Privacy policy for online speech services

Effective date: 5th October 2014
Last Updated: 9th October 2020

Introduction

This Privacy and Cookies Statement explains how personal information is collected, used, and disclosed by SoapBox Labs Limited, an Irish company (“we”, “us”, “our”) in connection with your use of the speech recognition applications and associated services (collectively the “Services”) of SoapBox Labs.

We respect your right to privacy and your freedom to control and monitor your children’s online activities. This Privacy and Cookies Statement together with any terms and conditions of use for the Services (“Terms”) and any other documents which they refer to sets out the basis on which any personal data we collect from you and from any children who use our Services will be processed by us.

There are two different ways that our Services can be accessed:

  1. Directly through interaction with a SoapBox Labs application (via tablet, smartphone, etc) that uses our speech technology (“Direct Access”);
  2. Indirectly through a third party service or application that uses our speech technology to provide voice interface functions (“Indirect Access”).

Our services apply a “data protection by default” and “data protection by design” approach in keeping with the principle of minimizing the processing of personal data to the extent necessary to provide the Services and to further develop and enhance our services. Accordingly, Soapbox will not take any steps to re-identify or de-anonymize any voice data or otherwise associate the voice data with personally identifiable information and does not authorize, instruct, or encourage any third party to do so.

Parental consents

For Direct Access, we rely on consent from an individual with parental authority as the legal basis for processing data where the data subject is a child. We have our own clear parental consent mechanisms and verification processes in place and you can withdraw your consent as outlined below. For Indirect Access, we require any third parties using our services to ensure that the relevant parental consents are in place before they send any voice data to our services. We process de-identified voice data for the legitimate interest purposes of improving the Services as outlined in this statement. Your rights and the mechanisms for objecting to this type of processing of data are clearly outlined below.

Kids privacy assured by PRIVO: COPPA Safe Harbor Certification & GDPRkids™

SoapBox Labs Limited is a member of the PRIVO Kids Privacy Assured Program(“the Program”) for COPPA Safe Harbor Certification and GDPRkids™. PRIVO is an independent, third-party organization committed to safeguarding children’s personal information collected online.

COPPA Safe Harbor Certification

The Program certification applies to the digital properties listed on the validation page that is viewable by clicking on the PRIVO COPPA certification Seal. The certification Seal posted on this page indicates SoapBox Labs Limited has established COPPA compliant privacy practices and has agreed to submit to PRIVO’s oversight and consumer dispute resolution process. If you have questions or concerns about our privacy practices, please contact us at +353894267250 or privacy@soapboxlabs.com.

If you have further concerns after you have contacted us, you can contact PRIVO directly at privacy@privo.com.

COPPA PRIVO

GDPRkids™ Privacy Assured

The Program applies to the digital properties listed on the validation page that is viewable by clicking on the PRIVO GDPRkids™ Verified Shield. The PRIVO GDPRkids™ Privacy Assured Program supports child directed services known as Information Society Services under the General Data Protection Regulation (GDPR), to comply with the requirements of this legislation. It impacts any child directed service in an EU Member State and any service globally that collects and or processes the personal data of children and minors. There is no safe harbour for the GDPR to date, but to ensure this company’s services meet the program requirements, we conduct regular monitoring and consulting.

GDPR PRIVO

Acceptance of this privacy and cookies statement

By using the Services or permitting your child to use the Services, you signify acceptance of this Privacy and Cookies Statement. If you do not agree with or you are not comfortable with any aspect of the Privacy and Cookies Statement, you should discontinue use of the Services. With Direct Access, you may also request deletion of previously collected user data by contacting us at the contact details above; with Indirect Access, by contacting the third party through whom you are accessing our services. We may update our privacy policy from time to time, so please check back regularly for updates. If we make a material change to the policy and we have your email address, we will notify you before making that change to allow you to opt out if you no longer agree to our collection and use of information practices.

Direct access: information we may collect from you

  • Email addresses (including parental email address) if we need to contact you in respect of the Services or this Privacy and Cookies Statement;
  • Audio recordings which help us to build better speech technology that improves our Services (“Recordings”);
  • Technical information regarding the type and model of the device being used for the Services which help us to understand how the Services work on different devices;the age and username of the children using the Services;
  • Details of your use of the Services including, but not limited to, IP address (from which we derive location at country and region level), traffic data, and other communication data and the resources that you access;
  • We may also automatically collect certain logistical information in server logs, including information about how various features of our Services are used and information about the number, frequency and length of each session.
  • If you contact us for any reason, we may keep a record of that correspondence.

Indirect access: information we may collect from you

Where you are accessing our services through a third party, the voice data passed to us is de-identified voice data and no other data relating to the identity of the child is received by our system. Depending on the terms and conditions agreed with the third party provider, this voice data may be retained in our system after processing for the sole purpose of improving the services. In other cases, the data is deleted immediately after processing. You should check with the third party to clarify the basis on which the voice data is passed to our system to assess whether or not it is retained post-processing.

Our commitment to the digital privacy rights of children

We respect the role of parents or guardians in the monitoring of their children’s online activities. Accordingly, we limit our collection of personal information from children to no more than is reasonably necessary to participate in the Services and to improve it going forward. We do not collect any personal information from children other than as set out in this privacy policy. At any time parents or guardians can contact us and request the deletion of any personal information of their child which we store.

We collect Recordings from children which are captured when children interact with the Services depending upon the particular application being used. We may use, store, process and transcribe Recordings in order to provide and maintain the Services, to perform, test or improve our own/proprietary speech recognition technology and artificial intelligence algorithms, or for other research and development and data analysis purposes. Additionally, these recordings may be listened to by human ears for the specific purpose of generating transcriptions or labelling data. We do not share the recordings, or any data generated by the recordings, with any third parties for any purpose other than those described above.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data or permitting your child to use the Services, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy and Cookies Statement, typically through the use of EU-approved “model contract clauses” or ensuring our third party vendors are certified under the EU-US Privacy Shield.All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password or username which enables you to access certain parts of our Services, you are responsible for keeping this password or username confidential.

We ask you not to share this information with anyone. You can request deletion of this data at any time by emailing us at privacy@soapboxlabs.com, from the email address provided upon initial registration.

When you interact directly with a SoapBox Labs application, we will delete personally identifiable information 12 months after our contact with you has terminated. However, we will retain de-identified data indefinitely for product development purposes unless you have chosen to withdraw your consent or delete your data as outlined below.

Uses made of your information

We use information held about you:

  • To build better speech technology.
  • To ensure that content from our Services is presented in the most effective manner for you and for your computer.
  • To notify you about important changes to our Services and our Terms and policies.
  • To provide, maintain and improve the Services and to process and to carry out our obligations arising from any contracts entered into between you and us.
  • To provide you with information or services that you request from us or which we feel may interest you, (in the case of marketing communications you can opt out at any time by following the unsubscribe option in our emails).
  • To allow you to participate in interactive features of our Services.
  • If you are an existing customer, we will only contact you by electronic means (such as email) with information about goods and services similar to those which were the subject of a previous transaction between us.

Disclosure of your information

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect the rights, property, or safety of SoapBox Labs, its subsidiaries and its group companies, our users, or others.

We may disclose aggregated or anonymised data if:

  • We work with advisors or service providers;
  • We or substantially all of our assets are acquired by a third party, in which case personal data held by us about our users will be one of the transferred assets. In the case of sale or merger the privacy policy will apply. In the case of a material change you will be notified and provided an opportunity to opt out.

Other than as set out in this Privacy and Cookies Statement, we do not currently disclose data to any other third parties; if this changes in the future we will notify users through changes in this Privacy Policy.

Direct access: cookies and similar technology

If you are accessing our services directly, we may collect information about your computer or other device including, where available, device and browser type for system administration and analytical purposes. This is statistical data about how you use our Services.

For the same reason, we may obtain information about your general usage of the Services by using a cookie or similar software which is stored on the memory of your computer or device. This software contains information that is transferred to your computer or device’s memory. Cookies help us to improve our Services and to deliver a better and more personalised service. We may use Web beacons or similar technology in connection with the Services. Web beacons are small, invisible graphic images that may be used in the Services or in emails relating to our Services to collect certain information and monitor user activity on the Services.

You may refuse to accept cookies by activating the settings on your browser or device which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Services.

We work with third party analytics provider Unity Analytics. We use a restricted version of Unity, that does not use any advertising services, and no user data is shared with any other third parties. For more information on Unity’s Privacy Policy click here.

Your data subject rights

You have the right to request a copy of your personal data which is held by us about you or your child. If you are accessing our service directly, you should contact us about this data – if you are accessing our services indirectly, you should also contact the third party provider. You also have the right to access your or your child’s personal data, have changed any inaccuracies in the details we hold, the right to object to the use of personal data, the right to block any specific uses of personal data in certain circumstances, the right to data portability and the right to request deletion of personal data, by means of a request in writing setting out as much detail as possible to privacy@soapboxlabs.com. Where your data has been deleted or de-identified by us, it will not be possible to act on your request.

Identity and contact details

Questions, comments, and requests regarding this Privacy and Cookies Statement are welcomed and should be addressed to SoapBox Labs with its registered office at Huguenot House, 35 – 38 St. Stephen’s Green, Dublin 2, Ireland, or privacy@soapboxlabs.com or +353 89 426 7250.

If you are in the European Union, please note that our Data Protection Officer (DPO) can be contacted at privacy@soapboxlabs.com If you are in the European Union and have further concerns after you have contacted us, you can lodge a complaint with the Irish Data Protection Commission directly at info@dataprotection.ie.