Privacy Policy
Feevio (operated by Bright Environment LTD based in New Zealand, "Feevio", "we", "our", or "us") provides software and services that let organizations create invoices and quotations from audio recordings with the help of AI. This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have. It applies to our web app, APIs, and related services (together, the "Services").
Who is the Controller?
For most processing, Feevio is the data controller. For certain features, our vendors act as processors on our behalf (see Section 6).
Contact: contact@feevio.com
Information We Collect
We collect information in the following categories:
Account & Organization Data
- Name, email, profile information, and organization membership details when you sign up or are invited to an organization.
- Authentication is provided by our identity vendor; we receive identifiers that allow us to verify your session in Feevio.
Business Content You Provide
- Customers, invoices, quotations, and related metadata you create in the app.
- Audio files you upload (or record) and any transcripts or structured data generated from them.
- Files associated with invoices/quotations (e.g., PDFs) that you store with us.
Payments & Billing
- Subscription and invoicing metadata (e.g., plan, status, amounts, currency, billing email).
- We do not collect or store full payment card numbers or CVC on our servers. Payment card data is handled by our payment processor. We may receive limited billing metadata (e.g., the last four digits, card brand, expiration month/year) for receipts, fraud prevention, and support.
Technical & Usage Information
- Device/browser, IP address, language, timestamps, and interaction logs to secure the Service and improve reliability.
- Diagnostic and performance data from our Services (e.g., API response times, error rates).
Sources of Information
- Directly from you and your organization admins.
- Automatically from your device when you use the Services.
- From our processors when they provide us the features we request (e.g., authentication, payments, email delivery, AI processing).
How We Use Information
We use information to:
- Provide, secure, and maintain the Services (authentication, access control, tenancy isolation, content storage).
- Transcribe audio and generate invoice/quotation drafts using AI models.
- Generate PDFs, send emails to your customers on your behalf, and maintain audit/history for your organization.
- Administer subscriptions, detect/prevent abuse and fraud, and comply with law.
- Provide support, communicate updates, and improve features and performance.
We do not sell your personal information.
AI & Data Processing Transparency (OpenAI)
What we send:
Audio files and/or transcripts, along with instructions needed to produce transcripts and structured invoice/quotation data.
Model training:
OpenAI states that content submitted via their API is not used to train OpenAI models by default. If we ever consider opting in to such training programs, we will only do so with clear notice and, where required, your consent.
Retention at OpenAI:
For standard API use, OpenAI removes API inputs/outputs from their logs after a limited period (typically up to 30 days), unless they are legally required to retain them. OpenAI also offers Zero Data Retention (ZDR) endpoints for eligible business customers, where inputs/outputs are not logged; if your organization requires ZDR, contact us to discuss enablement.
Legal holds:
In rare circumstances (e.g., a court order), OpenAI or Feevio may be required to retain data beyond normal periods.
We use OpenAI strictly as a processor to provide the AI functionality you ask for. We do not permit OpenAI to use your data for advertising or training.
Payments (Stripe)
• Payments are processed by our payment provider. We do not store full card numbers or CVC; our provider tokenizes payment details.
• We retain only the minimal billing metadata necessary to operate subscriptions, issue receipts, and handle disputes/compliance.
When We Share Information
We share information with third parties that enable our Services. These vendors act as processors (or sub-processors) on our behalf unless otherwise noted:
Identity & Authentication: Clerk (identity, sessions, organization management).
AI Processing: OpenAI (speech-to-text, text generation/structuring).
Payments: Stripe (payments, subscriptions, receipts).
File Storage & Email Delivery: Cloud storage (e.g., S3-compatible) and email delivery (e.g., Amazon SES).
Infrastructure & Monitoring: Cloud, logging, and analytics providers we use to keep the Service secure and reliable.
We may also disclose information to professional advisors (accountants, auditors, lawyers) under confidentiality, and to authorities where required by law. If we are involved in a corporate transaction (e.g., merger, acquisition), information may be transferred as allowed by law with appropriate protections.
Security
We maintain organizational and technical measures appropriate to the risk, including:
- TLS encryption in transit for our APIs and web app.
- Provider‑managed encryption at rest for stored files (e.g., S3 server‑side encryption).
- Role-based access controls, multi-tenant isolation, and audit logging.
- Secrets and environment isolation, least-privilege access, and regular monitoring.
- Database encryption at rest may be enabled depending on the deployment environment; we ensure appropriate safeguards for production systems.
No system is 100% secure. If you believe your account has been compromised, contact us immediately.
Data Retention
- We retain account and organization data for as long as your organization has an account and as needed to provide the Services.
- Business content (audio, transcripts, invoices, quotations, PDFs) is retained until you or your organization admin delete it, or as otherwise required for legitimate business or legal purposes.
- System logs and backups are retained for a limited period to ensure security, continuity, and compliance.
- When data is deleted, we will remove or irreversibly de‑identify it within a reasonable period, subject to any legal holds or requirements.
Your Rights & Choices
Depending on your location, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. You can:
- Access or update profile details via the app;
- Request export or deletion by contacting contact@feevio.com;
- Adjust email preferences via unsubscribe links or in‑app settings.
Where we process information based on consent, you may withdraw consent at any time.
International Data Transfers
We use vendors that may process data outside your country (including the United States). Where required, we rely on lawful transfer mechanisms (e.g., Standard Contractual Clauses and/or recognized data transfer frameworks) provided by our vendors. You can contact us for more information about cross‑border safeguards relevant to your data.
Children's Privacy
Our Services are intended for business use and are not directed at children. We do not knowingly collect personal information from anyone under 16 (or the minimum age required by your country's laws). If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.
Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date. If changes materially affect your rights, we will provide additional notice as required by law.
Third‑Party Policies (for your reference)
For details on how our key processors handle data, please review:
OpenAI (API & Enterprise Privacy): https://openai.com/enterprise-privacy/
Clerk (Privacy): https://clerk.com/legal/privacy
Clerk (Data Processing Addendum): https://clerk.com/legal/dpa
Stripe (Privacy): https://stripe.com/privacy
Amazon Web Services (Privacy Notice): https://aws.amazon.com/privacy/
Contact Us
Questions?
Email contact@feevio.com and we'll help.