SpeechOS microphone logo
SpeechOS
← Back to Home

Privacy Policy

Last Updated: January 22, 2026

This Privacy Policy explains how Vibrato Labs, Inc. ("SpeechOS," "we," "us," or "our") collects, uses, discloses, and protects information when you interact with our websites, developer documentation, dashboards, SDKs, APIs, and embeddable voice widget (collectively, the "Services").

Business use only. SpeechOS is provided for commercial use by organizations. If you are using SpeechOS on behalf of an organization, your use may be governed by a contract between SpeechOS and your organization (an "Agreement"), such as an Order Form and/or Data Processing Addendum ("DPA").

If you do not agree with this Privacy Policy, do not use the Services.

1. Key Privacy Concepts for an Embedded Voice SDK

SpeechOS is often embedded into a customer's application. That matters for privacy roles:

  • When SpeechOS is embedded in a customer's app: The customer (your employer or the company operating the app) is typically the data controller (or "business" under certain U.S. laws). SpeechOS typically acts as a processor/service provider processing data on the customer's instructions to provide the Services.
  • When you visit SpeechOS's own site or create an account: SpeechOS is typically the controller/business of account, billing, and website analytics/marketing data.

If you are an end user interacting with SpeechOS through a customer's app, privacy questions and requests should usually be directed to that customer first (see Section 12).

2. Information We Collect

We collect information in three main buckets: (A) Account & commercial info, (B) Usage & device info, and (C) Voice/AI content processed through the Services.

A. Account and Commercial Information

We may collect:

  • Name, business email, phone number, job title, company name
  • Account credentials and authentication data (e.g., SSO identifiers where applicable)
  • Billing contact info and invoices
  • Purchase and subscription details (plan, limits, renewals)
  • Support communications (emails, tickets, chat messages) and any information you provide in them

Payment information: Payments are processed by a third-party payment processor (e.g., Stripe). We generally receive limited billing metadata (e.g., last 4 digits, payment status) and do not store full card numbers ourselves.

B. Usage, Device, and Diagnostic Data

We automatically collect information about how the Services are accessed and used, such as:

  • IP address, approximate region (derived from IP), device type, operating system, browser type/version
  • Pages/screens viewed in our dashboards and website, referral URLs, timestamps, clickstream events
  • SDK/API usage metrics (e.g., request timestamps, feature usage, error logs, latency)
  • Security and fraud signals (e.g., rate limiting events, suspected abuse indicators)

C. Customer Content (Voice, Text, Commands, and Outputs)

Depending on how a customer configures SpeechOS, we may process:

  • Audio input captured from a microphone (e.g., for dictation or commands) — by default, audio is streamed in real-time and not stored
  • Text input (e.g., "Make it shorter")
  • Context needed to operate the widget (for example, the text being edited, cursor position, or limited field context needed to insert output correctly)
  • Custom vocabulary and snippets defined by the customer or its users
  • Outputs such as transcripts, rewritten text, or command interpretations

Important: Customers decide where SpeechOS is enabled and what content end users provide. Customers are responsible for appropriate notices and consents in their applications.

3. How We Use Information

We use information for the following purposes:

A. Provide and Operate the Services

  • Process audio/text to produce transcripts, edits, and command interpretations
  • Deliver SDK/widget functionality inside customer applications
  • Maintain accounts, authentication, subscription management, and billing
  • Provide dashboards and usage analytics requested by customers

B. Improve Reliability, Safety, and Performance

  • Debugging, error analysis, performance monitoring, and capacity planning
  • Detecting, preventing, and responding to fraud, misuse, security incidents, and abuse
  • Quality measurement (e.g., aggregated error rates and latency)

C. Communicate With You

  • Respond to support requests
  • Send service notices (security updates, operational messages)
  • Send marketing communications to business contacts where permitted by law (you can opt out)

D. Compliance and Legal

  • Comply with lawful requests and legal obligations
  • Enforce our Terms and Agreements
  • Protect the rights, safety, and integrity of SpeechOS, our customers, and the public

E. Model Improvement / Training (If Enabled by Contract or Settings)

SpeechOS may offer controls or contractual options that determine whether Customer Content can be used to improve models. If your plan/Agreement does not permit training on Customer Content, then we use Customer Content only to provide and secure the Services and for limited operational improvement (e.g., debugging) as described above.

4. Cookies and Similar Technologies

We use cookies and similar technologies on our websites and dashboards to:

  • Keep you logged in and maintain session security
  • Remember preferences
  • Measure site and product usage
  • Improve performance and diagnose issues
  • Run marketing campaigns and measure conversions (where applicable)

You can control cookies via your browser settings. If we provide a cookie banner or preference center, you can also manage choices there. Disabling cookies may affect certain features.

5. Analytics and Marketing

We may use analytics tools to understand how our website and dashboards are used (e.g., page views, navigation patterns, feature adoption). We may also run B2B marketing measurement on our public landing pages (e.g., measuring which campaigns led to signups).

Marketing and advertising measurement tools are used only on public marketing pages, not in authenticated/logged-in areas of the Services. Where we engage in advertising measurement that may constitute "sharing" under applicable law, we provide opt-out mechanisms (see California section).

6. How We Share Information

We do not publish Customer Content. We share information only as described below:

A. Service Providers / Subprocessors

We share information with vendors that help us run the Services (e.g., cloud hosting, observability, support tooling, email delivery, payment processing). For voice/AI features, we may use specialized subprocessors (e.g., speech recognition or language model providers) to process Customer Content only to provide the Services.

We require vendors to protect data and limit use to providing services to us. A current list of subprocessors may be provided upon request at contact@speechos.ai.

B. Customer Administrators

If you use SpeechOS through your employer or another organization, that organization's administrators may be able to access certain account, configuration, and usage information (and potentially content, depending on how they configure logging/retention). This is governed by the customer's policies and Agreement.

C. Legal, Safety, and Rights Protection

We may disclose information if we believe it is reasonably necessary to: comply with law, regulation, subpoenas, or lawful requests; protect the security and integrity of the Services; prevent fraud or abuse; or protect the rights, property, or safety of SpeechOS, customers, or others.

D. Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

E. With Consent

We may share information if you direct us to do so or give consent.

We do not sell personal information in the traditional sense. See the California section for details on "sell/share" definitions.

7. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Because SpeechOS is embedded and configurable:

  • Audio data: By default, audio is streamed in real-time to produce transcripts and is not stored. Transcripts and other outputs may be retained according to the customer's plan and settings.
  • Usage logs and diagnostic data are generally retained for a shorter period, though some security logs may be retained longer where needed to investigate abuse or comply with law.
  • Backups may persist for a limited period even after deletion, and deletion may take time to propagate.

8. Security

We implement administrative, technical, and organizational safeguards designed to protect information, such as access controls, encryption in transit, and monitoring.

No system is 100% secure. We cannot guarantee absolute security.

SOC 2: SpeechOS is not currently SOC 2 certified. We may provide security documentation and respond to customer security questionnaires where appropriate.

9. International Data Transfers

SpeechOS is based in the United States and may process information in the U.S. and other countries where we or our vendors operate.

Where required by applicable law (e.g., GDPR/UK GDPR), we use appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) and related addenda, as reflected in our DPA.

10. Children's Data

The Services are not directed to children and are intended for business use. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to SpeechOS, contact us at contact@speechos.ai.

11. Your Choices

A. Marketing emails

You can opt out of marketing emails by using the unsubscribe link or contacting contact@speechos.ai. Service-related messages (billing, security, operational notices) may still be sent.

B. Cookies

You can control cookies in your browser and (if offered) our cookie preference tools.

C. Customer Content controls

Depending on plan and configuration, customers may control certain data handling behaviors (e.g., retention, whether content may be used for model improvement, etc.) via admin settings or contract terms.

12. Privacy Requests and Data Subject Rights

Because SpeechOS is often used inside customer applications, who you should contact depends on context:

If you are an End User in a customer's app

The customer operating that app is typically responsible for responding to requests about data processed in that context. Contact that customer directly.

If you are a SpeechOS account holder or website visitor

You can contact us at contact@speechos.ai to request access, correction, deletion, or other rights where applicable. We may need to verify identity and authority.

GDPR/UK GDPR (EEA/UK/Switzerland)

Where SpeechOS is a processor, requests should generally go to the customer (controller). Where SpeechOS is a controller (e.g., website/account data), we will support rights requests as required by law, including access, correction, deletion, restriction, objection, and portability.

13. Third-Party Links and Services

Our Services may link to third-party websites, documentation, or services. Their privacy practices are governed by their own policies, not this one.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date above. If changes materially reduce your rights, we will provide reasonable notice (e.g., via email or in-product notice), when feasible.

15. Contact Us

Vibrato Labs, Inc.
2261 Market Street, STE 10415
San Francisco, CA 94114
United States

Email: contact@speechos.ai

California Privacy Notice (CPRA)

This section supplements the Privacy Policy for California residents and California-based business contacts.

A) Categories of Personal Information We Collect

Depending on the interaction, we may collect:

  • Identifiers (name, email, IP address, account identifiers)
  • Commercial information (subscription and billing metadata)
  • Internet/network activity (usage logs, device/browser data, interactions with websites/dashboards)
  • Geolocation data (approximate location derived from IP)
  • Audio and text information you submit through the Services (as Customer Content, when applicable)
  • Professional information (company, role)
  • Inferences (e.g., inferred interest in certain product features based on usage; used for product and marketing)

B) Purposes for Collection/Use

We use these categories for:

  • providing and operating the Services,
  • account administration and support,
  • security and fraud prevention,
  • analytics and product improvement,
  • marketing (for business contacts, where permitted),
  • legal compliance.

C) Disclosures

We disclose personal information to:

  • service providers/subprocessors that help us run the Services,
  • payment processors,
  • analytics providers,
  • customers/administrators where applicable (for organizational accounts),
  • legal authorities when required.

D) "Sell" / "Share"

We do not sell personal information for money.

We may share limited website interaction data from our public marketing pages with certain advertising/analytics partners to measure and improve our marketing (which may be considered "sharing" under California law). These tools are not used in authenticated/logged-in areas of the Services. Where required, we provide opt-out mechanisms (e.g., cookie settings, "Do Not Sell or Share" link).

E) Your California Rights

Subject to verification and applicable exceptions, California residents may have the right to:

  • know/access personal information collected, used, disclosed,
  • delete personal information,
  • correct inaccurate personal information,
  • opt out of "sharing" for cross-context behavioral advertising,
  • limit the use of sensitive personal information (if applicable),
  • not receive discriminatory treatment for exercising rights.

Submit requests at contact@speechos.ai. We may verify identity and (for business accounts) authority to act.