Skip to main content

Privacy Policy

Your privacy is important to us. This Privacy Policy explains how Knoban LLC (“Company,” “we,” or “us”) collects, uses, stores, and discloses information from users of the Hylist application (“Hylist”). By using Hylist, you consent to the data practices described in this policy. This policy applies to the Hylist app on iOS, Android, and Web platforms.

Information We Collect

We collect several types of information to provide and improve Hylist's services:

  • Account Information: When you create an account on Hylist, we collect your email address and a display name. The email is required for account creation and login, and serves as our primary means to authenticate you. Your display name is used within the app to identify you to other users (for example, in meetings). You may choose any display name (it does not have to be your real name). We also collect your account credentials (such as a password) if applicable, which are stored securely (e.g., hashed) and not visible to us in plain text.

  • Audio/Video Content: Hylist is a video conferencing service, so it necessarily processes audio and video data. We do not store or record your audio or video calls by default. Audio and video streams are transmitted live to other call participants via our servers (and third-party services like LiveKit) but are not saved permanently unless you choose to use the recording or transcription features. If you opt to record a call, the audio/video content of that session will be recorded and stored on our servers. If you use the live transcription feature, audio from the call will be sent to our transcription service provider (Deepgram) and a text transcript will be generated and stored.

  • Transcripts and Recordings: If you enable transcription during a call, the resulting text transcript will be saved so that you can view it during and after the meeting. If you record a session, the recorded media files (audio/video) will be saved and associated with your account for later access. These transcripts and recordings are considered your User Content and are accessible to you (and to any other participants or recipients you share them with). We treat them as confidential, but please note that anyone with whom you share the recordings or transcripts will have access to that content.

  • Usage Data and Analytics: We collect anonymous analytics data about how you use Hylist to help us improve the service. This may include information such as how often you use the app, which features you use, session duration, and general performance metrics. We use Google Analytics (and/or Firebase Analytics) in an anonymized fashion, meaning this data is not tied to your personal identity. For example, we might see that a feature was used by X% of users, but this data is aggregated. Google Analytics may use cookies or similar tracking technologies to gather usage information; however, no directly identifying personal data (like your name or email) is included in analytics reports. We may also collect basic technical information from your device when you use Hylist, such as your device type, operating system, app version, and approximate geographic location (e.g., country or region) based on IP address. This information helps with troubleshooting and optimizing performance.

  • Log Data: When you use Hylist, our servers (or the servers of our third-party providers) may automatically record certain information (“log data”). This log data could include your Internet Protocol (IP) address, device information, browser type (for the web app), crash reports, and timestamps of actions in the app (such as joining or leaving a meeting). We use log data primarily for monitoring the health of the service, debugging issues, and securing the platform. We do not use log data to identify users except in the case of investigating abuse or security incidents.

  • Communications: If you contact us (for example, via email at alden@knoban.com for support or feedback), we will collect and retain that correspondence, including your contact information and any information you choose to provide, in order to respond to you and improve Hylist.

We do not knowingly collect any sensitive personal information such as social security numbers, financial information, or biometric identifiers. The personal data we collect is limited to what is needed to provide the Hylist service as described.

How We Use Your Information

We use the collected information for the following purposes:

  • To Provide and Maintain the Service: We use your account information to authenticate you and allow you to log in and use Hylist. Your email and password (or other credentials) enable you to access your account across iOS, Android, and Web. We use your display name and account ID to identify you to other participants during meetings. Audio and video data are used to carry out the core function of Hylist – enabling real-time communication – by transmitting your streams to other participants and receiving theirs.

  • Transcription and Recording: If you request a transcription or initiate a recording, we use your content data (audio/video) to fulfill that request. For transcription, audio is sent to Deepgram to convert speech to text, and then we display and store the transcript for you. For recording, we capture the audio/video streams and store the files so you can replay or download them. We manage these processes to ensure you have access to these features as intended.

  • Service Improvements: We analyze usage data and anonymous analytics to understand how Hylist is used and to improve features and performance. For instance, analytics might help us identify if a new feature is popular or if parts of the interface are confusing, so we can make adjustments. Crash and error logs help us find and fix bugs or technical issues quickly. Overall, this information guides us in making Hylist better and more reliable.

  • Communication: We may use your email address to send you important notices or updates about Hylist. For example, we might send an email for account verification, password resets, or to inform you of significant changes to the service or policies (including this Privacy Policy or the Terms of Service). We will not send you marketing or promotional emails unrelated to Hylist. Because Hylist is a demo app, such communications will be minimal.

  • Enforcing Terms and Preventing Misuse: We may use information (like logs and user reports) to monitor for fraudulent, unauthorized, or illegal activity on Hylist. If we detect misuse of the free tier, violations of the Terms of Service, or security threats, we will use relevant data to investigate and address the issue (for example, by limiting features or terminating accounts involved in abuse). This is necessary to protect the integrity of the platform and other users.

  • Legal Compliance: If we are required by law to disclose data or if we need to use data to comply with legal obligations (for example, responding to legal process or enforcing our legal rights), we will use the minimum necessary information for that purpose.

We do not use your personal information for any purposes other than those described above without asking for your consent first. In particular, we do not sell your personal data to third parties for their marketing or other independent uses.

Third-Party Services and Data Sharing

Hylist relies on several third-party services to operate effectively. We only share information with these third parties to the extent needed for the service, and each third party has agreed to handle the information appropriately. The main third-party integrations are:

  • AuthZed: Used for managing user authorization and permissions within Hylist. AuthZed may store data such as user IDs or role information to determine what each user can access or do in the app. This ensures, for example, that only authorized users can perform certain actions. AuthZed's role is limited to permission management and it does not receive your audio, video, or personal content beyond what is necessary for access control (like an internal user identifier).

  • LiveKit: Used to facilitate real-time audio and video communications. When you are in a Hylist meeting, your audio and video streams are relayed through LiveKit's infrastructure so that they can be distributed to other participants and vice versa. LiveKit servers therefore handle your live stream data. This data is typically ephemeral (only in memory or short-term buffer to transmit to others) and is not stored long-term by LiveKit, unless it is being recorded via Hylist's recording feature. We use LiveKit to ensure low-latency, high-quality streaming, but LiveKit may have access to network metadata (like IP addresses) and the content of communications momentarily as it passes through their servers. LiveKit's privacy practices govern what they do with any data on their end, and they are a reputable provider focusing on real-time communication.

  • Deepgram: Used for speech-to-text transcription. If you enable transcription in a call, segments of the audio are sent to Deepgram's API to be converted into text. Deepgram will process the audio data to generate the transcript and return it to us. Deepgram may temporarily store audio or transcripts for processing and quality assurance. We send only the audio necessary for transcription (and possibly an ID for the session) to Deepgram. Deepgram's use of the data is subject to their privacy policy, and they typically do not retain audio long-term except to improve their models, as stated in their policy. We do not send any more personal information than needed (for instance, Deepgram doesn't get your email or personal details, only audio content for transcription).

  • Firebase and Google Cloud Platform (GCP): Hylist is hosted on Google Cloud Platform, and we use Firebase services (which are part of Google Cloud) for various purposes such as database storage, authentication, and analytics. This means that data you provide to Hylist (your account info, any stored transcripts or recordings, usage logs, etc.) may reside on Google's servers. Google Cloud and Firebase act as our processors for storing and handling this data securely. Firebase Analytics (if used) collects usage events in an anonymized way as described under “Usage Data and Analytics.” Firebase Authentication (if used for login) would handle storing your email and password securely and managing sign-ins. Firebase and GCP are covered by Google's security and privacy commitments. Google, as a processor, does not use your data for any purpose except as instructed by us (for example, Google will not use your Hylist data for advertising).

We may also share data in the following circumstances:

  • Service Providers: In addition to the main providers above, we might use other third-party service providers for tasks like email delivery (for sending verification or reset emails), customer support tools, or other infrastructure needs. These providers will only receive the information necessary to perform their functions (for example, an email service would receive your email address and message content for sending the email). They are obligated to protect your data and not use it for other purposes.

  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). We will only disclose what is necessary and will, if lawful, inform you of such disclosure.

  • Protection of Rights and Safety: We may share information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to anyone's safety, or violations of our Terms of Service. For instance, if someone is using Hylist to threaten violence or engage in harassment, we might cooperate with law enforcement and provide relevant data as part of an investigation.

  • Business Transfers: If Knoban LLC is involved in a merger, acquisition, sale of assets, or reorganization (even if unlikely for a demo app, we include this for completeness), your information may be transferred to the new entity as part of that deal. If such a transfer occurs, we will ensure the successor honors the commitments made in this Privacy Policy or provide notice and options to users if the practices will change.

Importantly, we do not sell or rent your personal information to third parties for marketing purposes. The third parties we use are strictly for supporting the functionality of Hylist or for legitimate legal reasons as described.

For more information on how these third-party services handle your data, please refer to their respective privacy policies (e.g., AuthZed's Privacy Policy, LiveKit's Privacy Policy, Deepgram's Privacy Policy, Google/Firebase Privacy Policy). We can provide links or copies of those policies upon request.

Data Storage and Security

We take reasonable measures to protect the security of your data. Account information like passwords is stored in encrypted form. Data transmissions (including audio/video streams, login information, etc.) are secured via encryption in transit (e.g., TLS for signaling and DTLS/SRTP for media streams). We also encourage you to protect your account by using a strong, unique password and not sharing it.

Data collected by Hylist is primarily stored on secure servers provided by Google Cloud Platform in the United States. Google Cloud employs robust security practices including physical security and encryption at rest. We also limit access to personal data to authorized personnel and contractors who need that information to operate, develop, or improve our Service, and they are bound by confidentiality obligations.

Despite our efforts, no security measure or data transmission method is 100% infallible. Therefore, we cannot guarantee absolute security of your information. In the event of a data breach or unauthorized access, we will act promptly to mitigate the issue and will notify affected users and relevant authorities as required by law.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law:

  • Account Information: We keep your account data (email, display name, etc.) for as long as your account remains active. If you decide to delete your account or if your account is terminated, we will delete or anonymize your personal information within a reasonable period after that event. However, we may retain certain data for longer if necessary to comply with legal obligations or to resolve disputes. For example, we might retain a record of your email address in a suppression list to honor a request not to contact you, or retain logs if needed for security and fraud prevention.

  • Transcripts and Recordings: Any meeting transcripts or recordings you create will be retained until you delete them or delete your account. You typically have control within the app to delete recordings or transcripts you no longer need (if such functionality is provided; if not, you can request deletion via contact). We may also implement periodic cleanup of older recorded content on the demo service to manage storage, but we will not delete your content without notice if it's associated with an active account. If you want a specific recording or transcript removed, you can delete it or contact us to remove it.

  • Analytics Data: Anonymous analytics data may be retained in aggregate form indefinitely, as it contains no personal identifiers and is used for statistical purposes. Google Analytics allows setting a retention period (e.g., 14 months), after which user-level and event-level data stored by Google Analytics is deleted. Since our analytics is anonymous and aggregated, it does not identify you individually, and retention of this data does not impact your privacy rights.

  • Logs: Server logs and backup data might be retained for a short period (e.g., a few weeks or months) for the purposes of troubleshooting, analysis, and security. These logs are typically purged on a rolling basis unless flagged for investigation of abuse or security issues, in which case we might retain specific log excerpts until the issue is resolved.

If we have any legal obligation to retain certain data (for example, under tax law, or to comply with any law enforcement requests), we will keep the necessary data for the required period specified by law.

Once the retention period expires or the purpose of processing is fulfilled, we will either delete your personal information or anonymize it so it can no longer be associated with you.

Children's Privacy

Hylist is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you are under 13, you are not allowed to use Hylist or provide any personal information to us. If we learn that we have inadvertently collected personal data from a child under 13, we will take steps to delete such information as soon as possible.

If you are a parent or guardian and you believe your child under 13 has created an account or otherwise provided personal information to Hylist, please contact us at alden@knoban.com. We will take prompt action to delete the child's information and terminate the child's account.

For users between 13 and 18 (or the age of majority in your jurisdiction), we recommend using Hylist with parental guidance and consent. Some regions may have higher age requirements (for example, in certain countries the minimum age may be 16 for us to lawfully collect personal data without parental consent). If any such law applies, we do not intend to collect data from individuals below the applicable age of consent.

International Users and Data Transfers

Hylist is operated from the United States, and the majority of our data processing (and third-party processing) occurs in the U.S. If you are using Hylist from outside the United States, be aware that your information will be transferred to and stored on servers in the U.S. or other jurisdictions where our service providers operate. Data protection laws in these jurisdictions may differ from those in your country of residence.

By using Hylist, you acknowledge and consent to the transfer of your personal information to the United States and to the processing of your data in the U.S. as described in this Privacy Policy. We will take steps to ensure that your data is treated securely and in accordance with this policy wherever it is processed. If applicable laws require certain protections for cross-border data transfers (such as EU Standard Contractual Clauses for data from the European Economic Area), we will implement such measures as necessary.

If you are in the European Union, United Kingdom, or another region with data protection laws, you may have certain rights as described in the next section.

Your Rights and Choices

Depending on your jurisdiction, you may have rights regarding your personal information. We are committed to honoring applicable data protection rights, which may include:

  • Access and Correction: You have the right to request access to the personal data we hold about you and to receive information about how we use it. You can also request that we correct or update any inaccurate or incomplete personal information. Much of your basic account info can be updated by you directly in the app (like changing your display name). For other data, you can contact us to make corrections.

  • Deletion: You have the right to request deletion of your personal data. You can delete certain content (like recordings or transcripts) yourself in the app. If you want to delete your entire account and associated data, you may contact us at alden@knoban.com. Upon verifying your identity and request, we will delete or anonymize your personal data, except for information we are required to keep by law or for legitimate business purposes (as outlined in the Data Retention section).

  • Withdrawal of Consent: If you have consented to any specific data processing (for example, enabling a feature that is optional), you have the right to withdraw that consent at any time. Note that withdrawing consent for core data uses (like your email for login) might affect your ability to use the service.

  • Objection and Restriction: You may have the right to object to or request that we restrict certain processing of your data. For example, you can object to processing for direct marketing (though we currently do not do this) or ask us to restrict processing if you believe the data is inaccurate or our processing is unlawful.

  • Data Portability: In some cases, you have the right to request a copy of the personal data you provided to us in a portable format (e.g., a common digital format) and to have that information transmitted to another service provider, where technically feasible.

  • Automated Decision-Making: Hylist does not make any significant decisions about users using purely automated processes without human involvement. We do not profile users in a way that has legal or significant effects on them.

To exercise any of these rights, please contact us at alden@knoban.com. We may need to verify your identity (for example, by confirming control of your email address or asking for certain information) before fulfilling your request. We will respond to your inquiry within a reasonable timeframe, and in any case within the timeframe required by applicable law.

Please note that some rights may not apply universally. For instance, if you are not in a jurisdiction that grants these rights (such as outside the EU or California), the above rights might not formally apply. However, we will do our best to honor reasonable requests about your data regardless of where you live, in line with principles of transparency and fairness.

Also, if you have concerns about our data practices, you have the right to lodge a complaint with a relevant data protection authority or regulator in your country. We encourage you to contact us first so we can address your concerns directly.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to how we handle your personal information, we will provide notice to users in an appropriate manner (e.g., by updating the policy on our website and/or via an in-app notification or email). The “Last Updated” date at the top of this policy indicates when the latest changes were made.

We encourage you to review this Privacy Policy periodically for any updates. Your continued use of Hylist after any changes to this policy constitutes your acknowledgment of the changes and acceptance of the updated terms.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

We will do our best to address your inquiries and resolve any concerns. Your privacy and trust are important to us, and we are committed to safeguarding your personal information while providing the Hylist service.