Privacy Policy

Last updated: 24 May 2026 · Effective: 24 May 2026

This policy explains what AI Alarm ("we", "the app") collects, how we use it, and the choices you have. The aim is plain language, not boilerplate. If anything's unclear, send a note via Settings → Account → Send feedback in the app.

Quick summary. AI Alarm is an alarm app. The voice message played when the alarm rings is generated by OpenAI from a short prompt that includes your name, language, and what you said the alarm is for ("Workout", "Meeting", etc.). We store your account, your alarms, and basic operational metrics. There is no in-app chat, no microphone use, no recording. You can delete your account and all associated data at any time from Settings → Account.

1. Who we are

AI Alarm is operated by an independent developer based in the European Union. The data controller for the purposes of GDPR is the operator listed at the bottom of this page. We do not have an appointed Data Protection Officer; for any data-related question please use the contact channel below.

2. What we collect

2.1 Account information

Email address — required to sign in and to recover access.
Display name — optional; used by the chosen persona in greetings ("good morning, Daniel").
Language preference — the language the alarm messages are written in.
Password — stored only as a bcrypt hash; we cannot read your password.
Google account identifiers (if you use Google sign-in) — your Google subject ID, email, name, and avatar URL. We do not request or store any other Google profile field.
Account timestamps — when you signed up and last signed in.
Plan — Free / Pro / Complimentary, plus paid-until date for paid plans.

2.2 Device information

A randomly generated device identifier (UUID) created on first launch. This is not a hardware identifier — it lives in the app's local storage and is reset by reinstalling the app.
Platform (Android), and the app version you're running.

2.3 Alarm data

Your alarms: time, weekday mask, enabled flag, snooze duration, this-phone-only flag.
The persona you picked for each alarm (Friend, Mama, Drill Sergeant, etc.) and what the alarm is for (Wake up, Workout, Meeting, your own custom one-line purpose).
The last generated message text for each alarm — kept so you can see what the alarm last said and so the app shows it without an extra round-trip.
Generated audio files for the alarm messages, kept on the server until they have been downloaded to your device.

2.4 Operational metrics

Alarm fire log: timestamp, alarm id, and source (scheduled or test) of every alarm that triggered. Used to compute reliability ("did the alarm actually fire?").
Generation cost and usage metrics: provider, persona, purpose category, music track/source, audio duration, file size, estimated credits/cost, and provider request id for generated alarm audio. We do not store the generated message text in this cost ledger.
Server access logs: standard web-server logs (IP address, timestamp, requested URL, response code) kept for up to 30 days for security and debugging.

2.5 Feedback (when you send any)

If you tap Settings → Account → Send feedback, we attach: your phone manufacturer and model, Android SDK version, app version, and the state of alarm-related permissions (notifications enabled, exact alarm allowed, etc.). The text body is what you typed. We don't attach anything from your alarms or other apps.

2.6 What we do NOT collect

Hardware identifiers (IMEI, advertising ID, MAC address).
Your contacts, photos, location, calendar, or call history.
Anything from other apps on your device.
Microphone audio. Under the current product (alarm-only, no chat) the app does not use the microphone at all. The current Android manifest does not request RECORD_AUDIO.
Conversation history. The in-app conversation feature was retired; we do not record what you say to the app because there is no longer anywhere to say it.

3. How we use this data

Strictly to run the app:

Sign you in and keep you signed in.
Schedule and deliver your alarms.
Generate the personalised alarm text and audio once, per alarm, the night before (or whenever you tap Refresh).
Diagnose problems when you send feedback.
Compute aggregate metrics (e.g. how many users signed up this week, which personas and music modes are used, and AI/TTS cost per provider) — these aggregates contain no generated message text.

We do not sell your data. We do not show advertising. We do not profile you for marketing. We do not use any of the prompts or generated text to train any model.

4. Third-party processors

The app needs help from a few third parties to function. They process your data on our behalf, under their own privacy policies.

4.1 OpenAI

Important: When the app generates an alarm message, we send a short prompt to OpenAI that includes your display name (if set), your language, and what the alarm is for. OpenAI returns a short text message and the corresponding audio. Treat OpenAI as a recipient of those fields.

What we send per alarm-bake:

Your display name (if set) and language.
The alarm's purpose (e.g. "Workout") and its time-of-day.
The selected persona's prompt (a static system message — identical for every user picking that persona).
Your snooze count for this alarm chain (so the message can escalate within character).

What OpenAI returns: the message text and an MP3 audio file. The audio is then mixed with optional background music on our server, saved, and downloaded to your phone.

OpenAI's policy on data handling for API customers is summarised at openai.com/policies/api-data-usage-policies. At time of writing, OpenAI states that API content is not used to train their models and is retained only for abuse-monitoring purposes for up to 30 days. We have no control over this — read their policy directly. OpenAI processes data in the United States; by using the app you accept that the prompts above are transferred to the US.

4.2 Google

Google Sign-In — if you choose Sign in with Google, Google authenticates you and provides us with your email, name, profile picture URL, and a stable subject ID. Standard OAuth flow. See Google Privacy Policy.
Google Play Billing (when launched on the Play Store) — handles subscription payments. We do not see your card or bank details.

4.3 Email delivery (password reset)

Password-reset emails are sent through Microsoft 365's SMTP relay (Outlook). The recipient's address and the reset link itself are visible to that relay, as for any email.

4.4 Hosting

The application server runs on a virtual private server provided by a commercial hosting provider in the European Union. The provider has no application-level access to the database content but does have physical access to the underlying hardware, governed by their own data-processing agreement.

5. Where data is stored

Application data (your account, alarms, metrics) is stored in a MariaDB database on a single server in the European Union. Generated audio files are stored on the same server's disk until they are delivered to your device. The disk is encrypted at rest at the hosting provider's level.

Backups: the database is dumped nightly and retained for 30 days, encrypted at rest. Off-site replication will be added before the public Play Store launch and this section will be updated to reflect it.

6. How long we keep data

Account data: until you delete your account. After deletion: removed within 30 days from active databases. Backup copies are removed at the next backup-rotation cycle (currently up to 30 days).
Alarm rows + last message text: until you delete the alarm or your account.
Generated alarm audio: deleted automatically a few days after delivery to your device.
Alarm fire log: kept indefinitely as anonymous-from-content metrics. Contains no message body or personal text.
Feedback messages: kept until resolved + a reasonable archival window (12 months) so we can correlate similar reports.
Server access logs: up to 30 days.

7. Your rights

If you live in the European Economic Area, the United Kingdom, or California (or anywhere with similar legislation), you have the following rights regarding your personal data:

Access — ask us what we hold about you.
Rectification — fix anything that's wrong.
Erasure — have your data deleted ("right to be forgotten"). The fastest path is the in-app "Delete my account" button (Settings → Account → Danger zone). It removes the account and all associated rows.
Portability — receive a machine-readable export. Send a feedback message asking for it and we'll mail back a JSON dump.
Restriction / Objection — limit or object to certain processing. Send a feedback message.
Withdraw consent — sign out, uninstall, or delete the account. The AI feature stops receiving any further data the moment you do.
Lodge a complaint — with your local supervisory authority if you believe we're handling your data incorrectly.

We respond to requests within 30 days. We may ask for proof that you're the account holder (e.g. a sign-in from your registered email).

8. Children

The app is not directed at children under 13 (16 in some EU jurisdictions). We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

9. Security

We use HTTPS for all connections, bcrypt for password storage, HttpOnly + Secure session cookies, and standard server hardening. The in-app updater verifies the signing certificate of the next APK before handing it to the system installer, so a compromised CDN cannot push malicious code to existing users. We are a small team without a formal security audit. We will disclose any confirmed breach to affected users within 72 hours where required by law.

10. Changes to this policy

If we change something material — a new third party, a new data type collected, a change in retention — we'll update the "Last updated" date and notify you in the app. Continuing to use the app after a change means you accept the updated policy.

11. Contact

The fastest path is in-app: Settings → Account → Send feedback. For data-protection requests specifically, prefix the message with "GDPR" or "data request". We aim to respond within 7 working days, 30 calendar days at the outside.

This policy is provided in good faith but is not a substitute for legal advice tailored to your jurisdiction. If you find a wording that contradicts the actual behaviour of the app, that's a bug — please report it.