Effective Date: April 1, 2026
Last Updated: April 12, 2026
Contact: privacy@improvchat.com
Improv Chat is an AI-powered improv practice platform for the improv comedy community, created by Frank Kyazze. When this policy says "we," "our," or "us," it means the Improv Chat team. When it says "you" or "your," it means you, the user.
This policy explains what data we collect, why we collect it, how we protect it, and what rights you have over it. We wrote this to be readable, not to hide anything in legalese.
| Data | When | Why | Required? |
|---|---|---|---|
| Phone number | Phone sign-in | Authentication via OTP | Only if you choose phone auth |
| Email address | Email sign-in or Google sign-in | Authentication, account recovery | Only if you choose email/Google auth |
| Google account info | Google sign-in | Name and email for authentication | Only if you choose Google auth |
| Display name | Account creation | Identify you in rooms and on your profile | Yes |
| Username | Account creation | Unique identifier for your profile | Yes |
| Bio | Profile setup | Tell other users about yourself | No |
| City | Profile setup | Help people find local improvisers | No |
| Social links | Profile setup | Connect your other creative platforms | No |
| Audio (live) | Participating in rooms | Core product — real-time audio communication | Yes, when in a room |
| Audio (recordings) | Show recordings, voice memos | Persistent content you choose to create | No — you control when recording happens |
| Speech transcripts | Playing improv games | Your speech is transcribed by Deepgram during gameplay and sent to our AI (Claude) for scene partner responses and scoring | Yes, when playing games |
| Reports | Reporting a user or content | Platform safety and moderation | Only when you submit a report |
| Data | How | Why |
|---|---|---|
| Device token | Firebase Cloud Messaging | Send you push notifications about game reminders and future social features |
We do not currently collect usage analytics, crash reports, or
performance telemetry. Firebase Analytics, Crashlytics, and Performance
Monitoring are not integrated into the app. If we enable any of these in
the future, we will update this policy and notify users before activation.
We track your online status via a heartbeat system (stored at `presence/{uid}` in our database). This shows other users whether you are currently online and available. You control who can see your online status through the presencePrivacy setting in your profile:
| Setting | Who can see your status |
|---|---|
| everyone | All users (default) |
| followers | Only people who follow you |
| nobody | No one can see your online status |
When you send or receive a game room invitation, we store invitation data including the sender, recipient, and room identifier. Invitations automatically expire after 5 minutes and are deleted from our systems.
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Provide the app (rooms, profiles, follows, notifications) | Contract performance | Account data, audio, social graph |
| Authenticate your identity | Contract performance | Phone, email, or Google credentials |
| Provide AI game experiences (scene partner, scoring, feedback) | Contract performance | Speech transcripts, game state |
| Generate AI voice responses during gameplay | Contract performance | AI-generated game text (sent to ElevenLabs for TTS) |
| Track online/presence status | Legitimate interest (social features) | Heartbeat timestamp, online status |
| Moderate content and enforce community guidelines | Legitimate interest (user safety) | Reports, audio (when reported), profile data |
| Improve app stability and performance | Legitimate interest (product improvement) | Crash reports, performance data |
| Understand feature usage patterns | Legitimate interest (product improvement) | Anonymized analytics |
| Send push notifications | Consent (you can disable in device settings) | Device token |
| Respond to your support requests | Contract performance | Your message and account context |
We also collect anonymized, de-identified gameplay data (transcripts, scores, and gameplay metrics) for the purpose of improving AI quality, detecting bugs, and enhancing the player experience. This data contains no personally identifiable information and cannot be traced back to individual users.
We do not use your data for advertising, profiling, or automated decision-making that affects your legal rights.
Audio is the core of Improv Chat, so it deserves clear explanation:
Live audio in rooms is transmitted in real-time using WebRTC (via LiveKit). It is encrypted in transit using DTLS-SRTP. Live audio is not stored — it exists only in the moment, like a live performance. When the room ends, the audio is gone.
Show recordings are created only when a host explicitly starts recording. All participants see a recording indicator. Recordings are stored on Google Cloud servers, encrypted at rest. The host controls the recording and can delete it at any time.
Audio is not end-to-end encrypted. Our audio server (LiveKit) operates as a Selective Forwarding Unit (SFU), which means it routes audio between participants. The server can technically access audio streams in transit. This is standard for all major audio/video platforms (Zoom, Clubhouse, Discord, etc.) and enables features like recording and selective forwarding. We are evaluating end-to-end encryption options as the technology matures.
Improv Chat uses AI to power its improv practice games. Here is how your data flows through our AI systems:
Speech-to-Text (Deepgram): During gameplay, your voice is sent to Deepgram for real-time speech-to-text transcription. Deepgram processes the audio to produce text and does not retain your audio data beyond the transcription session.
AI Scene Partner & Scoring (Anthropic Claude): Your transcribed speech is sent to the Anthropic Claude API to generate AI scene partner responses, evaluate your improv performance, and provide scores and feedback. Game transcripts (your lines and the AI's responses) are stored in Firestore and can be anonymized upon request.
Text-to-Speech (ElevenLabs): AI-generated game text (the AI scene partner's lines) is sent to ElevenLabs to produce voice audio that plays back to you. No user voice data is sent to ElevenLabs — only the AI-written text.
Data retention for game data: Game transcripts and scores are stored in Firestore as part of your gameplay history. You can request anonymization or deletion of this data at any time by contacting us.
| Data | Visibility |
|---|---|
| Display name, username, bio, city, social links | Public (visible on your profile) |
| Follower/following counts | Public |
| Room participation (while in a room) | Visible to other room participants |
| Audio in rooms | Heard by other room participants in real-time |
| Phone number, email | Never visible to other users |
| Block/mute list | Never visible to other users or admins |
| Online/presence status | Controlled by your presencePrivacy setting (everyone/followers/nobody) |
| Game scores and leaderboard rank | Public (visible on leaderboards) |
| Reports you submit | Visible only to you and platform admins |
Admins can view: user profiles, reports, moderation history, and platform-wide statistics. All admin actions are logged in an immutable audit trail. Admins cannot see your password, authentication credentials, block list, or listen to live rooms.
| Third Party | Data Shared | Why | Their Privacy Policy |
|---|---|---|---|
| Google (Firebase/GCP) | All application data (stored on their infrastructure) | Infrastructure provider | Google Cloud Privacy |
| Google (Analytics) | Anonymized usage data | Product improvement | Google Analytics Privacy |
| Anthropic (Claude API) | Game transcripts (user speech + AI responses), game state, onboarding questionnaire responses | AI scene partner responses, scoring, feedback, game search, and Improv Type Indicator assessment | Anthropic Privacy |
| Deepgram | User speech audio during gameplay | Real-time speech-to-text transcription. Deepgram does not retain audio beyond the transcription session. | Deepgram Privacy |
| ElevenLabs | AI-generated game text (no user voice) | Text-to-speech voice generation for AI scene partner | ElevenLabs Privacy |
| Google Cloud Speech-to-Text | Voice memo audio (if you create one) | Transcription of voice memos for searchability. Not used for live gameplay. No retention beyond the transcription request. | Google Cloud Privacy |
| Apple | App metadata, crash reports | iOS distribution | Apple Privacy |
| Google Play | App metadata, crash reports | Android distribution | Google Privacy |
We do not sell your personal data. We do not share your data with advertisers. We do not participate in data brokers or data marketplaces.
We may disclose your data to law enforcement when legally required (court order, subpoena, or similar legal process). We will notify you if legally permitted to do so.
Your data is stored on Google Cloud Platform (GCP) infrastructure in the `us-central1` (Iowa, USA) region.
Security measures:
See our Security Architecture for the complete security posture.
Improv Chat's default posture is "anonymize, don't delete." We
believe gameplay data — transcripts, scores, feedback — is valuable for
improving AI quality, detecting bugs, and understanding how players learn
improv. Rather than discard that data when you leave, we separate the
identity from the gameplay and keep the anonymized gameplay for research.
This section explains exactly what that means and how it interacts with
your legal rights.
| Data | Retained Until | How to Remove |
|---|---|---|
| Account data (display name, username, bio, city, social links) | You anonymize or erase your account | Settings > Delete Account |
| Authentication credentials (email, phone, Google OAuth link) | You anonymize or erase your account | Automatic — removed during account closure |
| Game transcripts and scores (identified) | You anonymize or erase your account | Settings > Delete Account — identifiers are stripped and the anonymized copy is preserved for research (see §8.3) |
| Anonymized game archive | Indefinite | Contains no personal data after identifier stripping and content-layer sanitization |
| Voice memos and their transcripts | You delete them | Delete from your profile |
| FCM push tokens | Until token expiry or account closure | Automatic |
| Backups | 30 days (Firestore point-in-time recovery + daily exports) | Automatic — expired backups are deleted via lifecycle policy |
See our Data Retention Policy for complete
details including the classification, retention justification, and
deletion procedure for every collection we maintain.
When you close your account, you choose one of two paths:
Anonymize (default, recommended for most users). We strip your
identifiers (user ID, display name, email, phone, profile fields) from
your account record and from every collection that referenced you. Your
gameplay data is further sanitized at the content layer — speaker labels
are collapsed and any spoken personal information (names, places, contact
details) is scrubbed from the transcripts before they are preserved in the
anonymized archive. Your Firebase authentication record is disabled so
you cannot sign in again, but your underlying identifier remains in the
database for referential integrity. No personal data about you remains
that could link back to the real you.
Fully erase. We run the anonymization pipeline above *first* — which
preserves the anonymized gameplay archive — and then hard-delete your
user document, your authentication record, any audio files you uploaded,
and any other records tied to your identifier. This is the GDPR Article
17 "right to erasure" path and is the default for users located in the
European Union, the United Kingdom, and any other jurisdiction where
erasure is a legal right.
Liechtenstein, and Switzerland: we honor the GDPR/UK-GDPR right to
erasure when you explicitly invoke it. If you simply close your account
without invoking erasure, we default to the anonymization path, which
also satisfies the data-minimization principle (GDPR Art. 5(1)(c))
because no personal data remains.
default to the anonymization path. You may request full erasure at any
time by contacting us; we will honor the request within 30 days.
anonymized gameplay to evaluate model quality and debug the product —
that is a different activity than training.
processors listed in §6.3 who provide the core product functionality.
You have the following rights over your data:
| Right | How to Exercise |
|---|---|
| Access | View your profile data in the app. Use Settings > Export My Data to download a JSON export of everything we store about you. |
| Correction | Edit your profile directly in the app. |
| Anonymization (default account closure) | Settings > Delete Account > Anonymize. Removes your identifiers; preserves your gameplay data in our anonymized research archive with no link back to you. |
| Erasure (GDPR Art. 17) | Settings > Delete Account > Fully Erase. Runs the anonymization first, then hard-deletes your auth record, user document, and uploaded audio files. Default path for EU/UK users who invoke the right explicitly. |
| Portability | Use Settings > Export My Data — the export is a machine-readable JSON file suitable for import into any other system. |
| Withdraw consent | Disable push notifications in device settings. |
| Object to processing | Contact us to object to any processing based on legitimate interest. |
| Complain | File a complaint with your local data protection authority. |
For EU/EEA residents (GDPR): You have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your supervisory authority. Our legal basis for processing is documented in Section 3.
For California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
To exercise any right, email privacy@improvchat.com. We will respond within 30 days.
Improv Chat is not intended for users under 18. Improv rooms can involve adult humor, strong language, and emotionally intense creative work. This is an adult creative platform.
We do not knowingly collect personal information from anyone under 18. If we learn that a user is under 18, we will terminate their account and delete their data.
If you believe a minor is using Improv Chat, please report it to us at privacy@improvchat.com or use the in-app report function.
Your data is stored and processed in the United States (GCP us-central1 region). If you are located outside the United States, your data is transferred to the US for processing.
For EU/EEA users: This transfer is covered by Google's Standard Contractual Clauses (SCCs) as part of their data processing agreement. We rely on Google's compliance with EU data transfer requirements.
We may update this policy as the app evolves. For significant changes (new data collection, new third parties, changes to your rights), we will notify you through the app before the changes take effect.
The "Last Updated" date at the top of this policy reflects the most recent revision.
If you have questions about this privacy policy or how we handle your data:
Email: privacy@improvchat.com
GitHub: github.com/frankkyazze9/support-group
*This privacy policy is also available in the app under Settings > Privacy Policy.*