Privacy Policy

1. Information We Collect

Account information: email address, authentication provider IDs, profile avatar URLs when provided by Google or Apple, session records, and optional reminder email settings.

User-uploaded content: TXT or EPUB files, extracted chapter text, metadata such as title and author, generated audio, processing status, and storage object references.

Payment information: Stripe checkout session IDs, invoice IDs, customer IDs, subscription plan tier, expected credit balance, payment status, and webhook processing records. WristListen does not store full card numbers.

Invite and referral information: invite codes, inviter and invitee account relationships, claim status, reward ledger entries, review decisions, and related timestamps.

Device and diagnostic data: Garmin pairing codes, device tokens, library feed requests, and watch diagnostic logs submitted by the app.

Mobile app data: native app platform, app version, device operating system, crash or diagnostic metadata, push notification registration tokens and permission state when enabled, local secure-storage session references, and mobile API requests used to authenticate, sync libraries, restore purchases, and operate in-app billing.

User-provided TTS API key data: encrypted Xiaomi MiMo API keys, key prefixes, keyed fingerprints, validation status, sharing preference, validation timestamps, usage timestamps, failure timestamps, and related audit metadata. WristListen does not return the full key after saving.

Technical and analytics data: request metadata, IP-derived rate-limit keys, IP-derived country or ASN metadata, User-Agent-derived hashes, invite landing cookies, error logs, cookies, and analytics events used to operate, secure, and improve the service.

2. How We Use Information

We use account data to authenticate users, secure sessions, provide profile controls, and send transactional emails.

We process user-uploaded books only to parse chapters, estimate WristListen credit usage, generate requested audio, store generated files, and make the prepared library available for Garmin sync.

We use payment and ledger data to create checkout sessions, confirm paid invoices through Stripe webhooks, grant credit balances, record generated audio storage duration, and send purchase receipts.

We use mobile app and native SDK data to provide Google, Apple, and email-code login, keep users signed in on their device, register device push tokens when notifications are enabled, connect RevenueCat purchase status to the user's WristListen account, restore App Store or Google Play purchases, and prevent fraud or duplicate credit grants.

We use invite, diagnostics, technical, and log data to debug product behavior, protect against abuse, detect suspicious reward patterns, review invite claims, reverse abusive credits when needed, and maintain reliable service.

We use user-provided TTS API keys to validate the key, generate audio requested by the key owner, and, only when sharing is enabled by the user, provide pooled TTS capacity for other users. Shared pool use does not disclose the key to other users.

3. User Content and Copyright

Books and source files are uploaded voluntarily and at the direction of the user. WristListen does not provide books, select source material for users, or verify the copyright status of uploaded files.

Users remain solely responsible for confirming that they own, control, or otherwise have the necessary rights and permissions to upload, process, transform, generate audio from, and sync any book or text they submit.

WristListen does not claim ownership of user-uploaded books or generated audio. To operate the service, users grant WristListen a limited license to host, process, transform, store, transmit, and make available their submitted content and generated outputs.

To the fullest extent permitted by law, WristListen is not responsible for copyright disputes, ownership disputes, licensing conflicts, takedown claims, or other liabilities arising from user-uploaded content or user-directed generation.

4. Service Providers

We may share necessary information with service providers that help operate WristListen, including Cloudflare for hosting, storage, databases, Workers, rate limiting, and email routing; Stripe for web payments; RevenueCat, Apple, and Google Play for mobile in-app purchase processing and entitlement status; Google and Apple for federated sign-in; analytics providers; and TTS or transcoding providers used to generate audio.

These providers process information for service operation, security, payment, authentication, storage, analytics, or audio generation purposes.

When Xiaomi MiMo TTS is used, WristListen may transmit the text selected for generation, voice settings, request metadata, and the applicable platform, shared, or user-provided MiMo API key to Xiaomi MiMo for TTS processing.

The mobile app uses native platform SDKs for Google Sign-In on Android, Sign in with Apple on iOS, App Store or Google Play billing through RevenueCat, secure local session storage, file picking, and opening legal links. These SDKs may process device, account, purchase, diagnostic, or network metadata as needed to provide their specific function.

5. Retention and Deletion

We retain account, upload, generated audio, payment ledger, and device-sync data for as long as needed to provide the service, maintain balances, satisfy legal or accounting obligations, resolve disputes, prevent abuse, or enforce our terms.

Mobile session tokens and local app preferences may remain on the user's device until sign-out, app deletion, operating-system cleanup, or manual removal. Server-side purchase and entitlement events may be retained when needed for accounting, fraud prevention, support, and credit-ledger integrity.

Users can delete books and generated audio from the console where supported. Some transaction, security, diagnostic, and legal records may be retained after deletion when reasonably necessary.

Users can remove their saved MiMo API key from Profile. Removing the key deletes the stored encrypted key and removes it from any shared key pool.

6. Security, International Processing, and Changes

We use technical and organizational measures intended to protect user data, but no internet service can guarantee absolute security.

WristListen is built for overseas users and may process data in countries where our infrastructure or service providers operate.

We may update this policy as the product, providers, or legal requirements change. Material changes will be reflected by updating this page.

7. Contact

For privacy, copyright, or policy questions, contact support@WristListen.com.