Data Security

Last updated: February 21, 2026

At Vocedia, we take the security of your data seriously. This page outlines the technical and organizational measures we implement to protect your personal information.

1. Encryption

🔒 In Transit

All communication between the Vocedia app and our servers is encrypted using TLS 1.2+ (HTTPS). This ensures your data cannot be intercepted during transmission.

🗄️ At Rest

Sensitive data such as passwords are encrypted using industry-standard hashing algorithms (bcrypt). Database storage is encrypted at the infrastructure level.

2. Authentication & Access Control

We implement robust authentication mechanisms to protect your account:

  • Secure Authentication: Password-based login with encrypted storage
  • Device Registration: Link your email to your device for secure access
  • Session Management: Secure token-based sessions with automatic expiry
  • Role-Based Access: Internal systems use strict role-based access controls

3. Infrastructure Security

Our infrastructure is designed with security as a priority:

  • Cloud Hosting: Application is hosted on reputable, certified cloud platforms
  • Firewalls: Network-level firewalls protect against unauthorized access
  • Monitoring: 24/7 monitoring for suspicious activities and security incidents
  • Regular Updates: All systems are regularly patched and updated

4. Data Minimization

We follow the principle of data minimization:

  • We only collect data that is necessary for the app to function
  • Guest mode allows usage without providing personal information
  • You can choose which notifications and data sharing options to enable
  • Learning data is tied to your account and not shared with third parties for advertising

5. Third-Party Security

We carefully vet third-party services we integrate with:

Firebase (Google Cloud)

Firebase infrastructure benefits from Google's security measures, including SOC 1/2/3 and ISO 27001 certifications. Data is stored in secure, redundant data centers.

RevenueCat

Subscription data is processed by RevenueCat, which is SOC 2 Type II compliant. Payment processing is handled entirely by Apple and Google — we never see your payment card details.

6. Your Security Controls

You can take the following steps to protect your account:

  • Use a strong, unique password for your Vocedia account
  • Keep your app updated to the latest version
  • Link your email address to enable secure account recovery
  • Log out from shared devices
  • Contact us immediately if you notice suspicious account activity

7. Incident Response

In the unlikely event of a data breach:

  • We will investigate and contain the incident immediately
  • We will report the incident to relevant supervisory authorities as required by applicable laws
  • We will take steps to prevent future occurrences

8. Data Deletion

You have the right to request complete deletion of your account and all associated data at any time. To do so, simply send an email to our support team.

🗑️ How to Request Data Deletion

Send an email to support-vocedia@truecraftstudio.co with the subject line "Account Deletion Request". Please include the email address associated with your Vocedia account.

Upon receiving your request:

  • Your account will be deactivated immediately
  • All personal data, learning history, scores, streaks, and achievements will be permanently deleted within 30 days
  • Any active subscriptions should be cancelled separately through your app store (Google Play or Apple App Store)

⚠️ Important

This action is irreversible. Once your data is deleted, it cannot be recovered. If you wish to use Vocedia again after deletion, you will need to create a new account.

9. Contact Security Team

If you have security concerns or want to report a vulnerability, please contact us:

Email

support-vocedia@truecraftstudio.co