Privacy Policy

1. Information We Collect

• Account information. Name, work email, role, organization, and login identifiers.
• User-generated content. Scripts, reference video and audio, recorded takes, comments, and supervisor notes you upload to a Project.
• Technical data. IP address, browser version, device type, page-level usage events. We do not fingerprint visitors.
• Payment information. Handled by Stripe. We never receive or store full card numbers or bank-account credentials.

2. How We Use It

To provide, maintain, and improve the Service; to process recordings into stems; to send transactional notifications; to detect abuse and enforce our Terms; to issue invoices and process actor payouts; and to respond to your support requests.

We do not sell personal data. We do not use voice recordings, performance data, or any User Content to train, fine-tune, or evaluate generative voice models, voice-cloning systems, text-to-speech models, or any other synthetic-media systems — not now, and not in the future. The limited, narrowly-scoped AI/ML uses that do exist on this platform are described in Section 8 below, and none of them produce, train, or improve a model that can replicate a performer's voice.

3. Subprocessors

We rely on the following processors. The current list is also available on request.

• Cloudflare — edge hosting, R2 object storage, email routing, web analytics.
• Supabase — Postgres database, authentication.
• Fly.io — API and worker compute.
• Modal — audio processing (alignment, transcoding, stem assembly).
• Stripe — payments and Stripe Connect Express payouts.

We will give 30 days advance notice of new subprocessors that handle User Content, by updating this list and emailing customers under a signed DPA.

4. Cookies and Tracking

The marketing site uses Cloudflare Web Analytics, which is cookieless. The signed-in application uses an essential session cookie to keep you logged in and a CSRF cookie to protect form submissions. We do not set advertising cookies. See our Cookie Policy.

5. Data Retention

• Account records: retained while your account is active.
• Recorded takes and stems: 90 days after Project completion, then deleted unless an Archive Plan is active.
• Application logs: 30 days.
• Audit log (security and admin events): 7 years.
• Invoices and tax records: as required by applicable law.

6. Your Rights

Depending on your jurisdiction, you have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent. EU and UK residents may exercise rights under GDPR. California residents may exercise rights under the CCPA / CPRA, including the right to know and the right to delete. Contact privacy@ohear.ai and we will respond within 30 days.

7. Your Voice and Performance Stay Yours

OHEAR.AI exists to make ADR recording faster and more comfortable for working voice talent. We are not a data collection company and we are not a voice cloning company. We do not sample, harvest, fingerprint, or otherwise extract a model of your voice from anything you record on this platform. The recordings you upload are your performance, used for the Project that booked you, and nothing else. The commitments below are contractual, not aspirational — they bind us under these Terms.

• No voice cloning. We will never use your recordings to train, fine-tune, prompt-tune, embed, or evaluate a voice-cloning system, text-to-speech model, generative speech model, or any system whose output can be played back as “you.”
• No biometric profile. We do not extract speaker embeddings, voiceprints, or any biometric identifier from your audio. We do not use voice data for identity verification or authentication.
• No third-party AI training feed. We do not sell, license, share, or expose your recordings to dataset brokers, AI training providers, voice-clone services, dubbing-AI vendors, or synthetic-media platforms. Our subprocessors (Section 3) are bound by data processing agreements that prohibit the same.
• You retain rights to derivative AI use. Any future use of your recorded voice for synthetic, generative, or digital‑replica purposes — by us, our customers, or any downstream party — requires separate, specific, written, and compensated consent from you, executed through a stand-alone agreement (not this Privacy Policy and not the production contract). Silence is not consent. Continued platform use is not consent.
• Reference voices come from the customer, not from other actors. When you see a Project's reference track in the recorder, it was uploaded by the production team that booked you (typically a producer‑side AI‑generated guide track from their own pipeline). It is never derived from another performer's recordings on this platform.
• Deletion on request. You can request permanent deletion of your recordings at any time via your account or by emailing privacy@ohear.ai. Production-handed-off stems may be retained by the customer under their own agreement with you; we will identify and notify the relevant Org Owner so they can act on your request as well.
• Union and statutory protections preserved. Nothing in this policy or these Terms waives any right you have under SAG‑AFTRA, ACTRA, Equity, or other collective agreements; under California Civil Code § 3344 / 3344.1 (right of publicity), AB 2602 (digital replica use of a performer's voice), AB 1836 (digital replicas of deceased performers), the Tennessee ELVIS Act, the federal NO FAKES Act (as enacted), or any other applicable statute or common‑law right.

8. How AI/ML Is and Isn't Used on the Platform

For full disclosure, here is the complete inventory of automated processing the platform performs on audio you upload. Each item runs only as part of the per-take quality-control workflow, operates on a single take in flight, and produces no persistent model artifact derived from your voice.

• Clipping, peak, and noise-floor analysis. Pure DSP (digital signal processing). No machine learning. Outputs a pass/fail flag and dB measurements; the audio frames are not retained beyond the take.
• Loudness and reference-level analysis. ITU‑R BS.1770 LUFS / true-peak / crest-factor measurement on the supplied reference track to predict the gain a take should aim for. DSP, not ML.
• Transcript-match check (misread detection). Each take is transcribed once by an off-the-shelf, frozen Whisper model running in our subprocessor's isolated GPU container. The transcript is compared to the cue text to flag obvious misreads. The Whisper model is never fine-tuned, retrained, or updated using your audio. The transcript text is retained with the take metadata only for QC review purposes; the audio is not added to any training corpus.
• Forced alignment for stem timing. Frame- level word/phoneme alignment (WhisperX or equivalent) used solely to cut the take to picture timing. Frozen model. Output is timing offsets, not a voice representation.

That is the complete list. We do not run speaker diarization, voice-print extraction, emotion classification, accent classification, identity inference, generative re-synthesis, voice-conversion, or any other model that derives a biometric or generative representation of your voice. If we ever add a new automated audio process, we will list it here at least 30 days before it goes live and notify Org Owners by email.

Storage segregation. Your raw recordings live in encrypted object storage scoped to a single Project organization, behind row‑level‑security in our database. They are never copied, mirrored, or piped to any external dataset, training queue, or analytics surface. Internal engineering access is limited to on‑call incident response, is audit‑ logged, and is reviewed quarterly.

9. Children's Privacy

The Service is intended for users 13 years of age and older. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact privacy@ohear.ai and we will delete it.

10. International Transfers

Data is stored primarily in US regions. Where required for EU or UK customers, we execute Standard Contractual Clauses and offer EU-region storage on enterprise plans.

11. Changes to This Policy

We will post material changes here and notify the Org Owner on file at least 30 days before they take effect.

12. Contact

Privacy questions, data-subject requests, or DPA execution: privacy@ohear.ai.