Privacy Policy

Last updated: 12 June 2026 · PDVR&Co Pty Ltd (trading as Human Voice Labs) · ABN 73 211 280 952

This Privacy Policy explains how PDVR&Co Pty Ltd (“Human Voice Labs”, “we”, “us”) collects, uses, discloses and protects your personal information when you use the Lyra app and our websites and services (the “Services”). We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and — where applicable — the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA).

Privacy by design

Lyra is local-first. Your conversations are processed on your Mac wherever possible, and queries detected as containing sensitive personal information default to on-device models. When you use the optional cloud pipeline, personal identifiers are redacted before any cloud call.

1. Information we collect

Category	Examples	Why
Account	Email address, name	Create and secure your account
Authentication	Apple / Google sign-in identifiers, TOTP status	Sign-in and 2-factor security
Billing	Plan, subscription status, transaction IDs (card data handled by Stripe — we never see or store card numbers)	Process payments and manage your plan
Usage metadata	Model routed to, token counts, latency, error events — not message content	Operate, secure and improve the Services
Support	Emails you send us	Respond to your enquiries

Your conversation history is stored only to give Lyra memory and recall, with personal identifiers redacted where detected (see PII handling below). You can delete it at any time. We do not sell it, and we do not use it to train third-party models.

2. How we handle sensitive personal information (PII)

Automatic detection & local-only routing. Queries containing sensitive data — Tax File Numbers, Medicare numbers, dates of birth, bank/financial details, health information — are detected and processed by on-device local models only. This data is never transmitted to our cloud pipeline or any third-party AI provider.
Redaction before any cloud call. When you use the optional cloud pipeline, personal identifiers are redacted (via Microsoft Presidio) before the query is sent to any model or written to a database. Redaction is best-effort; if it cannot run, the query stays on-device. Server logs hold operational metadata, and any stored query preview is taken after redaction.
Memory you control. Conversation memory is stored to provide recall and is retained until you delete it from the app. We protect it with access controls and encryption in transit; we don't sell it or use it to train third-party models.
Data residency. Our cloud pipeline runs on servers located in Sydney, Australia.

3. How we use your information

To provide, maintain and secure the Services;
To process payments, subscriptions and trials;
To provide customer support;
To detect, prevent and address fraud, abuse and security issues;
To comply with legal obligations.

We do not sell your personal information, and we do not use your conversation content to train AI models.

4. Disclosure to third parties

We share limited information only with service providers who help us run the Services, under contract and only as needed:

Stripe — payment processing (card data goes directly to Stripe);
Cloudflare — website hosting, CDN and security;
Apple & Google — optional sign-in;
AI providers (BYOK). If you connect your own API keys (Pro plan), queries you choose to send go directly from your device to that provider under your account and their terms. We never see or proxy your API traffic.

We may also disclose information where required by law.

5. Your rights

Subject to applicable law, you may request to access, correct, delete or export your personal information, withdraw consent, or object to/restrict certain processing. EU/UK users have rights under the GDPR; California residents have rights under the CCPA/CPRA, including the right not to be discriminated against for exercising them.

To exercise any right, email raj@humanvoicelabs.com. You can delete all stored memory at any time from within the app, or by request.

6. Data retention

We keep account and billing records for as long as your account is active and as required for legal, tax and accounting purposes. Conversation memory is retained until you delete it. Operational logs are retained for a limited period for security and troubleshooting.

7. Security

We use encryption in transit (TLS), access controls, and least-privilege practices. No method of transmission or storage is 100% secure, but we work to protect your information using industry-standard safeguards.

8. International transfers

Our infrastructure is in Australia. If you access the Services from outside Australia, your information may be processed in Australia. Where the GDPR applies, transfers are made under appropriate safeguards.

9. Children

The Services are not directed to children under 16, and we do not knowingly collect their personal information.

10. Changes

We may update this policy from time to time. Material changes will be notified via the app or website. The “last updated” date above reflects the current version.

11. Contact & complaints

Questions or complaints: raj@humanvoicelabs.com. If you are in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.