Blue Flame Privacy Policy
This policy applies to our voice-based social app Blue Flame (the "Service") distributed globally via the App Store and Google Play.
1. Data Controller
Hallowed Ltd (a company registered in the United Kingdom) is the data controller for personal data processed through the Blue Flame app and related services.
2. Information We Collect
Information you provide: Account information (email, phone number, username); profile information (display name, bio, profile picture); voice recordings and audio content you create (posts, direct messages); participation in live voice rooms ("campfires"); messages and support communications.
Information collected automatically: Device information (device type, operating system); usage data (features used, time spent in app); log data (IP address, access times).
3. Voice and Campfire Recordings
Consent: By using voice features or joining a room that records, you consent to the collection and use of your voice as described in this policy. Before any campfire recording begins, we will notify you (e.g. by an in-room notice or when you join).
Campfire recordings: We may create and store recordings of live voice rooms. Retention: Campfire recordings are retained for 90 days from the date of the session, or until the room host deletes the recording (where the product allows), whichever is earlier. Who can access them (e.g. room participants, moderators, Hallowed Ltd for safety or legal purposes) may also be set in product and room settings. Recordings are used to provide and improve the Service.
Ownership and use: You retain ownership of your content subject to our Terms of Service. We do not sell your voice data to third parties.
Participant rights: You may request deletion of your data or your voice from a recording where technically feasible. Contact legal@blueflame.blue. Some limitations may apply (e.g. already shared or backed-up copies).
4. How We Use Your Information
We use the information we collect to: provide and improve the Service; personalise your experience; send you notifications and updates; ensure safety and security; comply with law; and as otherwise described in this policy.
Legal basis (UK/EEA): We rely on contract (to provide the Service), consent where required (e.g. marketing, non-essential cookies, AI processing where we offer a choice), and legitimate interests where appropriate (e.g. safety, security, fraud prevention, analytics to improve the product — balanced against your rights). In other regions (e.g. California, Brazil), we comply with applicable law (such as CCPA, LGPD) where the policy is offered globally.
5. Cookies and Similar Technologies
We use cookies and similar technologies only as needed to operate and secure the Service (e.g. session and authentication). We do not use non-essential or advertising cookies in the app. Where our Service is accessed via a browser or we introduce non-essential cookies in the future, we will obtain your consent where required (e.g. UK/EEA). You can control device-level settings for local storage; disabling essential storage may affect sign-in and functionality.
6. AI and Third-Party Processing
Voice transcription: When you create voice content (posts, messages, campfire recordings), your audio may be sent to OpenAI (via their Whisper API) for automatic speech-to-text transcription. This processing enables accessibility features, content search, and content moderation. OpenAI processes the audio solely to return the transcription and does not use your data to train their models when accessed via API.
Content moderation: Text content (including transcriptions, comments, and messages) may be analysed by OpenAI's Moderation API to detect potentially harmful content such as hate speech, violence, or harassment. This processing helps us maintain a safe environment for all users.
Consent: By posting voice content or using voice features in the Service, you consent to this processing as described above. You may withdraw consent to AI transcription and moderation where we offer in-app controls (e.g. settings toggles); we will explain any impact on features at the point of withdrawal. You may also withdraw consent by not using voice features or by deleting your account to cease all such processing.
Data handling: Audio and text sent to OpenAI for transcription and moderation is processed in accordance with OpenAI's data usage policies. We do not share your personal identity with OpenAI; only the audio content and text are transmitted.
7. Sharing
We do not sell your personal information. We may share information: with your consent; with service providers (hosting, transcoding, push notifications, AI processing, etc.) under contract; to comply with legal obligations; to protect our rights and safety and that of users.
8. Data Retention
We retain your data while your account is active and as needed for the purposes described. Upon account deletion, we will delete or anonymise your personal data within 30 days (or as stated in the Service). Campfire recording retention is set out in Section 3 above (90 days or until the host deletes, where applicable).
9. Your Rights
You have the right to: access your personal data; rectification; erasure; restriction of processing; data portability; object; withdraw consent where processing is based on consent. You may request a copy of your data or account deletion via the app or by contacting us. You have the right to complain to a supervisory authority (e.g. the ICO in the UK, or the relevant authority in your country).
California (CCPA/CPRA): If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request deletion of your personal information; to opt out of the "sale" or "sharing" of your information — we do not sell or share your personal information for cross-context behavioural advertising; to correct inaccuracies; and to non-discrimination and no retaliation for exercising these rights. To submit a request, contact us at legal@blueflame.blue or use in-app account deletion. We will verify your identity before fulfilling requests. Authorised agents may submit requests on your behalf with proof of authorisation.
10. International Transfers
Data may be processed in the UK, EEA, and other countries. For transfers from the UK we use the UK International Data Transfer Agreement (IDTA) or the UK addendum to the EU Standard Contractual Clauses (SCCs) where applicable. For transfers from the EEA we use the European Commission's Standard Contractual Clauses (SCCs). Key recipients of international transfers include service providers such as OpenAI (USA) for transcription and moderation, and hosting and infrastructure providers. We ensure such providers are bound by appropriate safeguards. Where required by law we also rely on adequacy decisions.
11. Security
We implement appropriate technical and organisational measures to protect your information. No system is completely secure; we do not overpromise.
12. Children
The Service is not directed at users below 13 years of age (or 16 in the EEA and UK, where required by law). We do not knowingly collect personal data from underage users. If we discover that we have collected data from a user below the minimum age, we will take steps to suspend the account and delete or anonymise the associated data.
13. Contact and Data Protection
For privacy enquiries, to exercise your rights, or for data protection matters: legal@blueflame.blue. Hallowed Ltd is a company registered in England and Wales. For our registered office address, contact us at legal@blueflame.blue or see Companies House. Where required by applicable law (e.g. UK GDPR), we will designate a Data Protection Officer (DPO) and publish the contact details here or via the app. If we process EEA data at scale we will appoint and publish an EU representative (GDPR Article 27).