Voice Biometrics — In Plain English
A friendly companion to the Voice Biometric Privacy Notice. The legal one wins if there's a conflict.
The deal in 30 seconds
When you clone a voice with StoryVox, the audio you upload is biometric data — laws in several U.S. states (Illinois, Texas, Washington, and others) treat that as especially sensitive. We follow the strictest of those laws for everyone, even if your state doesn't require it.
Voice cloning is not available in Illinois at all. We block it there.
What we collect
Three things, all biometric:
- Your voice samples — the audio you upload for cloning
- Your consent recording — the short statement the voice owner records to confirm they're OK with this
- Your cloned voice model — the digital model we build from your samples
Plus some metadata (account ID, timestamps, the speaker's name you provided) that's not itself biometric but goes with the voice.
What we use it for
Just to run the Custom Voice feature. That's it.
We don't:
- Sell, lease, trade, or profit from biometric data — ever
- Train AI models on your voice
- Share with third parties for any other purpose
- Use it for advertising or analytics
Who else sees it
Only service providers who help us run the service:
- A cloud storage provider — encrypted private storage
- A GPU compute provider — runs the math that generates speech with your cloned voice
- A CDN / DDoS provider — moves data securely (in transit only)
That's it. No one else. No selling. No advertising. (If you want the specific company names, email hello@storyvox.app and we'll share.)
How long we keep it
| Thing | How long |
|---|---|
| Your raw voice upload | 30 days, with a "renew" button to extend. We email you 7 days before deletion. |
| Your cloned voice model | Until you delete the voice, close your account, or 3 years pass without you using the voice. |
| Your consent recording | The life of the voice + 3 years (kept longer than the voice itself so we can prove consent if asked). |
The 3-year ceiling matches the Illinois BIPA standard — strictest in the country.
Then what
When the timer's up (or you delete the voice, or you close your account), we destroy the data:
- Gone from active systems within 30 days
- Gone from backups within 90 days
- We keep a destruction log saying "we destroyed X on Y date" but not the data itself
Your rights
- See what we have on you — email us
- Delete the voice and everything associated — in-app or email
- Withdraw consent — same as delete
- We won't retaliate against you for using these rights
Cloning someone else's voice
Allowed only if they consent — meaning, they personally record the consent statement themselves. You can't record it on their behalf. You can't use a clone to record it.
You also cannot clone:
- Anyone under 18, ever (even with consent)
- Deceased people without estate authorization
- Politicians for political content
- Celebrities for impersonation, endorsement, or commercial use
- Anyone who hasn't consented
Where this works
Custom Voice is available in: US (excluding Illinois), Canada, Australia, New Zealand. Illinois is blocked. EU, UK, and Switzerland are blocked along with the whole service for now.
Security
Encrypted in transit. Encrypted at rest. Stored privately with access controls. No bulletproof security exists, but we use the same care for biometric data that we'd use for any sensitive confidential information — and frankly more.
Read the full Voice Biometric Privacy Notice for all the legal detail.