If you collect or capture audio recordings from your users, you'll need to have a Privacy Policy. This is because you're collecting personal data and must therefore observe certain privacy obligations and comply with privacy laws.

With the growing concern for data protection in today's business climate and the consequent proliferation of privacy laws, Privacy Policies are now mandatory for businesses that collect or process personal data, including audio records.

In the article below, we'll walk you through what a Privacy Policy is, why you need to have one if you collect or capture audio recordings, which clauses to include in your Privacy Policy, and how to obtain consent and display your Privacy Policy so it's hard to miss.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



What is a Privacy Policy?

A Privacy Policy is a legal document that describes how a business collects, uses, and discloses customers' personal information. It also outlines customer rights with respect to their personal information, including any specific rights granted to customers by applicable privacy laws.

In recent years, the concept of personal information has evolved to include numerous types and configurations of data in order to keep up with the advancements of the digital age.

Therefore, it's no surprise that audio recordings can now be classified as personal information. As a result, any business that captures user audio recordings is required to have a Privacy Policy.

To put this in context, you must provide a Privacy Policy if you record customer care phone calls or collect audio data through integrated third-party voice assistants (like Google Assistant, Amazon's Alexa, Apple's Siri, etc.).

Essentially, the important thing to remember is that your Privacy Policy should, at minimum, specify the following details:

  • The categories of personal information you collect
  • How you use and store them
  • Third-party access or disclosures (if any)
  • The rights of users and how they can exercise them
  • The security measures you have in place to protect personal information

Additional clauses included may be unique to reflect the actual privacy practices of your business.

Why Do You Need a Privacy Policy if You Collect Audio Recordings?

Why Do You Need a Privacy Policy if You Collect Audio Recordings?

Virtually every business, website, or app that collects personal information is required to maintain a Privacy Policy. Before we explore the reasons for this, let's briefly clarify what personal information is.

Privacy laws generally define personal information as "any type of data that can identify a real person, either directly or indirectly."

Typical examples include but aren't restricted to the following:

  • Full names
  • Phone numbers
  • Passport numbers
  • Credit card numbers
  • Email addresses
  • Home addresses
  • IP addresses

Other notable data types that can (in certain instances) be classified as personal information include cookies, web browsing histories, device IDs, images, video or audio recordings, etc.

Basically, if you collect audio recordings or other categories of personal information, you must maintain a Privacy Policy for the following reasons.

Privacy Laws Require a Privacy Policy

Collecting audio recordings (aka personal information) from your users puts you within the scope of privacy laws in regions where your users reside.

As a result, you may need to comply with several countries' privacy laws, depending on where your business and users are located. The more prominent ones are as follows:

  • European Union (EU): The EU General Data Protection Regulation (GDPR) requires businesses that collect or process personal data to publish a comprehensive Privacy Policy. The ePrivacy Directive complements the GDPR but specifically regulates electronic communications.
  • United States: The privacy laws of California, Virginia, Colorado, Utah, and Connecticut require businesses under their scope to publish a publicly accessible Privacy Policy. Moreover, federal laws like the Children's Online Privacy Protection Act (COPPA) also require a Privacy Policy.
  • Canada: Publishing a Privacy Policy is mandatory for private sector organizations in Canada, thanks to the Personal Information Protection and Electronic Documents Act (PIPEDA).
  • United Kingdom (UK): After Brexit, the UK adopted the Data Protection Act 2018, which is its implementation of the GDPR. Therefore, businesses with users in the UK must also post a Privacy Policy.
  • Australia: The Australia Privacy Act of 1988 demands a Privacy Policy from certain businesses that operate in Australia or otherwise provide services to the Australian market.

Third-party Voice Assistants Require a Privacy Policy

In recent years, voice assistants like Amazon's Alexa, Apple's Siri, Google Assistant, and Microsoft's Cortana have become increasingly popular thanks to the latest advances in artificial intelligence.

These assistants present plenty of opportunities for developers and their users alike. For instance, integrating a third-party voice assistant in your product can give it a touch of refinement and help you reach a rapidly-growing market of tech-savvy customers.

But with these benefits also comes a potential threat to the privacy and security of personal information if not properly managed.

Therefore, virtually all third-party voice assistants require developers to maintain a Privacy Policy in order to limit liability.

For example, Amazon requires developers of Alexa Skills (i.e., apps capable of interacting with Alexa) to provide a Privacy Policy in its article on creating smart home skills:

Amazon Alexa Blogs: Creating Your First Alexa Smart Home Skill with Privacy Policy URL section highlighted

Google Assistant also requires developers to maintain a comprehensive and accurate Privacy Policy before integrating its software:

Google Assistant Privacy Policy Guidance: Why we require a Privacy Policy section

Further below in its Guidance, Google Assistant outlines the clauses you must (at minimum) include in your Privacy Policy:

Google Assistant Privacy Policy Guidance: What a basic Privacy Policy should say section

A Privacy Policy Helps Promote Transparency

Providing a Privacy Policy can help show your users and potential customers that you value their privacy and wish to be transparent about how you collect, use and share their personal information.

This can, in turn, lead to higher trust and the opportunity to gain more engagement for your business.

Now that we've seen why you need a Privacy Policy if you collect audio recordings, let's go over what clauses you should include in your Privacy Policy.

What Clauses Should You Include in Your Privacy Policy for Audio Recordings?

What Clauses Should You Include in Your Privacy Policy for Audio Recordings?

If you collect audio recordings from users, your Privacy Policy needs to include clauses that specifically address your collection, use, and disclosure of audio recordings, among others.

It's important to ensure that your Privacy Policy doesn't contain legalese and isn't overly technical, but is instead written in a clear and simple language.

Without further ado, let's look at some specific clauses your Privacy Policy should address.

What Type of Personal Information You Collect, and How

Virtually every business's Privacy Policy starts by addressing the categories of information the business collects. Note that providing as much detail as possible can help protect your business from liability.

If you capture user audio or voice recordings, you need to disclose that you do this, and how you do it.

In most cases, you either capture audio recordings through customer care phone calls or by integrating third-party voice assistants into your product.

For example, here's how Nordstrom outlines the categories of information it collects in its Privacy Policy while acknowledging its collection of voice recordings:

Nordstrom Privacy Policy: What personal information we collect clause with voice recordings section highlighted

Soundcore, on the other hand, specifies that third parties will collect voice data when users employ one of its voice assistant technology after receiving permission:

Soundcore Privacy Policy: What information do we collect clause with voice section highlighted

In its Privacy Notice for minors, Google addresses its collection of voice and audio information among other categories of information it collects:

Google Family Link Privacy Notice: Information We Collect clause - Your child's voice and audio information section

What You Do With the Information You Collect

Next, your Privacy Policy needs to explain how you use the information you collect from your users.

If you capture audio recordings, you'll most likely use them to carry out the requested service of users, enhance audio functionality, develop new audio features, conduct research and surveys, and perform related functions.

Keep in mind that transparency is the ultimate goal of a Privacy Policy, so once again, be as detailed as possible.

For example, Spotify published a separate policy that specifically addresses voice data. This is a valid option that, while not necessary, helps detail its collection and use of voice data better.

Here's how Spotify presents this clause in its Voice on Spotify Policy:

Spotify Voice Policy: What does Spotify do with the voice data it collects clause

Similarly, Amazon outlines its reasons for collecting data, including how it uses voice inputs made through Alexa. Amazon also includes a link to a more comprehensive document detailing its Alexa and Echo devices policy.

Amazon Privacy Notice: For What Purposes Does Amazon Use Your Personal Information clause with voice, images and videos section highlighted

How You Share Personal Information

Data sharing is virtually inevitable in today's business landscape.

Regardless of your industry, you'll probably share data with your affiliated partners and third parties such as analytics providers, advertising or marketing agencies, and payment processors.

You may even be required to share information with law enforcement or other authorities in certain instances.

In any case, it's important to be as transparent as possible about the categories of third parties with whom you share personal information and your reasons for such.

Spotify, once again, does this well. Here's how it comprehensively details the categories of third parties with whom it shares various types of information (including voice data) and the reasons for such:

Spotify Privacy Policy: Information we may share chart excerpt

How Long You Store Personal Information, and Where

Another important clause your Privacy Policy should address is your data storage and retention practices.

Simply put, you should let users know where you plan to store their information, how long you intend to keep it, and why.

Note that most privacy laws specify that you must only keep personal information for as long as is absolutely necessary. In other words, if you don't have reasonable grounds to retain audio recordings, you need to take steps to erase them promptly.

Here's a short but concise example from Pandora that complies with this requirement:

Pandora Voice Mode FAQ: Where does Pandora store my voice data section

How You Keep Personal Information Secure

Data breaches are a significant security concern in today's world and can result in costly consequences if preventive measures are not properly implemented.

Such measures include but aren't restricted to:

  • Data encryption
  • Data anonymization or pseudonymization
  • Firewalls
  • Access restriction
  • Two-factor authentication
  • Security training for employees

Once you've implemented reliable data security measures, you should disclose them in your Privacy Policy, as this can help boost trust and confidence in your business.

However, It's worth noting that no security system is infallible, and stating this information can help limit your liability.

Here's how iWave concisely presents this clause in its Privacy Policy:

iWave Privacy Policy: How we protect personal data clause

How Users Can Access, Modify, and Delete Their Personal Information

In today's privacy landscape, users have more control over their personal information than ever before thanks to privacy laws and regulations.

At the very least, users have the right to access, modify, and delete their personal information (including audio recordings) anytime they wish, and you must bring this to their attention.

Here's an example from ResourceFlex of how you can keep users informed of their legal rights regarding their personal information:

ResourceFlex Privacy Policy: Right to access, modify, and delete personal data clause - Right to information, access and change of data section

Keep in mind that you may need to include additional user rights depending on the privacy laws of the regions where your users reside. For example, the GDPR grants EU residents eight user rights which all businesses under its scope must observe.

How Users Can Contact You

Your Privacy Policy should also include a way through which users can contact your business for questions or concerns regarding your policies and practices.

It's a best practice to include several forms of contact details under this clause, such as a physical address, email address, and/or phone number.

Here's how TIDAL does this in its Privacy Policy:

Tidal Privacy Policy: Contact Information clause

Now that we've seen what clauses your Privacy Policy should include if you collect audio recordings, let's look at how to display and get user consent after it's drafted.

How to Get Consent and Display Your Privacy Policy for Audio Recordings

Voice assistant technology has gained widespread acceptance despite the potential threats to data privacy. However, collecting and sharing audio recordings with third parties remains potentially invasive.

As a result, many privacy laws, most notably the GDPR, require businesses to obtain user consent before collecting or processing certain types of information (including audio recordings).

Moreover, user consent is also needed to comply with the Terms and Conditions of most third-party services.

A reliable way to obtain consent is to employ a clickwrap method to ensure that your users have read and approved your data processing practices.

For example, Vudu obtains explicit consent from its users in a compliant way by presenting an empty checkbox for users to click if they agree to its Terms and Policies and Privacy Policy:

Vudu Create Account form with Agree to Terms and Privacy checkbox highlighted

Now, let's briefly go over some conspicuous locations where you should include links to your Privacy Policy so that it's easily accessible.

Website Footers

It's a common practice for websites to include a link to their Privacy Policy and other legal agreements in their footer.

Here's an example from Snap Inc:

Snap Inc website footer with Privacy Policy link highlighted

Account Creation or Sign-up Page

Providing a link to your Privacy Policy on your account creation or sign-up page is a reliable way to ensure that users don't miss it.

Here's how Soundcloud does this:

Soundcloud create account form with Privacy Policy link highlighted

Newsletter Sign-Up Forms

You can place a link to your Privacy Policy in your email newsletter sign-up form like Forbes does here:

Forbes email newsletter sign-up form with Privacy Policy link highlighted

Mobile or Desktop In-App Menus

If you collect user audio recordings with your mobile or desktop app, you need to include a link to your Privacy Policy in a prominent section of your app.

For example, Netflix includes a link to its Privacy Statement in its in-app settings menu, as shown below:

Netflix desktop app menu with Privacy Statement link highlighted

Summary

A Privacy Policy is necessary if you collect user audio recordings through phone calls, voice assistant technology, or other means. It not only helps you remain compliant with applicable privacy laws and the Terms and Conditions of third parties but shows users that you take their privacy seriously.

When drafting your Privacy Policy, it's important to make sure your document doesn't contain legalese or excessively technical terms but is written in easy-to-understand language.

To recap, here are the key clauses your Privacy Policy should include:

  • What type of personal information you collect, and how
  • What you do with the information
  • How you share personal information
  • How long you store personal information, and where
  • How you protect personal information
  • How users can access, modify, and delete their information
  • Contact information

Finally, remember to obtain consent before you capture user audio recordings. Your Privacy Policy should also be conspicuously located and easily accessible by your users.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy