protection Officer (DPO): As the data we process includes sensitive categories such as voiceprints, we have formally appointed a Data Protection Officer.
DPO Contact: support@ute-tech.com.cn
catalogue
1. How we collect and use your personal information
2. third party SDK
3. How we share, transfer, and publicly disclose your personal information
4. How we store and protect your personal information
5. How do you manage your personal information
6. Protection of minors' personal information
7. How to update this policy
8. How to contact us
We collect data necessary to provide you with relevant services solely for the purposes explicitly listed below, in compliance with the principles of legality, fairness, necessity, completeness, data minimization, and transparency. Our data processing activities strictly adhere to data protection laws and regulations of the relevant jurisdictions (including GDPR and Pipl). Each data processing activity is based on a clear legal foundation.
Processing this data is essential to fulfill our service contract with you and to ensure the normal operation of core services. If you do not provide this information, we cannot provide core services.
Account Management and Security Verification: To create and protect your account, we need to collect your account name (the email address, phone number, or AppleID used for registration), account ID, and a one-time verification code. This is required for identity verification to provide the service.
Device connection and pairing: To enable Bluetooth pairing and stable connection between your mobile app and the voice recorder, we need to collect and process the voice recorder's Bluetooth broadcast information, Bluetooth device name, device identifier (such as the serial number address), and Wi-Fi information (if the device supports Wi-Fi data transmission). This processing is essential for establishing a secure connection and data transmission.
Provide core recording, transcription, and storage services:
When you use our core services, we process the audio files you upload and related information (such as recording time and length) along with the original audio data. This processing is a core obligation of our contract. The original audio data is stored with high-strength encryption.
Voice interaction:
When using the App for recording, voice notes, real-time translation, or voice interactions with the AI assistant, you must grant access to your phone's microphone. While these features are active, we process your microphone input in real time, converting it into text or executing commands. Unless you explicitly choose to save the audio, the raw data will not be stored on the server. This permission is strictly for the specific voice interaction features you select. We do not record continuously in the background, nor do we use this data for unauthorized purposes like user profiling.
Service delivery and server resource optimization:
To ensure stable service performance and low latency, we need to allocate appropriate server resources for you. We adhere to the principle of data minimization and automatically prioritize location reference information based on GPS coordinates> IP address (de-identified)> device time zone. If you decline to provide precise location permissions, we cannot implement optimal strategies, which may affect connection speed and stability. However, you can still access core services using IP address or time zone server allocation.
Service stability and security:
To diagnose and fix application failures and prevent security risks, we automatically collect essential device and application information (e.g., device identifiers, operating system versions), mobile network information (e.g., IP addresses), and service log data (e.g., error and crash reports). This processing is necessary to ensure service compatibility and stability.
This feature requires your explicit consent for data processing. You can choose to enable it or disable it without affecting your access to core services.
Voiceprint Database: To provide you with optional voiceprint recognition services, we need to process your voiceprint information (biometric data). We will obtain your explicit consent before you first use this feature. We will not sell, rent, or illegally disclose your voiceprint information to third parties. You can delete your voiceprint at any time.
File access: When you import external audio files (from other apps or mobile folders), we need your permission to access the files. We will obtain your explicit consent before you first use this feature.
To provide you with secure and compliant payment services, we process your information based on legal obligations and contractual terms. This processing is essential for completing payment transactions.
Payment service requirements: To process your payment instructions and complete transactions, we need to collect and process your payment method, order details, and payment content information. You may choose third-party payment services (e.g., Google Pay, Apple Pay, WeChat Pay, Alipay, etc.). While payment transactions do not collect your personal information, we share your order number and transaction amount with these payment providers to enable them to confirm your payment instructions and complete the transaction.
|
Device permissions |
Business Functions |
Authorization method |
Disable |
|
Location |
Address management; scanning and connecting nearby Bluetooth devices (some phone systems require location permissions) |
Ask for permission when the user first uses location or Bluetooth services |
yes |
|
Microphone |
Recording, AI assistant voice interaction |
Ask for confirmation when using voice-related features for the first time |
yes |
|
WLAN/ network £¨Network£© |
Network connections for various business functions |
Ask when the user opens the App for the first time |
yes |
|
Wi-FiInformation |
Bluetooth device scanning and connection (some device systems automatically access Wi-Fi information at the lower level, such as SSID/BSSID); hotspot creation, Wi-Fi scanning, and fast Wi-Fi transfer between devices |
Ask for confirmation when using the feature for the first time |
yes |
|
Bluetooth |
Add device, connect device, and set device |
Ask for confirmation when the user first uses the feature |
yes |
|
File access |
Import external audio files and save the mind map to the album |
Ask when the user opens the App for the first time |
yes |
|
chit |
For account registration |
Ask when users register or log in |
yes |
To provide you with specialized features including audio transcription, content summarization, mind mapping generation, real-time speech recognition, and AI Q&A, our product integrates software development kits (SDKs) from partners. These SDKs are provided by third-party service providers, whose data collection and processing practices are governed by their respective privacy policies. We recommend you review their policies carefully. Below is our current list of core third-party SDKs integrated:
|
SDK name or provider |
Function/Use Purpose |
Types of personal information collected |
Privacy Policy Link |
|
Tencent Cloud Speech Recognition SDK |
Provide speech recognition and transcription services to convert your voice or audio files into text. |
Audio data: Voice content you input or upload through the microphone. Device identifiers (e.g., AndroidID or IDFV): Used for device authentication and authorization, especially in offline mode. Network information (e.g., IP addresses) and service logs (e.g., error messages) are used to ensure stable service operation. |
interlinkage |
|
MicrosoftAI/AzureServices |
• Provides speech recognition and transcription services to convert your voice or audio files into text. • Provide intelligent Q&A and content analysis services to generate answers based on your questions or text content. |
Text data: The questions you submitted, the text content to analyze, and the conversation history. Interaction log: Used for service improvement and fault diagnosis. |
interlinkage |
We understand the importance of your personal information and commit to not sharing it with any company, organization, or individual unless you give explicit consent. This section details how we share your personal information with external parties.
We do not share your personal information with any company, organization, or individual except in the following cases:
Share with explicit consent: Before sharing your information with a third party, we will obtain your separate consent for the sharing and inform you of the third party's identity, contact information, purpose, method, and types of personal information.
Share with authorized partners: Some of our services are provided by authorized partners and are used solely for the purposes stated in this policy. We will share your information only for legitimate, proper, necessary, specific, and clear purposes, and only the information required to provide the services. Our authorized partners include:
Brand partners and hardware manufacturers: To enable device connectivity, after-sales service, and hardware technical support, we may share necessary device identifiers and service logs with designated partners.
Advertising and analytics provider: To evaluate ad performance, analyze product usage, and understand user profiles to improve services, we may share de-identified or anonymized device information and usage data with such partners. This information cannot directly identify you.
Other service providers: Partners offering services such as audio transcription, content summarization, and data storage. We will sign strict confidentiality agreements with these partners, requiring them to handle your information in accordance with our instructions, this policy, and any other relevant confidentiality and security measures.
We will not transfer your personal information to any company, organization, or individual except in the following cases:
Corporate structure changes: If we undergo a merger, acquisition, or bankruptcy liquidation involving the transfer of your personal information control rights, we will require the new company or organization holding your personal information to continue being bound by this policy. Otherwise, we will require the company or organization to seek your authorization and consent again.
We strictly limit the disclosure of your personal information. We will only disclose it under rare circumstances, provided that we have implemented security measures that comply with legal and industry standards.
Disclosure based on law: We may disclose your personal information when required by law, legal procedures, litigation, or government authorities.
We protect your personal information through strict encryption and management measures. Generally, the personal information you provide will be stored on servers in your country/region.
We will retain your personal information only for the duration necessary to achieve the purposes outlined in this policy. Unless otherwise required by laws and regulations, we will delete or anonymize the information upon expiration of the retention period. The details are as follows:
To ensure your account security, your account information will be encrypted and stored on the server until you log out, after which the data will be deleted immediately.
When using recording devices, your device identifier is encrypted, transmitted, and stored on the server to establish and maintain connections between the device and services. This data is immediately deleted when you select "Unbind and Clear Data" on the device details page. Additionally, to enable anonymous and macro statistical analysis for product and service optimization, anonymized device identifiers and approximate location information may be retained on the server for 3 years, after which they are promptly deleted.
We use the following two modes to process your recordings and related data, and you have full control over this:
Local storage mode (default): The original audio recordings you generate through the App are encrypted and stored locally on your device by default. When you use core services like transcription and summarization, the data is encrypted and transmitted to the server for instant processing. After the service completes, the original data on the server is immediately deleted and not persisted, ensuring full protection of your data privacy.
Cloud Sync (Optional): If you choose to enable this feature, we will encrypt and transfer your specified audio recordings and transcribed texts to the server for storage after obtaining your explicit authorization. You can manage or delete these files from the cloud at any time. When you delete cloud files or disable this feature, the system will immediately initiate the deletion process to permanently remove the corresponding data from the server. Please note that if your subscribed cloud storage service expires and is not renewed within the grace period, the relevant data may be permanently deleted according to the service agreement. We will notify you in advance through valid means.
For users in the European Union (EU) and the European Economic Area (EEA), we are committed to the principle of data localization. Your personal data, including audio recordings, account information, and metadata, will be stored by default on servers within the EU (e.g., the Frankfurt data center). We will not proactively transfer your core service data outside the EU.
Our global cloud service providers or third-party SDKs (e.g., Tencent Cloud, Microsoft Azure) are configured to process data exclusively through their EU-based nodes.
In principle, your data will not be transferred across borders. Only in rare and necessary circumstances (e.g., providing emergency technical support requiring access beyond the EU, or when mandated by law) will we transfer data to countries outside the EU/EEA. In such cases, we will ensure compliance with Chapter V of the GDPR and implement at least one of the following stringent safeguards:
¡ñ Sufficiency determination: the receiving location is in a country or region with a "full protection level" recognized by the European Commission;
¡ñ Standard Contract Clauses (SCCs): Sign European Commission-approved Standard Contract Clauses with the recipient, supplemented with necessary security measures (e.g., encrypted transmission, access control);
¡ñ Consent: In exceptional circumstances, your explicit consent may be obtained under Article 49 of the GDPR or when necessary to fulfill contractual obligations.
To ensure the security of sensitive data such as audio recordings, voiceprint features, and account information, we have implemented specific and stringent technical and organizational security measures tailored to the risks of audio recording applications, including:
All audio recordings are encrypted with AES-256 immediately after creation, then either stored in local cache or uploaded to the server. Encryption keys are managed through a dedicated Key Management System (KMS), with regular rotation and hierarchical access controls. When voiceprint recognition is enabled, voiceprint features are generated and stored exclusively on your device, without uploading to servers or cloud storage. When using voiceprint matching, the system temporarily processes voiceprint features locally for comparison. No data is transmitted to remote servers during this process, and no temporary data is retained after the match.
We employ AES-256 symmetric encryption to encrypt transmitted data, ensuring confidentiality and integrity during recording uploads, device binding, cloud synchronization, and transcription requests.
We use local storage by default. Unless you upload or enable cloud sync, recordings are saved only in your device's local sandbox. Temporary audio buffers generated by features like real-time transcription and translation are automatically deleted after processing, usually within minutes.
The backend system employs role-based access control (RBAC), allowing only the required data access for different roles. All access attempts are logged, and unauthorized access is automatically blocked and reported to the security system.
We maintain tamper-proof logs for sensitive operations such as data export, account management, permission changes, and audio recording access. The security team regularly reviews audit logs and monitors suspicious activities.
We employ Intrusion Detection Systems (IDS) to monitor abnormal traffic, brute-force attacks, suspicious requests, and other risk behaviors in real time.
The cloud data utilizes Multi-AZ redundant storage with regular backups and automatic disaster recovery.
Data Lifecycle Management: We enforce rigorous controls over every stage of data lifecycle, from generation and transmission to usage, storage, sharing, and eventual deletion.
¡ñ When you delete a recording, the associated transcript and index are also deleted.
¡ñ Files deleted from the cloud are immediately marked as "irreversible" and do not retain background backups.
¡ñ Cache (for real-time processing) is destroyed immediately after the task completes.
Employee Privacy and Security Training: All employees who may handle personal data must complete annual GDPR, security, and privacy training. Data access permissions must be approved and fully documented.
Privacy by Design: Features involving sensitive data (such as cloud sync and voiceprint recognition) are disabled by default. All new features undergo security evaluation before release. If they involve voiceprint or biometric data, a Data Protection Impact Assessment (DPIA) is conducted.
Although we have implemented multi-layer security measures, we cannot guarantee zero risk. Once an incident is detected that may endanger audio data, voiceprint features, or account security, we will:
1. Immediately activate the emergency response mechanism, isolate the affected systems, block the attack source, and conduct a security analysis.
2. Report to the supervising authority within 72 hours of discovery (unless the disclosure is unlikely to pose a risk to your rights and freedoms).
3. If this event poses a high risk to you (e.g., leakage of recorded content or voiceprint templates), we will notify you proactively as soon as possible, including:
¡ñ Event type and affected data category.
¡ñ Potential risks of the event (e.g., privacy exposure, identity risk).
¡ñ The remedial measures we have taken.
¡ñ Additional protective measures you can take.
¡ñ After the incident is resolved, we will review and update our security policies to prevent similar incidents from happening again.
We value your control over personal information. Under applicable laws and regulations, you have the right to manage your personal information. Here are the specific ways to exercise this right.
¡ñ Access (GDPR Article 15): You have the right to access your account information (e.g., linked phone number, email) and usage data (e.g., list of audio recordings) through [Me-My Account] in the App, as well as through [Files]. If cloud sync is enabled, you can view synchronized audio recordings and transcripts in the [Cloud Sync] module. If you need a complete copy of your data (e.g., audio content, transcript text, account information), you may contact us to request data export (see Section 5.5).
¡ñ Correction (GDPR Article 16): You can change your account nickname, linked phone number, or email in [Me-My Account].
¡ñ Delete (Right to be Forgotten/GDPR Article 17): You have the right to delete specific information. For example, you can directly delete recordings created in the App or files uploaded to cloud sync. For account deletion, see Section 5.4.
This app uses a password-free login method with "account + verification code" to ensure convenience and security. You can bind or change your alternate email or phone number at any time through [Me-My Account], and you only need to receive the verification code.
Security notice: Your account must have at least one valid contact method (mobile number or email) as login credentials.
You can disable permissions obtained by this App (e.g., microphone, location, etc.) in your device's system settings. Withdrawing consent does not affect previously processed data based on the authorization.
You can log out of your account in [Me-My Account]. To prevent accidental logouts, the App will display a clear pop-up window prompting you to read and confirm the consequences of logging out. You must actively confirm again to continue. After logging out, we will delete or anonymize your personal information. Account logouts are irreversible; once completed, you will no longer be able to use the related services.
¡ñ Right to restrict processing (Article 18 of GDPR): If the accuracy of your data is in question, you may request a temporary suspension of processing.
¡ñ Data portability rights (Article 20 of GDPR): You may request access to the following data in machine-readable formats (e.g., JSON, CSV, ZIP): audio recordings, transcripts, account details, and device binding information.
¡ñ Right to object (GDPR Article 21): You may object to non-core data analysis (e.g., anonymous statistics) based on legitimate interests. Unless we have compelling legitimate reasons to continue processing, we will respect your choice.
¡ñ Right to be free from automated decision-making (GDPR Article 22): We will not use your data for automated decisions that may affect your rights.
If you have any questions or need assistance regarding the above rights, please contact us by emailing support@ute-tech.com.cn.
We attach great importance to the protection of minors' personal information. We do not proactively provide services to EU users under the age of 16. If accidental collection is detected, the data will be immediately deleted.
If the applicable Member State law adjusts the minimum age to 13-15 years, we will apply the local law.
Our services are not intended for minors under the age of 16. If we discover that personal information of minors has been collected without the consent of a verifiable guardian, we will delete the relevant data as soon as possible.
¡ñ Transparency: We will explain to minors in clear and simple language how their personal information is collected and used.
¡ñ Purpose limitation: We will not use minors' personal information for user profiling analysis or marketing activities based on fully automated decision-making.
¡ñ The guardian has the right to exercise the legal rights of minors, such as access, correction and deletion.
If you are a guardian and have any questions about the personal information of the minor under your guardianship, please contact us at support@ute-tech.com.cn.
We reserve the right to update or modify this statement from time to time. If the privacy statement is updated, we will publish the revised version and effective date for your review. For significant changes to the terms of this statement, we will also provide more prominent notifications. After content changes, we will remind you of the latest version and major changes through page prompts, re-signing agreements, and other methods. Please read and re-authorize carefully before use.
We have established a dedicated Personal Information Protection Department (or Personal Information Protection Officer). If you have any questions, comments, or suggestions regarding your personal information, please contact us at support@ute-tech.com.cn. We will respond within 15 working days.
If you are dissatisfied with our response, particularly if our processing of personal information has infringed upon your legitimate rights and interests, you may lodge a complaint with the Data Protection Authority (DPA) of the EU Member State where you reside, work, or where the alleged infringement occurred. You may also contact us for information on applicable complaint channels.
Thank you again for trusting and using Glory Note!
Shenzhen UltraEasy Technology Co., Ltd.
21 January 2026