Privacy Policy

Last updated: March 13, 2026

1. Introduction

Grotek, Inc. (“Diada,” “we,” “us,” or “our”) operates the Diada mobile application and website (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: name, email address, and password when you create an account.
  • Voice Samples: short audio recordings (30–180 seconds) voluntarily provided by you to create an AI voice clone. See Section 3 for full details on voice biometric data.
  • Date of Birth: collected during registration to verify age eligibility (users must be 16 or older).
  • Conversation Data: text and voice interactions with AI voice clones and the Atlas AI coach.
  • Payment Information: processed securely through third-party payment providers (Apple App Store, Google Play Store). We do not store your payment card details.

2.2 Information Collected Automatically

  • Device type, operating system, and version.
  • App usage analytics (screens viewed, features used).
  • Crash reports and performance data.
  • IP address (anonymized for analytics).

3. Voice Biometric Data

3.1 What We Collect

When you create a Voice Persona, we collect a voice recording that you provide by speaking into your device's microphone. This recording is used to generate a voiceprint — a unique digital model of your vocal characteristics. Voice recordings and voiceprints are classified as biometric data.

3.2 How It's Processed

Your voice recording is transmitted to ElevenLabs Inc., a third-party AI voice synthesis provider based in the United States, to generate your Voice Model. The Voice Model enables AI-generated speech that resembles your voice.

3.3 Third-Party Processing

ElevenLabs processes voice data under their own privacy policy (available at elevenlabs.io/privacy). Data transfer from the EU to the US is governed by Standard Contractual Clauses. Upon deletion of your Voice Persona, we immediately instruct ElevenLabs to permanently delete your Voice Model via API.

3.4 How It's Used

Your Voice Model is used exclusively within Diada to generate AI speech when your connections interact with your persona. Your voice is never used for advertising, marketing, or purposes beyond those described here.

3.5 Legal Basis

Explicit consent under GDPR Article 9(2)(a) and Illinois BIPA Section 15(b). Consent is collected through a dedicated biometric consent screen before any voice recording begins.

3.6 Retention

Voice Models are retained until you request deletion or delete your account. Upon deletion, Voice Models are deleted immediately from ElevenLabs via API call. Internal records (consent timestamps, metadata) are fully purged within 30 days. Consent records are retained for the duration of your account for legal compliance.

3.7 Deletion

You may delete your Voice Persona at any time through Settings > Voice Persona > Delete. Upon deletion, we instruct ElevenLabs to delete the associated Voice Model via API. All biometric data is permanently destroyed within 30 days of a deletion request.

3.8 AI-Generated Content

AI-generated voice audio includes embedded watermarks provided by ElevenLabs to enable detection and traceability of synthetic content, in compliance with EU AI Act Article 50.

3.9 Your Rights

You may withdraw consent at any time by deleting your Voice Persona. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3.10 No Sale of Voice Data

We never sell, license, or share voice data with third parties for their own purposes.

For details on our biometric data retention and destruction schedule, see our Biometric Data Retention Policy.

4. How We Use Your Information

  • To provide and maintain the Service.
  • To create and operate AI voice clones based on consented voice samples.
  • To deliver AI coaching through Atlas.
  • To generate Daily Questions and relationship insights.
  • To rephrase messages for constructive communication (when available).
  • To improve and personalize your experience.
  • To communicate with you about your account or the Service.
  • To comply with legal obligations.

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: cloud hosting, analytics, and AI processing partners who operate under strict data processing agreements.
  • Legal Requirements: when required by law, court order, or governmental authority.
  • Business Transfers: in connection with a merger, acquisition, or sale of assets (you will be notified).

5.1 Sub-Processors

We use the following third-party sub-processors to deliver the Service:

  • ElevenLabs Inc. (US) — voice model generation and AI voice synthesis
  • Supabase Inc. (US) — database hosting and authentication
  • Vercel Inc. (US) — application hosting
  • OpenAI (US) — AI text processing for coaching and conversation features

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), row-level database access controls, authenticated API access (JWT), and regular security audits. However, no method of transmission over the Internet is 100% secure.

7. Data Retention

  • Voice recordings: transmitted to ElevenLabs for processing; not permanently stored by Diada.
  • Voice Models: retained by ElevenLabs while your Voice Persona is active. Immediately deleted via API upon your request or account deletion. Internal records purged within 30 days.
  • Conversation data: retained to improve AI coaching. You can request deletion at any time.
  • Account data: retained while your account is active. Deleted within 30 days of account closure.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.

Illinois residents: you have the right to request information about our biometric data practices and to have your biometric data permanently destroyed in accordance with our Biometric Data Retention Policy.

To exercise any of these rights, contact us at privacy@diada.app.

9. Children's Privacy

Diada is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will delete that data promptly. If you believe a child has provided us with personal data, please contact us at privacy@diada.app.

10. United Kingdom

For users in the United Kingdom, references to GDPR in this policy also apply to the UK GDPR as incorporated into UK law under the Data Protection Act 2018.

11. Brazil (LGPD)

For users in Brazil, this policy also complies with the Lei Geral de Proteção de Dados (LGPD). Biometric data is treated as sensitive personal data and processed only with your explicit consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

Grotek, Inc.
New York, NY, USA
Email: privacy@diada.app