Back to Home

Privacy Policy

Last updated: March 5, 2026

🔒

Quick Privacy Summary

To ensure transparency, here is a summary of our key privacy practices:

⌨️

Keyboard Full Access

We require "Full Access" solely to transmit the specific text you want to process (e.g., for grammar checks or rephrasing) to our secure servers and AI partners. We never log, store, or monitor your general keystrokes, passwords, or sensitive data.

📦

Data Minimization

We collect only what is necessary: account info (email), the text snippet you send for AI processing, and standard technical data (device info, usage statistics, crash logs) to maintain and improve the Service.

🤖

Third-Party AI Processing

When you trigger an AI feature, the selected text is sent over an encrypted connection to our secure servers and forwarded to OpenAI for processing. OpenAI is contractually obligated to provide the same level of data protection as described in this policy and is prohibited from using your data to train their models.

No Text Storage

Your text is sent to AI only when you explicitly trigger a feature (e.g., tap "Fix Grammar"). It is processed in real time and immediately deleted — we never store the content of your messages on our servers.

🔗

Third-Party Privacy Policies

We only work with AI providers that meet strict privacy standards. You can review their policy here: OpenAI Privacy Policy.

🚫

No Data Selling

We do not sell, rent, or trade your personal data to third parties or data brokers.

🗑️

Account & Data Deletion

You have full control over your data. You can delete your account and all associated personal data at any time via the "Delete Account" button in App Settings or by emailing filippov@getphrase.app. Requests are processed within 30 days.

Your privacy is not a formality for us — it is a core principle of how Phrase is built. We do not sell, share, or exploit your data. Everything you type stays yours. This policy explains exactly what we collect, why, and how we protect it.

Table of Contents

  1. Introduction
  2. Data Controller
  3. Information We Collect
  4. How We Use Your Information
  5. Data Sharing with Third Parties
  6. AI Data Processing
  7. International Data Transfers
  8. Data Retention
  9. Data Security
  10. Data Breach Notification
  11. Your Rights (GDPR)
  12. California Privacy Rights (CCPA/CPRA)
  13. Children's Privacy
  14. Changes to This Privacy Policy
  15. Contact Us

1. Introduction

IE Alexander Filippov ("Company", "Phrase", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile keyboard application, Google Chrome browser extension, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the collection, use, and disclosure of your information as described herein.

2. Data Controller

The data controller responsible for your personal data is:

IE Alexander Filippov

Email: filippov@getphrase.app

Jurisdiction: Georgia

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • Payment Information: Subscription purchases are processed directly by Apple (App Store) or Stripe. We do not collect, see, or store any payment card details — all billing is handled entirely by these payment processors.
  • Communication: Information you provide when contacting our support

3.2 Information We Collect Automatically

  • Device Information: Device type, operating system, app version
  • Usage Data: Features used, frequency of use, session duration
  • Technical Data: Browser type, time zone
  • Input Data: Text you input for AI processing (transmitted to AI providers, see Section 6). We never store the content of your text — only anonymised metadata such as feature type used and approximate character count are logged for analytics purposes.
  • Diagnostics: Crash logs and app performance data to identify and fix technical issues

3.3 What We Do NOT Collect

We believe in radical transparency. Here is what we explicitly do not collect:

  • Your full keyboard input: We only transmit the specific text you intentionally send to an AI feature, never your general keystrokes or everything you type
  • Passwords or authentication data
  • Financial information beyond what is required for payment processing
  • Location data
  • Contacts, photos, or files
  • Browsing history or behavior across other apps and websites
  • Any data from minors

We collect only the minimum information necessary to provide and improve the Service.

4. How We Use Your Information

  • Service Provision: To provide, maintain, and improve the Service
  • Payment Processing: To process subscriptions and manage billing
  • Communication: To respond to inquiries and send service updates. Support communications may also be reviewed in aggregate and anonymised form to identify common issues and improve the Service.
  • Analytics: To understand usage patterns and improve features
  • Security: To detect and prevent fraud and abuse
  • Legal Compliance: To comply with applicable laws and regulations

5. Data Sharing with Third Parties

We share your data with the following third-party services:

  • OpenAI: Text input for AI processing. Governed by the OpenAI Privacy Policy.
  • Stripe: Payment processing. We do not store card details.
  • Apple Pay / Google Pay: Mobile payment processing.

We do not sell, rent, or trade your personal information to any third parties, advertisers, or data brokers under any circumstances.

6. AI Data Processing

This section explains in detail how Phrase handles your data when you use AI-powered features such as text improvement, translation, rephrasing, and tone adjustment.

6.1 What Data We Collect and Transmit

To power AI features, our app analyzes the text you enter directly in the keyboard interface. Specifically, we read the context around your cursor — text before and after it — to ensure accurate results. Your data is transmitted in encrypted form to our secure infrastructure hosted on Google Cloud/Firebase and then forwarded to our AI technology partners (such as OpenAI) for real-time processing.

6.2 Purpose of Processing

Your text is transmitted solely to fulfill your real-time requests, including:

  • Grammar and punctuation correction
  • Translation into other languages
  • Style and tone adjustments
  • Rephrasing for improved readability

6.3 AI Providers

Your text is processed by the following AI provider:

  • OpenAI (GPT models)

Pursuant to our agreements with each provider, transmitted data is used solely to generate a response and is not used to train their AI models.

We confirm that all third-party AI providers mentioned above are contractually obligated to provide the same or equal protection of your personal data as outlined in this Privacy Policy and required by Apple's Developer Guidelines.

6.4 Identification and Security

  • User Identification: Text is transmitted alongside an anonymous or unique User ID to allow us to apply your subscription plan and usage limits.
  • Encryption: All data is encrypted in transit using TLS 1.3.
  • No Storage: We do not store the content of your requests on our servers after processing is complete. Data is handled in memory and deleted immediately after the result is returned to you.

6.5 Your Consent

Use of AI features in Phrase is voluntary. On first launch or sign-in, the app requests your explicit consent to process text data. You may withdraw this consent at any time by discontinuing use of AI keyboard features or by deleting the app.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

8. Data Retention

We retain your personal data only for as long as strictly necessary to provide the Service. Here are the specific timelines you can rely on:

  • Account data: Retained while your account is active
  • AI request content: Deleted immediately after the response is delivered — we do not store it
  • Upon account deletion request: All personal data is permanently deleted within 30 days
  • Inactive accounts: Data is deleted after 2 years of inactivity
  • Service termination: All data is permanently deleted within 30 days of service termination

Upon deletion, data is permanently removed from our systems and cannot be recovered.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal data. Our security practices include:

  • Encryption in transit: TLS 1.3 for all data transfers between your device and our servers
  • Encryption at rest: AES-256 encryption for all stored data
  • Access control: Strict internal access policies — only authorized personnel can access data, with multi-factor authentication required
  • Regular security audits: Continuous monitoring and vulnerability assessments
  • Data isolation: Your data is isolated and cannot be accessed by other users

However, no method of electronic transmission or storage is 100% secure. We continuously update our security protocols to maintain the highest level of protection for your data.

10. Data Breach Notification

In the unlikely event of a personal data breach, we are committed to acting swiftly and transparently:

  • Within 72 hours of becoming aware of a breach, we will notify the relevant supervisory authority as required by GDPR
  • Affected users will be notified without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Notifications will include a description of the breach, the data affected, likely consequences, and the measures we are taking to address it
  • We will provide a dedicated point of contact to answer any questions related to the breach

If you believe you have identified a security vulnerability, please contact us immediately at filippov@getphrase.app.

11. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights under GDPR:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data
  • Right to Data Portability: Receive your data in a commonly used, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Withdraw Consent: You may withdraw your consent to data processing at any time, without affecting the lawfulness of processing before withdrawal
  • Right to Complain to a Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated

To exercise any of these rights, contact us at filippov@getphrase.app. We will respond within 30 days of your request.

12. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, opt-out of sale, and non-discrimination. We do not sell your personal information.

13. Children's Privacy

The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at filippov@getphrase.app and we will delete it promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have provided your email address) and post the updated policy on this page with a new effective date. Your continued use of the Service after notification constitutes acceptance of the updated policy.

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

IE Alexander Filippov

Email: filippov@getphrase.app

Jurisdiction: Georgia

We take every privacy concern seriously and will respond to your inquiry within 72 hours.