Privacy Policy

Vavus AI is operated by DCI Brands LLC, a Wyoming limited liability company. We act as the controller for account, billing, support, website, and product usage data unless a signed enterprise or healthcare agreement says otherwise.

Privacy and data protection requests can be sent to constantine@vavusai.com.

We collect the information needed to create and secure your account, provide translation and communication features, process billing, answer support requests, and operate the service.

• Account and profile data such as email address, name, login method, organization membership, and security settings.
• User content you choose to process, including translations, transcripts, audio, messages, files, documents, and images.
• Billing records handled through Stripe, Apple App Store, or Google Play. We do not store full payment card numbers.
• Technical data such as device type, app version, IP-derived security signals, crash diagnostics, cookies, and consent records.

We use data to provide translation, speech-to-text, text-to-speech, keyboard, messaging, calls, documents, AI chat, account management, billing, fraud prevention, support, and security features.

Marketing and analytics data is only used according to your cookie and consent settings. Translation, message, document, and audio content is not sold to advertising networks.

Vavus uses TLS in transit, account authentication, rate limits, access controls, audit logging, and encryption controls appropriate to the account type and workflow.

New history, documents, audio, and messaging flows are designed around client-side encryption where supported. Messaging is end-to-end encrypted between participants, so Vavus stores only ciphertext.

Vavus follows a simple rule: zero data retention or encrypted history. Live translation, dictation, and AI content is processed to produce your result and is not kept as cloud history unless you choose to save or sync it; anything you do keep is encrypted history Vavus cannot read.

See the Privacy Mode & Data Retention and Data Controls pages for the full detail on history modes, local storage, deletion, exports, provider handling, and healthcare controls.

Vavus uses infrastructure and service providers for hosting, speech processing, translation, payments, email, push notifications, and support operations. These services receive only the data needed for their function, under data-processing terms; providers that handle your content are configured to keep it out of model training and to minimize retention where supported, and never receive your account identity. A named sub-processor list is available to enterprise and healthcare customers under a data processing agreement.

Enterprise and healthcare customers may have separate deployment or data processing terms under a signed agreement.

Healthcare workflows require approved onboarding and a Business Associate Agreement where applicable. Healthcare accounts use stricter session limits, audit logging, PHI handling controls, and retention behavior.

Application logs are designed not to include PHI. Audit logs for healthcare workflows may be retained for 6 years where required for compliance.

Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to processing of your personal data. You can request these rights by email or through in-product account tools where available.

You can change website cookie choices from the Cookie Policy page. You can request account deletion from the Data Deletion page.

California residents may have rights under the CCPA/CPRA. To exercise these rights, email constantine@vavusai.com. We will verify your request by matching the information you provide against account, billing, support, or security records we maintain, and we may ask for additional information when needed to confirm the request.

• Right to Know: request the categories or specific pieces of personal information we have collected about you.
• Right to Delete: request deletion of personal information, subject to legal, security, billing, fraud-prevention, contractual, and compliance exceptions.
• Right to Correct: request correction of inaccurate personal information.
• Right to Opt Out: opt out of sale or sharing of personal information. Vavus does not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Sensitive Personal Information: request limits on use or disclosure of sensitive personal information where that right applies.
• Right to Non-Discrimination: we will not discriminate against you for exercising California privacy rights.

Vavus is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal information, contact constantine@vavusai.com and we will delete it promptly.

We keep personal data only as long as needed for the service, legal obligations, security, billing, support, and compliance. Account content can be deleted through product controls where available.

Some records, such as billing records, fraud logs, audit logs, and required compliance records, may be retained for longer where required by law or contract.

We may update this policy periodically. The Last updated date reflects the most recent revision. If a material change affects existing users, we will provide notice through the service or by email where appropriate.