Data we collect
- Your email + password hash (bcrypt cost 12).
- Sessions you create + their slides, summaries, audience responses.
- OAuth refresh tokens for the streaming platforms you connect (encrypted at rest with AES-256-GCM).
- Audit log of significant account actions (login, session create/close, integration attach).
Data we don't collect
- No third-party tracking pixels or analytics.
- No advertising cookies.
- We don't sell or share your data.
- Audience messages are not used to train any model.
AI processing
When you run a session, audience messages are sent to our LLM provider (OpenAI today; configurable to Anthropic or local Ollama) for summarisation. These transient API calls follow the provider's retention rules. We log only token counts (for billing) — not message content — in bv_llm_usage.
Your rights (GDPR + similar)
- Export — request a JSON dump of everything tied to your account from /account.
- Delete — request account deletion from the same page. We mark for purge immediately and physically remove all personal data within 30 days.
- Correct — update your name + password from the same place.
Where data lives
BigVoice runs on infrastructure operated by FOOR (server in Strasbourg, France · 51.77.68.69). The database (HeliosDB) is single-region. Backups are encrypted.
Contact + DPO
Privacy questions: contact@foor.email. DPA available on request for Civic-tier customers.
Last updated · 2026-04-17