Privacy Policy
Hearium is an on-device-first product. By default the app analyzes your conversations entirely on your iPhone. Conversation content does not leave your device unless you explicitly enable an optional cloud feature. This policy primarily concerns this website (hearium.app).
1. Controller
Controller for data processing on this website within the meaning of the GDPR:
Ricardo Richter
Dr.-Neuhäußer-Str. 6
32545 Bad Oeynhausen, Germany
Email: [email protected]
2. Visiting the website (server logs)
When you load the site, the hosting provider automatically processes technically necessary access data in server log files: the page requested, date and time, the volume of data transferred, the referring page, the browser type, and the IP address. This data is used solely to deliver the site and to keep the service secure and stable.
The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in a secure, functioning site). The logs are stored only as long as necessary for these purposes and are then deleted or anonymized.
3. Hosting
This website is hosted by an external provider that processes the data named in section 2 on our behalf (processing on behalf of a controller under Art. 28 GDPR).
The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare runs a global content delivery network; the site is served preferentially from servers within the EU. A data processing agreement under Art. 28 GDPR is in place with Cloudflare. Cloudflare is certified under the EU-US Data Privacy Framework; for any transfers to the USA the EU Standard Contractual Clauses additionally apply. Details: cloudflare.com/privacypolicy.
4. No cookies, no tracking
This website is static and uses no cookies, no analytics or tracking tool, no profiling and no advertising pixels. No data is shared with third parties for advertising or analytics. That is why there is no cookie banner.
5. Fonts
Fonts are delivered locally with the site (self-hosted). There is no connection to Google Fonts or any other external font server, so loading the site sends no IP address to a font provider.
6. Free check
The free check processes the text you paste entirely in your browser. The text is not sent to any server, not stored, and not logged.
7. The app
By default the iOS app processes recordings, transcripts, and analyses entirely on your device. Content is stored locally in encrypted form; you can delete and export it at any time in the app. There is no user account and no ad tracking.
Only if you explicitly enable an optional cloud feature is the content required for it (e.g. transcript excerpts) transmitted to the respective provider, which processes it solely to deliver that feature:
- AI analysis: Anthropic PBC, San Francisco, USA (Claude models). Under Anthropic's commercial terms, submitted content is not used to train models. Details: anthropic.com/privacy.
- Purchases/subscriptions: handled by Apple (App Store / StoreKit); we receive no payment data.
Transmission to Anthropic runs through a security proxy we operate (Cloudflare Workers), which forwards requests without storing or logging conversation content. To protect against abuse and control costs, the proxy briefly processes your IP address (rate limiting) and a random, per-install identifier with no link to your person (daily quotas). The associated counters delete themselves automatically, at the latest after about 26 hours. The legal basis for this is Art. 6 (1) (f) GDPR (protection against abuse, security, and cost control).
The legal basis for optional cloud features is your consent (Art. 6 (1) (a) GDPR), which you can withdraw at any time in the app settings. Transfers to the USA are covered by the EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework. The App Store privacy nutrition label applies in addition.
8. Your rights
Under the GDPR you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and the right to object to processing based on a legitimate interest (Art. 21). To exercise them, contact the address above.
9. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data (Art. 77 GDPR).
Last updated: July 3, 2026