top of page

Privacy Policy


Effective Date: February 28, 2025
 

 

1. Introduction

Welcome to InTune (operated by Reality Mgmt Technologies, Inc., “we,” “us,” or “our”). We respect your privacy and are committed to protecting your personal, account, transcription, and biometric information. This Privacy Policy describes how we collect, use, disclose, store, and delete your information when you access or use our website, mobile applications, or other services that link to this policy (collectively, the “Service”).

By registering, accessing, or using the Service, you agree to the terms below. If you do not agree with any part of this policy, please do not use the Service.

 

2. Scope & Applicable Laws

2.1 Geographic & Legal Scope
This Privacy Policy governs all data collected or processed through the Service and applies to users worldwide. We comply with the following laws and regulations, as applicable to your location:

  • U.S. Federal and State Laws:
     

    • California Consumer Privacy Act (CCPA)
       

    • Illinois Biometric Information Privacy Act (BIPA)
       

    • Texas Capture or Use of Biometric Identifiers or Biometric Information Act (Texas CUBI)
       

    • Washington’s Biometric Privacy Act
       

    • Children’s Online Privacy Protection Act (COPPA) (for users under 13)
       

  • International Laws:
     

    • General Data Protection Regulation (GDPR) (EU residents)
       

    • Any other local data protection or privacy laws that apply to your jurisdiction.
       

2.2 Children
Our Service is not directed at children under 13. We do not knowingly collect or store personal data, account data, transcription data, or biometric information from anyone under 13. If we learn that we have inadvertently collected data from a child under 13, we will delete that data promptly.

 

3. Definitions

For clarity, the following capitalized terms have the meanings defined below:

  • Personal Information / Personally Identifiable Information (“PII”): Data that directly identifies an individual (e.g., name, address, email).
     

  • Account Information: PII that you provide in order to create or maintain your InTune account (e.g., name, email address, password).
     

  • Biometric Information: A subset of “sensitive personal data” consisting of a person’s physiological, biological, or behavioral characteristics that allow or confirm unique identification. Under BIPA, Texas CUBI, and Washington law, this includes “voiceprints” or “voiceprint templates” derived from voice recordings.
     

  • Voice Recordings: Raw audio files captured via your device’s microphone when you engage with any voice-driven features of the Service.
     

  • Voiceprint Template / Voice Embedding: A digital representation (“template”) of your unique vocal characteristics (e.g., fundamental frequency, spectral features, embeddings) derived from raw voice recordings. These are considered Biometric Information under applicable statutes.
     

  • Transcription Data: Text content generated by converting your voice recordings into written form (e.g., speech-to-text). This may include the spoken words, phrases, or sentences you utter. Transcription Data is treated as PII when it contains direct identifiers or any personal content.
     

  • De-identified Data: Data (including voiceprint templates) from which all direct identifiers have been removed so that it cannot (reasonably) be linked back to a specific individual without additional information. Refer to Section 6 for details.
     

  • Identifiers / Direct Identifiers: Data such as name, email, phone number, or any information that can directly point to a specific individual.
     

  • Third-Party Service Providers: Entities contracted by us to perform services on our behalf (e.g., cloud hosting, analytics, AI model training). These parties are strictly prohibited from using data beyond the scope of our instructions and must implement at least the same privacy measures we use.
     

 

4. Information We Collect

4.1 Account Information (PII)
When you register for an InTune account or otherwise provide information to us, we collect:

  • Name (e.g., first and last name)
     

  • Email Address (used for login and communication)
     

  • Encrypted Password (stored as a salted hash)
     

  • Date of Birth (only if necessary to verify age; not required for general use)
     

  • Other Profile Details you may choose to add (e.g., preferred username).
     

We use Account Information to:

  • Create and manage your user profile and credentials.
     

  • Send transactional or account-related notices (e.g., password resets).
     

  • Communicate service-related information (e.g., updates, policy changes).
     

  • Provide customer support.
     

4.2 Voice Recordings & Biometric Information
We collect and process Biometric Information—specifically, voice data—in two forms:

  1. Raw Voice Recordings (Identifiable Voice Data)
     

    • Audio captured when you explicitly use any voice-driven feature (e.g., voice analysis, guided sessions, microphone input).
       

    • Stored in an identifiable form (linked to your account) for up to 45 days (see Section 6.1).
       

    • We collect raw voice recordings only after you have provided explicit, written (or electronic) consent via our in-app “Biometric Consent” screen (Section 7). Consent is timestamped and logged.
       

  2. De-identified Voiceprint Templates / Voice Embeddings (Biometric Templates)
     

    • After the 45-day window, we strip all direct identifiers from raw recordings (e.g., account ID, filename), creating a “de-identified voiceprint.”
       

    • These templates remain regulated as Biometric Information under BIPA, Texas CUBI, and Washington law until they are permanently deleted.
       

    • Retained for up to three (3) years from your last interaction, or sooner if no longer needed (see Section 6.2).
       

Important: At no point do we transmit or store your raw voice recording to any third party unless explicitly required for a Service feature you have consented to (e.g., cloud-based speech recognition). Any third party receiving raw recordings or templates must handle them under the same strict privacy terms described here (Section 8).

4.3 Transcription Data

  • What It Is: If you opt to receive a text transcript of your voice session, we convert your raw voice recordings into written form.
     

  • Why We Collect It: To:
     

    • Display or allow you to download a readable transcript of your spoken content (e.g., guided meditation prompts, logging your own notes).
       

    • Improve our speech-to-text models and natural language processing (NLP) features.
       

  • How We Store It:
     

    • Within 45 Days: Transcription Data generated directly from a raw voice recording is stored together with that recording on secure servers, tied to your account (thus considered PII if it contains direct references to you).
       

    • After 45 Days: Any transcription that contains direct identifiers (e.g., your own name uttered during the session) is redacted or converted to a de-identified form. If the transcription does not include identifiers, it may be kept as “non-identifiable” usage data for up to one (1) year for analytics.
       

  • Retention & Deletion: See Section 6.1 (Identifiable Transcripts) and Section 6.4 (Non-identifiable Transcripts).
     

4.4 Device & Usage Data

  • Device Identifiers: IP address, device model, operating system version, browser type.
     

  • Usage & Analytics: Pages visited, features used, session cookies, crash logs, and diagnostic data.
     

4.5 Customer Support Communications

  • If you contact our support team (via in-app chat, email, or phone), we store any PII you provide (e.g., email, problem description) to resolve your inquiry. These communications may be linked to your account for up to 45 days or as needed to track and close a support ticket.
     

4.6 Consent Logs

  • We maintain a timestamped record each time you provide or withdraw consent for Biometric Information collection (via our in-app Biometric Consent screen).
     

 

5. How We Use Your Information

5.1 Provision of the Service

  • Account Management: Use Account Information (name, email, encrypted password) to enable login, profile updates, and security features.
     

  • Voice Analysis & Personalization: Process raw voice recordings to generate de-identified voiceprint templates and/or embeddings. These drive personalized content (e.g., tailored binaural beats, session recommendations).
     

  • Session Continuity: For up to 45 days, identifiable recordings and corresponding transcription data let you revisit or resume earlier sessions seamlessly.
     

5.2 Transcription & NLP Improvement

  • Transcript Delivery: Provide you with a text transcript when you request one, stored alongside your raw recording for up to 45 days.
     

  • Model Training & R&D: Use de-identified chunks of Transcription Data (with all PII stripped) to improve speech-to-text engines and natural language understanding modules.
     

5.3 Research & Development (R&D)

  • AI Model Improvement: Use de-identified voiceprint templates to train our machine learning models to improve recognition accuracy, emotional profiling, and personalization algorithms.
     

  • Statistical Analysis: Aggregated, de-identified Transcription Data and voiceprint templates help us research overall usage patterns, language trends, and usability enhancements.
     

  • Compliance with Biometric Laws: Any use of de-identified biometric templates or Transcription Data for R&D is strictly for the purposes we have disclosed; we do not re-link them to individuals after de-identification.
     

5.4 Service Operations & Analytics

  • Performance Monitoring: Collect device and usage metrics (crash logs, feature usage) to identify and fix bugs, improve UI/UX, and gauge feature adoption.
     

  • Fraud Prevention & Security: Analyze voice patterns in real time to detect suspicious access (e.g., deepfake attempts). Suspicious attempts are logged, and we may disable voice features during that session to safeguard your data.
     

  • Internal Reporting: Use aggregated, de-identified usage statistics (including anonymized Transcription Data) to generate reports on overall trends (e.g., which self-care sessions are most popular).
     

5.5 Customer Support & Communications

  • Support Requests & Inquiries: We use any PII (e.g., name, email) you provide when contacting customer support solely to respond or resolve your issue. We do not link those inquiries to biometric or voice data beyond the 45-day retention window.
     

No “Selling” of Data: We do not sell any PII, Transcription Data, or Biometric Information. We may share truly de-identified, aggregated data with partners under strict contracts (Section 8), but such sharing does not constitute a “sale” under CCPA because no person can re-identify it.

 

6. Data Retention & Deletion

6.1 Retention of Identifiable Voice Recordings & Transcription Data (0 – 45 Days)

  • Purpose: To allow you to resume sessions, access transcripts, or update preferences.
     

  • Storage: Raw voice data and any corresponding transcription data that contains direct identifiers are encrypted at rest and accessible only by a minimal set of authorized personnel.
     

  • Deletion Timeline:
     

    1. 45 Days After Recording Date: We automatically purge all direct identifiers from both the raw recordings and any associated transcription data. Raw recordings transform into de-identified voiceprint templates; transcripts with identifiers are redacted or moved to “non-identifiable” storage (Section 6.4).
       

    2. Earlier Deletion on Request: If you withdraw consent or request deletion before 45 days, we will delete raw voice recordings and any identifiable transcripts within 30 days of your request.
       

6.2 Retention of De-identified Voiceprint Templates (Biometric Data)

  • Purpose: Enable continuous improvement of our ML models, provide personalized experiences, and conduct aggregated analytics.
     

  • Duration:
     

    • Retained for up to three (3) years from your last interaction, or sooner if no longer needed (whichever is earlier), in compliance with Illinois BIPA, Texas CUBI, and Washington’s Biometric Privacy Act.
       

    • After three years of inactivity or once internal teams confirm “no longer needed” for any legitimate business purpose, these templates are permanently and securely deleted.
       

  • Deletion on Request:
     

    • If you request deletion of all your data (see Section 10), we will:
       

      1. Immediately delete any remaining identifiable recordings and associated identifiable transcripts.
         

      2. Initiate permanent deletion of de-identified voiceprint templates within 30 days or earlier if no legitimate business use remains.
         

6.3 Retention of Account Information (PII)

  • Account Data & PII:
     

    • We retain your Account Information (name, email, encrypted password) only as long as you maintain an active account or as needed for security, fraud prevention, and legal obligations.
       

    • If you request deletion of your Account Information, we will erase it within 45 days in compliance with CCPA (California) and GDPR (EU).
       

6.4 Retention of Non-identifiable Transcription & Usage Data

  • Non-identifiable Transcription:
     

    • If a transcript does not contain direct identifiers (e.g., you did not state your name or other PII in the recording), that transcript is considered “non-identifiable.” We may retain non-identifiable transcription for up to one (1) year for analytics and model training.
       

  • Usage Logs & Analytics:
     

    • Aggregated and de-identified logs (e.g., feature usage, error reports) are retained for up to five (5) years to support ongoing security, product improvements, and business analytics.
       

    • Any usage logs containing PII or identifiers are purged within 45 days unless otherwise required for legitimate business or legal purposes.
       

6.5 Special Note on “De-identification” vs. “Anonymization”

  • We use “de-identified” to indicate that all direct identifiers have been removed, but the data still retains its biometric utility (voiceprint or transcript context).
     

  • Under BIPA, de-identification alone does not fully exempt data from being “Biometric Information.” Biometric templates remain regulated until permanent deletion.
     

 

7. Biometric Information & Consent

7.1 What Is Biometric Information?
Under Illinois BIPA (740 ILCS 14/10), Texas CUBI (Texas Business & Commerce Code § 503), and Washington’s Biometric Privacy Act (RCW 19.375), “Biometric Information” includes “a record of an individual’s voiceprint” and any digital representation of a voice. In our Service, “Biometric Information” means:

  1. Raw Voice Recordings (audio) captured via the microphone.
     

  2. Voiceprint Templates, Embeddings, or any numeric/graphical representation derived from those recordings (e.g., spectral features, emotion metrics).
     

7.2 Why We Collect Biometric Information

  • Voice Analysis & Personalization: To generate tailored meditation, relaxation, or focus sessions based on your vocal characteristics.
     

  • Security & Fraud Prevention: To confirm that you (and not someone else) are using your account when voice authentication is required.
     

  • Research & Model Training: To improve speech recognition and emotional modeling in our AI, creating a better user experience over time.
     

7.3 How We Obtain Consent

  • Affirmative, Written Consent Required Before Collection: Before collecting any voice recording, you will see a dedicated “Biometric Consent” screen in the app. That screen explains:
     

    1. Which Biometric Information is collected (raw recording; derived voiceprint).
       

    2. Why it is being collected (Personalization, Security, R&D).
       

    3. How long it will be stored (45 days for identifiable recordings; up to 3 years for de-identified templates).
       

    4. How you can withdraw consent and the consequences of doing so.
       

  • You must tap “I Agree” (or equivalent) to proceed. This action is logged with a timestamp, your user ID, and the consent text presented.
     

7.4 Withdrawing Consent

  • How to Withdraw:
     

    1. In the mobile app: Go to Settings → Privacy & Security → Biometric Consent and tap “Revoke Consent.”
       

    2. Or email privacy@realitymgmt.com with subject “Withdraw Biometric Consent.”
       

  • What Happens on Withdrawal:
     

    1. We immediately cease collecting any new voice recordings or Transcription Data.
       

    2. Any identifiable voice recordings and transcription data still within the 45-day window are permanently deleted within 30 days of withdrawal.
       

    3. De-identified voiceprint templates are deleted within 30 days if no longer needed for any legitimate business purpose.
       

    4. We will confirm deletion in writing (email or in-app notification).
       

 

8. Sharing & Disclosure of Data

8.1 No Sale of Personal or Biometric Information

  • We do not sell, rent, or lease your PII, Transcription Data, or Biometric Information.
     

  • Under CCPA, if we ever share de-identified, aggregated data in a manner that could be construed as a “sale,” we will provide a clear notice and opt-out mechanism (“Do Not Sell My Personal Information”).
     

8.2 Third-Party Service Providers
We may share PII, de-identified voiceprint templates, Transcription Data, and usage data with third parties that provide services on our behalf, including:

  • Cloud Hosting & Storage: e.g., AWS, Azure.
     

  • AI & ML Model Training: e.g., contracted research labs or model-hosting platforms.
     

  • Analytics & Monitoring: e.g., Google Analytics, internal dashboard providers.
     

  • Payment Processors: e.g., Stripe, PayPal (for billing).
     

These providers:

  1. Process data only on our instructions.
     

  2. Are contractually obligated to maintain confidentiality and cybersecurity measures at least as stringent as ours.
     

  3. Are prohibited from using personal, transcription, or biometric data for any purpose other than providing the contracted service.
     

8.3 Research Institutions & Academic Partners

  • We may share aggregated, truly de-identified datasets (no linkage keys remain) with academic or industry partners strictly for research on voice analytics, wellness, and language patterns.
     

  • All data shared in this manner is irreversibly de-identified (no way to re-link to an individual).
     

8.4 Legal Requirements & Protection of Rights

  • We may disclose PII, Biometric Information, or Transcription Data if required by law (e.g., court order, subpoena), or if necessary to:
     

    • Protect national security or public safety.
       

    • Investigate fraud, security incidents, or unauthorized use of the Service.
       

    • Defend our legal rights or those of our users.
       

 

9. Security Measures

We implement and maintain industry-standard technical, administrative, and physical safeguards to protect your data, including:

  • Encryption: All data—Account Information, raw voice recordings, de-identified templates, transcription data, and usage logs—is encrypted both in transit (TLS 1.2+ / HTTPS) and at rest (AES-256).
     

  • Access Controls & Logging:
     

    • Only a minimal, role-based subset of employees may access identifiable voice data or identifiable transcription data.
       

    • All access to PII, Biometric Information, and Transcription Data is logged and audited monthly by our security team.
       

  • Secure De-identification Process: Voice recordings are de-identified in a secure, air-gapped environment; transcripts containing PII are automatically redacted or moved to non-identifiable storage.
     

  • Vulnerability Management & Penetration Testing: Quarterly third-party penetration tests; any identified vulnerabilities are remediated within 30 days.
     

  • Incident Response Plan: A documented security incident response playbook governing notifications, root cause analysis, and remediation steps.
     

Note: No system can be 100 % secure. If you suspect any unauthorized access or misuse of your data, please contact us immediately at security@realitymgmt.com.

 

10. Data Breach Notification

We adhere to all applicable breach notification laws:

10.1 U.S. Requirements

  • General U.S. Law: We will notify affected individuals “as soon as practicable” and no later than 30 days after confirming a security breach that materially compromises PII, Transcription Data containing direct identifiers, or Biometric Information.
     

  • State-Specific Rules:
     

    • California (CCPA): Additional notice to California residents if their personal information, transcription data, or biometric data is compromised.
       

    • Illinois (BIPA): If biometric templates or voiceprints are breached, we will notify affected Illinois residents promptly and coordinate with the Illinois Attorney General if required.
       

10.2 EU & GDPR Requirements

  • For EU residents, if a breach affects personal data (including any PII or transcription containing identifiers), we will notify the relevant Data Protection Authority within 72 hours of becoming aware of the breach and inform affected individuals without undue delay.
     

Notifications will include:

  1. Description of the breach, including date/time discovered and date/time occurred (if known).
     

  2. Types of data involved (e.g., “voiceprint template,” “text transcript containing name,” “email address”).
     

  3. Steps taken to contain and remediate.
     

  4. Recommendations for users to protect themselves (e.g., reset passwords, monitor accounts).
     

  5. Contact information for questions and further assistance.
     

 

11. Your Rights & Choices

11.1 European Union (GDPR)
If you reside in the EU, you have:

  • Right of Access: Request a copy of any personal data we hold about you (including Account Information, transcription data, and biometric templates).
     

  • Right to Rectification: Request correction of inaccurate or incomplete data.
     

  • Right to Erasure (“Right to Be Forgotten”): Request deletion of personal data (including transcription data containing direct identifiers and biometric templates) when no longer necessary or if you withdraw consent.
     

  • Right to Restrict Processing: Temporarily halt processing under certain circumstances (e.g., accuracy contested).
     

  • Right to Data Portability: Receive your data (e.g., your Account Information and non-identifiable usage logs) in a structured, machine-readable format.
     

  • Right to Object: Object to our processing of your data for direct marketing or legitimate interest.
     

  • Right to Withdraw Consent: Withdraw any previously granted consent (e.g., for voice recordings).
     

To exercise these rights, contact us at privacy@realitymgmt.com or use the in-app “Privacy Dashboard.” We will respond within 30 days (plus one 30-day extension if needed).

11.2 California (CCPA)
If you are a California resident, you may:

  • Know What We Collect: Request disclosure of categories of PII, Transcription Data, or Biometric Information we have collected, used, or disclosed in the past 12 months.
     

  • Request Deletion: Ask us to delete your personal, transcription, or biometric data, subject to certain exceptions (e.g., completing a transaction, detecting security incidents).
     

  • Opt Out of Sale of Data: Although we do not “sell” PII, Transcription Data, or Biometric Information as defined by CCPA, you can request a “Do Not Sell My Personal Information” if you believe we are sharing for cross-context advertising or similar.
     

  • Non-Discrimination: We will not discriminate against you for exercising any CCPA rights (e.g., by lowering service quality or charging different prices).
     

Submit a request via privacy@realitymgmt.com or our “Do Not Sell/Share My Info” web form. We will verify your identity (e.g., email verification) and respond within 45 days (may extend another 45 days with notice).

11.3 Illinois (BIPA), Texas (CUBI), and Washington Biometric Laws
If you reside in Illinois, Texas, or Washington, you have additional rights regarding Biometric Information:

  • Right to Informed Written Consent: We will obtain your detailed, written consent before collecting any biometric data (see Section 7).
     

  • Right to Disclosure: You may request a description of what biometric data (voiceprint templates) we have collected, how it is used and stored, and any third parties with whom it is shared.
     

  • Right to Receive Copies: You may request a copy of any biometric identifiers or templates we hold about you.
     

  • Right to Deletion: You may request that we delete all biometric data if no longer needed for the purpose it was collected (e.g., you have not used the Service in 3 years).
     

  • Right to Sue for Violations (Illinois only): If we violate BIPA’s provisions (e.g., no proper consent, failure to delete), you may have the right to statutory damages in state court.
     

To exercise these rights, email privacy@realitymgmt.com with subject “Biometric Data Request” and specify which right you wish to exercise. We will comply within 30 days, or sooner if required by state law.

 

12. Opting Out & Managing Your Consents

12.1 Disabling Voice Data Collection

  • In the app, navigate to Settings → Privacy & Security → Biometric Consent and toggle off “Allow Voice Collection.”
     

  • Alternatively, email privacy@realitymgmt.com with subject “Disable Voice Collection.”
     

Once disabled, we will:

  1. Stop collecting any new voice recordings or Transcription Data.
     

  2. Delete any un-de-identified voice recordings and associated transcription containing identifiers within 30 days.
     

  3. Delete any de-identified voiceprint templates within 30 days or sooner if no legitimate business use remains.
     

12.2 Opting Out of Transcription Storage

  • In the app, go to Settings → Privacy → Transcription Settings and toggle off “Store Transcription.”
     

  • If you opt out, we will still capture your raw recording (if you use voice features) but will not store any text transcript.
     

  • Note: This does not delete transcripts already stored; to delete existing transcripts, submit a “Right to Delete” request (Section 11).
     

12.3 Opting Out of Analytics & Marketing

  • In-App: Settings → Privacy → “Opt Out of Usage Analytics.”
     

  • Email: Send “Opt Out Analytics” to privacy@realitymgmt.com.
     

  • We will remove you from any marketing or analytics processes within 45 days.
     

 

13. Children & COPPA

Our Service is not directed to children under 13. We do not knowingly collect PII, Transcription Data, or Biometric Information from children under 13. If we learn that a user under 13 has provided us personal data, we will promptly delete it from our systems. If you believe we have collected data from a child under 13, please contact us immediately at privacy@realitymgmt.com.

 

14. Changes to This Privacy Policy

We may update this Privacy Policy at any time to reflect changes in our practices, new regulations, or legal requirements. When we make material changes—especially those affecting your rights regarding Biometric Information, Transcription Data, or Account Information—we will:

  1. Post the revised policy on our website and within the app with a new “Last Updated” date.
     

  2. Send a notice (email or in-app) if the changes significantly affect your rights under GDPR, CCPA, or biometric statutes (BIPA, Texas CUBI).
     

Your continued use of the Service after the “Effective Date” of a revision constitutes acceptance of the updated policy.

 

15. Contact Us

If you have any questions or wish to exercise your rights under this Privacy Policy (e.g., access, deletion, rectification, restrict processing), please contact us:

Reality Mgmt Technologies, Inc.
Email: privacy@realitymgmt.com
 

​

bottom of page