Who we are
Winnow is operated by Michelle Walstra, an individual developer based in Calgary, Alberta, Canada. If you have any questions about this policy or how your data is handled, contact us at info@getwinnow.app.
What this policy covers
This Privacy Policy explains what personal information Winnow collects, why we collect it, how we use and protect it, who we share it with, and what rights you have over it. It applies to the Winnow iOS app and any related services.
What we collect and why
Account information
When you create an account, we collect your email address. If you sign in with Google, we receive your Google identity via Supabase Authentication — we do not receive your Google password. Your email is used to authenticate you, communicate with you about your account, and (if you request it) to help with account recovery or deletion.
Authentication session data
When you sign in, Supabase issues a session token (a JWT access token and refresh token). These tokens are stored on your device in AsyncStorage — a standard on-device storage mechanism used by React Native applications. They are sent to Supabase servers on each request to authenticate your identity. They are not shared with any other party.
Audio recordings
When you record a conversation in-app or upload an audio file, that audio is uploaded to secure cloud storage (Supabase Storage) and sent to AssemblyAI for transcription. Audio files are permanently deleted from our servers immediately after transcription processing is complete — typically within a few minutes. We do not retain audio for any other purpose.
Conversation transcripts
Whether generated from your audio by AssemblyAI, or pasted manually by you, your conversation transcript is stored in our database and associated with your account. It is used to generate your analysis report and is retained until you delete your account.
Speaker names
When you label speakers in a conversation, the names you enter are stored alongside the transcript. If those names refer to other people, you are responsible for ensuring you have appropriate consent to process that conversation. See the section on Your Responsibilities below.
AI-generated analysis reports
Your transcript is sent to Anthropic's Claude API to generate your Winnow report, which includes communication observations, per-speaker analysis, growth scores, and story slides. The generated report is stored in our database and retained until you delete your account.
Conversation metadata
Information such as conversation title, creation date, and processing status is stored in our database and retained until you delete your account.
Push notification tokens
If you grant notification permission, your Expo push notification token is stored in our database and used solely to notify you when your report is ready. It is deleted when you delete your account.
Feedback
If you submit feedback via the in-app feedback screen, your message, category, and email address are stored in our database. This information is also forwarded by email to our support address via Resend (see Third-Party Services below). Feedback is deleted when you delete your account.
Device flags
Two small flags are stored locally on your device only — whether you have completed onboarding and whether you have been shown the notification permission prompt. These never leave your device.
Subscription data
Subscription status is managed by Apple and RevenueCat. We read your subscription entitlement status from RevenueCat when you open the app. We do not store subscription or payment information in our own database. We never see your payment card details.
How we use your data
We use your data only to provide the Winnow service:
- To authenticate you and maintain your account
- To transcribe your audio and generate your conversation report
- To store your reports and transcripts so you can access them
- To notify you when your report is ready
- To manage your subscription
- To respond to feedback you send us
- To diagnose technical issues
We do not use your conversation content for advertising. We do not sell your data. We do not use your conversations to train AI models — your transcripts are sent to Anthropic's Claude API for analysis and are subject to Anthropic's data use policies (see below).
Third-party services
Winnow uses the following third-party services to operate. Each has its own privacy policy, linked below.
Supabase
Provides our database, authentication infrastructure, and file storage. Your account data, transcripts, reports, and push tokens are stored on Supabase's servers.
Privacy policy
AssemblyAI
Provides audio transcription. Your audio file is sent to AssemblyAI via a secure signed URL for transcription. AssemblyAI processes the audio and returns a transcript. Refer to AssemblyAI's privacy policy for their data retention practices.
Privacy policy
Anthropic
Provides AI-powered conversation analysis via the Claude API. Your conversation transcript (with speaker names included) is sent to Anthropic to generate your report. Anthropic's data use policies govern how this data is handled on their end.
Privacy policy
RevenueCat
Manages subscription entitlements. Your user ID and purchase events are shared with RevenueCat to track and validate your subscription status.
Privacy policy
Apple
Handles in-app payments via the App Store, delivers push notifications via Apple Push Notification service (APNs), and distributes the app. Your push notification token is routed through Apple's infrastructure. Apple handles all payment information.
Privacy policy
Resend
Delivers feedback emails. When you submit feedback, your email address and message are transmitted via Resend's email delivery service to our support inbox.
Privacy policy
Provides an optional sign-in method. If you sign in with Google, your authentication is handled through the Google OAuth flow, managed by Supabase. Google receives information as part of that OAuth exchange.
Privacy policy
Your responsibilities regarding other people's data
Winnow allows you to record, upload, or paste conversations involving other people. When you do this, information about those other people — including their words and the name you assign them — is processed by Winnow and its third-party services. You are solely responsible for ensuring you have the necessary consent to record and process conversations involving other people, in compliance with the laws that apply in your location. See the Terms of Use for more detail.
Data retention
| Data | Retention period |
|---|---|
| Audio files | Deleted immediately after transcription completes |
| Transcripts and reports | Until you delete your account |
| Conversation metadata | Until you delete your account |
| Push notification tokens | Until you delete your account |
| Feedback messages | Until you delete your account |
| Account and email | Until you delete your account |
| Device-only flags | Cleared when you uninstall the app |
| Subscription status | Not stored by Winnow — managed by RevenueCat and Apple |
Account deletion and your right to erasure
You can delete your account at any time from the Settings screen in the app. When you delete your account, the following data is permanently deleted from our systems:
- All conversation transcripts and reports
- All conversation metadata
- Your push notification token
- All feedback you have submitted
- Your account and email address
This deletion is permanent and cannot be reversed. Deletion is typically completed within seconds. In some edge cases it may take up to 30 days for all data to be fully purged from backup systems.
You can also request account deletion by emailing info@getwinnow.app. We will complete the deletion within 30 days of receiving your request.
Please note that once your data has been sent to Anthropic or AssemblyAI for processing, it is subject to their own retention and deletion policies. We recommend reviewing their privacy policies if this is a concern.
Your privacy rights
For Canadian residents (PIPEDA)
Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:
- Know what personal information we hold about you
- Access the personal information we hold about you
- Correct inaccurate information
- Withdraw consent to our collection or use of your information (subject to legal or contractual restrictions)
- Request that we delete your personal information
To exercise any of these rights, email info@getwinnow.app.
For residents of the European Economic Area, United Kingdom, and other jurisdictions with data protection laws
You may have additional rights under applicable law, including the right to data portability and the right to lodge a complaint with your local data protection authority. To the extent that Winnow is subject to those laws, we will comply with valid requests.
Security
We take reasonable technical and organisational measures to protect your data, including encrypted data transmission (TLS), access controls on our Supabase database, and row-level security policies that ensure users can only access their own data. No system is completely secure, and we cannot guarantee the absolute security of your information.
Children
Winnow is not intended for use by anyone under the age of 17. We do not knowingly collect personal information from children under 17. If you believe a child under 17 has provided us with personal information, please contact us at info@getwinnow.app and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at the address associated with your account before the changes take effect. The date at the top of this policy indicates when it was last updated. Continued use of Winnow after notification of changes constitutes your acceptance of the updated policy.
Contact
Questions, requests, or concerns about this Privacy Policy:
info@getwinnow.app