Privacy Policy
Effective Date: October 2025
1. Purpose and Scope
This Privacy Policy explains how Airbok collects, uses, stores, transfers, and protects personal information of all users (“you”, “user”, “artist”, or “creator”) who access or use the Airbok platform, website, or related services (collectively, the “Platform”).
It applies globally to all users regardless of residence and complies with:
- Hong Kong Personal Data (Privacy) Ordinance (Cap. 486)
- EU General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
By using the Platform, you acknowledge that you have read and understood this Policy.
2. Data Controller and Contact Details
Airbok Company LimitedHong Kong SAR
Email: admin@airbok.com
Airbok is the Data Controller responsible for all personal information collected through the Platform. For all privacy or data-protection inquiries, contact us at the email above.
3. Information We Collect
We collect only what is necessary to operate the Platform securely and efficiently.
3.1 Automatic Data (Collected upon login or use)
- Email address
- Encrypted password (hash only)
- IP address
- Login date and time
- System and security logs
3.2 Voluntary Data (Provided by You)
- Username and display name
- Country of residence / region
- Profile description or biography
- Voice recordings you upload (for Voice Profile creation)
3.3 Transaction and Usage Data
- Subscription plan and billing metadata (Stripe reference IDs only)
- Voice Profiles created or licensed
- Text inputs submitted for TTS generation
- Generated audio metadata (storage duration: 1 week)
3.4 Non-Collected Data
Airbok does not collect or store:
- Real legal names (unless required for Stripe KYC)
- Payment card numbers or bank details
- Browser history or non-essential cookies
- Biometric, facial, or geolocation data
4. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account creation and authentication | Performance of Contract |
| Subscription billing via Stripe | Performance of Contract |
| Voice profile generation and hosting | Legitimate Interest / Contract |
| Platform security and fraud prevention | Legitimate Interest |
| Service announcements and operational emails | Legitimate Interest |
| Regulatory or tax compliance | Legal Obligation |
Airbok never sells, rents, or trades user information to third parties.
5. Data Retention and Deletion
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Voice recordings (uploaded by users) | Deleted automatically after Voice Profile creation | Secure automatic purge |
| Text inputs and Generated Audio | Stored for 1 week for usability / cache | Auto-deleted after 7 days |
| Account information (email, logs) | Active + 30 days post-closure | Secure database deletion |
| Transaction metadata (Stripe IDs, amounts) | 7 years for financial compliance | Archived and locked |
| Support tickets / correspondence | Up to 2 years post-resolution | Manual admin purge |
Users may request earlier deletion under GDPR Article 17 (“Right to be Forgotten”) via admin@airbok.com. We may verify identity before executing such requests.
6. Your Privacy Rights
Depending on jurisdiction, you may exercise:
- Right of Access – obtain a copy of personal data held by Airbok.
- Right to Rectification – correct inaccurate or incomplete information.
- Right to Erasure – request permanent deletion of personal data (unless retention is legally required).
- Right to Restrict Processing / Object – limit or withdraw consent for non-essential processing.
- Right to Data Portability – receive data in a structured, machine-readable format.
- Non-Discrimination (CCPA) – no price or service difference for exercising these rights.
Contact admin@airbok.com to exercise any right. Airbok responds within 30 days (EU) or 45 days (US).
7. Data Sharing and Third Parties
7.1 Payment Processing via Stripe
All payments are handled by Stripe, Inc. Airbok only receives transaction metadata (transaction ID, plan type, payment status). Stripe’s own Privacy Policy governs financial data.
7.2 Hosting and Storage
Airbok runs on Amazon Web Services (AWS) Stockholm, which acts as a data processor under ISO 27001 and GDPR standards.
7.3 Analytics and Monitoring
We use in-house operational analytics only; no external tracking or advertising cookies are employed.
7.4 Legal and Safety Compliance
Airbok may disclose limited information to comply with lawful requests, subpoenas, or to protect rights, property, and safety of users and the Platform.
7.5 Corporate Transfers
If Airbok undergoes a merger, acquisition, or restructuring, user data may transfer to the successor entity under this same Policy.
8. Cookies and Tracking Technologies
Airbok uses only essential session cookies for login authentication and security. We do not use advertising or behavioral trackers. You may disable cookies in your browser, but some functions may stop working.
9. International Data Transfers
Personal data may be transferred from your location to AWS servers in Stockholm (EU) and accessed by Airbok’s administrative team in Hong Kong. All cross-border transfers follow GDPR Standard Contractual Clauses (SCCs) and equivalent safeguards. By using the Platform, you consent to this transfer and processing.
10. Data Security and Breach Notification
- End-to-end TLS encryption; hashed passwords; access controls; firewalls; and intrusion monitoring.
- Restricted employee access to production data.
Breach Notification (72 Hours)
If Airbok detects a personal-data breach likely to pose a risk to users’ rights or freedoms, we will notify the relevant data-protection authority and affected users within 72 hours of awareness, detailing the nature of the breach, potential impact, and mitigation measures.
No system is entirely risk-free; you acknowledge that online transmissions carry inherent risks.
11. Children’s Privacy
- Airbok does not knowingly collect or store personal information from individuals under 18 years of age.
- If we learn that a minor has registered without verified guardian consent, the related account and all associated data will be permanently deleted.
- Parents or guardians who believe their child has provided data may contact admin@airbok.com to request immediate deletion.
12. Updates to This Policy
- Airbok may revise this Privacy Policy periodically to reflect operational, legal, or regulatory changes.
- All revisions will take effect seven (7) days after notice is provided through: (a) Email to registered users; and/or (b) The announcement bar on the Airbok Platform.
- Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.
- Significant changes—such as new data-collection categories or sharing practices—will be highlighted prominently before enforcement.
- Users are encouraged to review this Policy regularly to remain informed of how Airbok protects personal information.
13. Open-Source Attribution and Third-Party Model Disclosure
- The Airbok voice-cloning system incorporates modified open-source components released under the MIT License, including: Chatterbox (Resemble AI) and FreeVC.
- Attribution is maintained in Airbok’s technical documentation and this Policy in accordance with MIT licensing terms.
- No user data, audio recordings, or text inputs are transmitted to these original open-source repositories or external services; all model operations run locally within Airbok’s secured infrastructure.
14. Contact Information
Airbok Company LimitedEmail: admin@airbok.com
Airbok responds to verified privacy requests within: 30 days (GDPR jurisdictions) or 45 days (CCPA jurisdictions).
If you are dissatisfied with our response, you may lodge a complaint with your local data-protection authority or the Office of the Privacy Commissioner for Personal Data (Hong Kong).
15. Effective Version
This Privacy Policy is the official and most recent statement of Airbok’s privacy practices. Earlier versions are superseded upon publication of this version on the Platform.