Legal
Data Storage Policy
Where your data lives, how long we keep it, and how it's protected.
1. Where Your Data Is Stored
LifeScribe stores all user data on Amazon Web Services (AWS) infrastructure located in the United States. Our primary regions are US-East and US-West, with data replication for redundancy and disaster recovery.
2. Data Categories and Storage
| Data Type | Storage Location | Encryption |
|---|---|---|
| Account info (name, email) | AWS RDS (PostgreSQL) | AES-256 at rest |
| Voice recordings & audio files | AWS S3 | AES-256 at rest, TLS 1.2+ in transit |
| Photos and uploaded media | AWS S3 | AES-256 at rest, TLS 1.2+ in transit |
| Story text & chapters | AWS RDS (PostgreSQL) | AES-256 at rest |
| Voice clone models | Resemble AI infrastructure | Encrypted, access-controlled |
| Authentication tokens | Firebase Auth | Google-managed encryption |
| Payment records | Apple/Google billing systems | Provider-managed encryption |
3. Encryption Standards
- In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- At Rest: All stored data is encrypted using AES-256, the same standard used by financial institutions.
- Key Management: Encryption keys are managed via AWS Key Management Service (KMS) with strict access controls.
4. Backup and Disaster Recovery
We perform daily encrypted backups stored in geographically separate AWS regions. Backups are retained for 30 days, after which they are permanently destroyed. In the event of a disaster recovery scenario, only data within the active retention window is restored — deleted data remains deleted.
5. Data Retention Schedule
- Active accounts: Data retained while your account remains active.
- Inactive free accounts: Minimum 2 years from last activity, then subject to deletion.
- Cancelled paid accounts: 90 days post-subscription, after which data is deleted upon request.
- Voice clone models: Permanently deleted within 30 days of account deletion request.
- Anonymized analytics: May be retained indefinitely for product improvement.
- Financial & tax records: Retained up to 7 years per legal requirement.
6. Account Deletion
You may request permanent deletion of your account and data:
- In-App: Settings → "Delete Account"
- Web: trylifescribe.com/delete-account
- Email: hello@trylifescribe.com
A 7-day grace period applies. After expiration, your data is permanently and irreversibly deleted, except for data that must be retained by law (e.g., financial records).
7. Third-Party Data Processors
Some data is processed by trusted third parties to power core features. These providers are contractually restricted to using your data only as needed to provide the specific service:
- xAI (Grok): Story text transformation, illustration generation
- Resemble AI: Voice cloning
- AWS Transcribe: Audio transcription
- Firebase Auth: Authentication
- Brevo: Transactional email delivery
8. Security Practices
- Role-based access controls limit data access to authorized personnel only
- All access is logged and audited
- AWS security group controls and VPC isolation
- Annual security reviews and vulnerability assessments
- Incident response plan with notification protocols
9. Data Breach Notification
In the unlikely event of a data breach affecting your personal information, LifeScribe will notify affected users within 72 hours of discovery, in accordance with applicable laws (including GDPR Article 33 and US state breach notification laws where applicable).
10. International Data Transfers
If you access LifeScribe from outside the United States, your data will be transferred to and stored in the US. By using the Platform, you consent to this transfer.
11. Contact
Questions about how we store and protect your data? Email hello@trylifescribe.com.