Audiu Privacy Policy

Last updated: September 29, 2025

Scope & Controller Information We Collect How We Use Information Syncing & Processing Roles App Permissions (Android)Sharing & Third Parties Data Security Data Retention Your Rights Children's Privacy International Users Changes Contact

1. Scope & Data Controller

This Privacy Policy describes how Rudnex ("we", "us", or "our") collects, uses, and protects your information when you use the Audiu mobile application.

Data controller: Rudnex
Contact: contact@rudnex.com

2. Information We Collect

Mobile App Data

Account Information: Email, password (hashed), name, surname, age, country, username
Profile Information: Name, email, age, country, optional profile image URL (Google Sign-In)
Authentication Data: Session tokens, provider information (Google Sign-In), accepted terms
Usage Data: Watch history (story titles, playback positions, timestamps), favorites, playlists
Playback Preferences: Volume settings, background play preferences, last played story, current queue (stored locally on device)
Offline Content: Optional offline downloads stored locally on your device
Device Information: Basic device type and operating system for compatibility

Note: We do not collect crash/error logs, location data, contact information, or advanced device fingerprinting.

Data We Do NOT Collect

Crash/Error Logs: No crash reporting or error logging implemented
Location Data: No location permissions requested or location data collected
Contact Information: No access to device contacts or phone numbers
Advanced Device Data: No device fingerprinting or detailed hardware information
Camera/Microphone: No camera or microphone access
Third-Party Analytics: No advertising or analytics tracking

3. How We Use Information

Account Management: Authenticate users, store profile information, manage country-specific age verification (13-16+ based on regional requirements)
Content Delivery: Stream audio stories, enable offline downloads, sync content across devices
Personalization: Track watch history, manage favorites and playlists, remember playback positions
User Preferences: Store volume settings, background play preferences, audio device settings
Content Management: Manage offline downloads and local content storage
App Functionality: Maintain session state, sync user data, provide seamless experience
Security: Prevent abuse, ensure age compliance, maintain secure authentication

4. Syncing & Data Processing Roles

Syncing Behavior

What Syncs: Favorites, playlists, and watch history sync to your account when you are logged in.
When: Sync occurs on sign‑in, during normal use when online, and when connectivity is restored.
Conflicts: Latest change generally applies (last‑write‑wins). We aim to preserve your most recent actions.
Local‑Only Mode: If you are signed out, preferences and offline content remain on the device only.

Controller vs. Processors

Data Controller: Rudnex (for Audiu app data).
Processors: PocketBase (backend platform) and Hetzner Cloud (infrastructure provider) process data on our behalf under a DPA.
Independent Services: Google Sign‑In and Google Fonts handle limited data (e.g., IP for font delivery) under their own privacy terms.

5. App Permissions (Android)

Our app requests only essential permissions:

Internet/Network Access – Required for streaming audio and API access
Storage Permissions – For offline downloads (scoped storage on Android 13+, legacy storage on older versions)
Bluetooth – For seamless audio device connection and control (including BLUETOOTH_CONNECT and BLUETOOTH_SCAN)
Notifications – For playback controls and download alerts (POST_NOTIFICATIONS on Android 13+)
Background Services – For continuous audio playback while screen is off (FOREGROUND_SERVICE_MEDIA_PLAYBACK)
Audio Settings – For volume control and audio focus management (MODIFY_AUDIO_SETTINGS)
Wake Lock – To prevent device sleep during audio playback
Vibration – For notification alerts

We do NOT request:

Location access
Contacts or phone numbers
SMS or call logs
Camera or microphone (except for optional voice reactions)
Unnecessary file system access

7. Data Security

HTTPS‑only transport for all network communications
Secure token and session management via PocketBase authentication
Minimal app permissions following principle of least privilege
Password hashing using bcrypt for secure credential storage
Encrypted local storage for sensitive information
Secure cloud infrastructure via Hetzner with appropriate safeguards
No crash reporting - no error logs or crash data collected

8. Data Retention

Account Data: Email, name, surname, age, country, username retained while your account is active
Usage Data: Watch history (story titles, playback positions, timestamps), favorites, playlists stored in PocketBase database
Playback Preferences: Volume settings, background play preferences, last played story, current queue stored locally on device only
Offline Downloads: Remain on your device until you delete them
Session Data: Automatically cleared when you log out
Deleted Accounts: All user data, usage data, and preferences removed within 30 days of account deletion
No Crash Data: No error logs or crash reports are collected or stored

You can request immediate deletion of your data by contacting us at contact@rudnex.com.

9. Your Rights

Access your personal data (profile information, usage data, preferences)
Correct inaccurate information (name, email, age, country)
Delete your account and all associated data (watch history, favorites, playlists)
Export your data (playlists, favorites, watch history, playback preferences)
Manage your audio reactions and voice recordings
Revoke Google Sign‑In access via your Google account settings
Control your playback preferences and volume settings

Contact us at: contact@rudnex.com for any data‑related requests.

10. Children's Privacy & Regional Age Requirements

Audiu implements age verification measures to comply with international children's privacy laws, including COPPA, GDPR, and other regional regulations. The minimum age requirement varies by country to ensure full legal compliance.

Regional Age Requirements

GDPR Countries (EU): Age requirements vary from 13-16 years based on individual Member State implementations:
- 13 years: Belgium, Denmark, Estonia, Finland, Latvia, Malta, Portugal, Sweden, United Kingdom
- 14 years: Austria, Bulgaria, Cyprus, Italy, Lithuania, Spain
- 15 years: Czech Republic, France, Greece
- 16 years: Croatia, Germany, Hungary, Ireland, Luxembourg, Netherlands, Poland, Romania, Slovakia
COPPA Countries (US, Canada, Australia): 13 years minimum
Other Regions: Generally 13-14 years based on local privacy laws

Age Verification Process

Country-Specific Validation: Age requirements are automatically applied based on your selected country during registration
Neutral Age Gate: Users provide their birth year or confirm eligibility; the screen does not encourage children to falsify age
Additional Measures: For social sign‑in, profile completion (including age and country) is required before full access
Anti‑Circumvention: If age verification steps are not completed, access is limited until completion
Compliance Monitoring: We regularly review and update age verification measures to maintain compliance with evolving regulations

Data Handling for Minors

Automatic Compliance: If we learn we have data from a user below the required age for their country, we will promptly suspend the account and delete associated personal information
Parental Rights: Parents or guardians may contact us regarding their child's account or data in any jurisdiction
GDPR Rights: In GDPR territories, additional rights may apply for users under the digital consent age

Important: We do not knowingly collect personal information from children below the required age for their country. The age verification system is designed to prevent such collection while respecting regional legal requirements.

11. International Users

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Post the updated policy with a revised date
Notify users of significant changes through the app
Maintain previous versions for reference

13. Account Deletion

You can request deletion of your account and all associated personal data at any time.

In‑App: Go to Profile → Settings → Request Account Deletion (if available in your version). We will process the request within 30 days.
Email: If you cannot access the app, email contact@rudnex.com from the email address associated with your account and include the subject "Audiu Account Deletion".
What is deleted: Account details (name, surname, email, age, country), watch history, favorites, playlists, and session data stored on our servers.
Local data: Offline downloads stored on your device are not automatically removed. You can delete them from the app or by removing the files from your device storage.

After deletion is completed, remaining backups (if any) are purged during regular backup rotation cycles.

14. Contact Information

Email: contact@rudnex.com
Operator: Individual Developer (Rudnex)
App: Audiu – Audio Story Streaming

15. About the Developer

This app is developed and maintained by an individual developer under the name Rudnex. While not a registered company, Rudnex operates this project and its website to provide audio story streaming services with care for user privacy and transparency.

Website: https://rudnex.com

This application was built using AI-assisted development tools, including AI Cursor Agent, to accelerate and enhance the development process.