Privacy Policy

1. Introduction

AI TypePro ("we", "us", "our", or "the App") is a smart keyboard application that provides typing assistance, language tools, and optional AI-powered writing features for Android devices.

This Privacy Policy explains what data we collect, what we do not collect, when text may leave your device, how we protect your information, and your rights. We are committed to transparency and user control.

2. Core Privacy Principles

AI TypePro is designed with privacy as a foundational principle:

• Local by default: Typing stays on your device. We have no access to what you type during normal keyboard use.
• Explicit opt-in: Text is only sent to our cloud AI when you explicitly tap an AI feature (e.g., Rewrite, Smart Reply, Translate).
• Sensitive content protection: On-device safety checks block sensitive content from being transmitted.
• No data sales: We do not sell, rent, trade, or monetize user data in any form.
• No keystroke logging: We do not record, store, or transmit individual keystrokes.
• No content storage: Text processed by AI features is not stored on our servers after the response is delivered.

3. Information We Do NOT Collect

To be absolutely clear, AI TypePro does not collect or store any of the following:

• Passwords or login credentials you type
• Credit card, bank account, or financial information you type
• Government identification numbers
• Private messages, emails, or conversations you compose
• Text entered in secure/password input fields
• Clipboard contents
• Keystroke patterns, timing, or frequency
• GPS location or precise geolocation data
• Contacts, call logs, or SMS messages
• Photos, files, or media on your device
• Browsing history

4. When Text May Be Sent to Our Server

Text is transmitted to our secure server only when all of the following conditions are met:

1. You explicitly tap an AI feature button (such as Rewrite, Smart Fix, Translate, Summarize, or Smart Reply)
2. The text passes on-device privacy and safety checks
3. The input field is not a password or secure field

Before Transmission

The app performs on-device checks to block sensitive content:

• Password field detection — text in password fields is never sent
• Sensitive content pattern detection
• Private mode check (if enabled by the user)

If any check fails, the text never leaves your device.

During Transmission

• Only the minimum necessary text is sent
• All transmission is encrypted using HTTPS/TLS
• The request is authenticated using a secure Firebase ID token

After Processing

• The AI response is returned to your device immediately
• The transmitted text is NOT stored on our servers
• No logs of your text content are created
• Only aggregate usage metadata is recorded (e.g., "Rewrite feature used, 45 words processed")

5. Third-Party AI Processing

When you use AI features, your text may be processed by a third-party AI model provider (currently Google Gemini). This processing is subject to the provider's own privacy policies and data handling practices.

We select AI providers that:

• Process data securely
• Apply content safety filtering
• Do not use API-submitted data for model training (per their API terms)

We do not control the AI provider's internal data handling beyond the terms of our API agreement with them.

6. Information We Do Collect

We collect only the minimum operational data necessary to provide the service:

6.1 Account Data

• Firebase Authentication UID (anonymized user identifier)
• Email address (if you sign in with Google)
• Display name (if provided by your Google account)

6.2 Subscription Data

• Google Play purchase token (for subscription verification)
• Subscription plan type (Free or Pro)
• Subscription status and expiry date

We do not store payment card details, bank information, or billing addresses. All payment processing is handled entirely by Google Play.

6.3 Usage Metadata (No Content)

We track aggregate usage counts to enforce quotas and improve the service:

• Word count per AI feature used (e.g., "45 words processed via Rewrite")
• Feature usage counts (e.g., "Translate used 3 times today")
• App version and generic device type
• Error logs (technical errors only, no user content)
• Performance metrics (response latency, crash reports)

We never log the actual text you type or send to AI features.

7. How We Use Collected Data

The limited data we collect is used exclusively to:

• Authenticate your identity and verify your subscription
• Enforce usage quotas (free: 5,000 lifetime words; pro: monthly limits)
• Prevent abuse and protect the service from misuse
• Diagnose technical issues and improve app stability
• Comply with legal obligations

We do not use your data for advertising, profiling, or behavioral tracking.

8. Data Storage & Security

8.1 Infrastructure Security

• All data is hosted on Google Cloud Platform (Sydney/Melbourne region, Australia)
• Communications are encrypted in transit using HTTPS/TLS 1.2+
• Data at rest is encrypted using AES-256 (Google Cloud default)
• API keys and credentials are stored securely using environment variables on Cloud Run (never embedded in the app)
• Firebase ID Token authentication on every API request (zero-trust architecture)

8.2 Access Controls

• Backend systems are access-controlled and require authentication
• Rate limiting protects against automated abuse (per-IP and per-user)
• Server-side quota enforcement prevents unauthorized usage

8.3 What We Do NOT Store

To reiterate: we do not store user-typed content in backend databases, server logs, analytics systems, or any other persistent storage.

9. Data Breach Policy

In the unlikely event of a security breach:

• We will investigate immediately and take all necessary steps to contain the breach
• We will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws (including the Australian Privacy Act and GDPR where applicable)
• We will notify the relevant supervisory authority (e.g., the Office of the Australian Information Commissioner) as required by law
• We will provide clear information about what data was affected, what steps we are taking, and what users should do

10. Data Sharing

We may share limited data with the following categories of service providers, strictly for operational purposes:

• Google Play: Subscription verification and payment processing
• Google Cloud Platform: Server hosting and infrastructure
• AI Model Provider (Google Gemini): Text processing when you invoke AI features — text is sent for processing and not stored
• Firebase (Google): Authentication and anonymous analytics

We do not sell, rent, trade, or otherwise transfer personal data to advertisers, data brokers, or any other third parties.

11. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Subscription data: Retained for the duration of your subscription plus 90 days for dispute resolution.
• Usage metadata: Retained for up to 12 months for service improvement, then aggregated or deleted.
• AI-processed text: NOT retained. Processed in memory and discarded immediately after the response is delivered.

12. Children's Privacy

AI TypePro is not directed at children under the age of 13 (or the minimum age required for data processing consent in your jurisdiction). We do not knowingly collect personal data from children.

If we become aware that a child under the applicable age has provided us with personal data, we will take steps to delete that data promptly. If you believe a child has provided us with data, please contact us at support@aitypepro.com.

13. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a machine-readable format
• Withdrawal of consent: Disable AI features at any time (the app functions as a standard keyboard without AI)
• Objection: Object to specific processing activities
• Complaint: Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at support@aitypepro.com. We will respond within 30 days.

14. International Users & Data Transfers

Our servers are located in Australia (Google Cloud, Sydney/Melbourne region). If you access the service from outside Australia, your data may be transferred to and processed in Australia.

For users in the European Economic Area (EEA) or United Kingdom: we rely on Standard Contractual Clauses (SCCs) as provided by Google Cloud Platform for international data transfers. Your GDPR rights as outlined in Section 13 are fully respected.

For users in California: we do not sell personal information as defined by the CCPA. You may contact us to exercise your rights under the CCPA.

15. Australian Privacy Act Compliance

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This includes:

• Open and transparent management of personal information (APP 1)
• Collecting only necessary information (APP 3)
• Providing notice of collection (APP 5)
• Securing personal information (APP 11)
• Allowing access and correction (APPs 12 & 13)

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes:

• We will update the "Last Updated" date at the top of this page
• We will notify users through the app or via email for material changes
• Continued use of the app after changes constitutes acceptance of the updated policy

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: support@aitypepro.com
Location: Melbourne, Victoria, Australia