Bergg — Privacy Policy

Effective date: 2026-05-29 · Last updated: 2026-05-29

Bergg is a voice-first documentation tool for tradespeople. This policy explains what data we collect, why, where we store it, and how to delete it. We never sell your data.

1. What we collect

• Account data — email address, first and last name, business name, trade type, phone number. You provide these when you register.
• Voice recordings — when you tap record on a job, we capture audio on your device and send it to OpenAI's Whisper transcription service. The audio is not retained. We keep only the resulting transcript text.
• Transcripts and AI-generated documents — the text Whisper produces, plus the customer summaries, invoice lines, compliance notes, warranty statements, and follow-up notes Claude generates from your transcript. Stored against your account.
• Job records — title, customer name (if you choose to enter one), site address (if you choose to enter one), and status notes you add.
• Subscription state — whether you have an active Pro or Max subscription, the billing cycle, and the period end date. Synced from Apple via RevenueCat. We never see your payment card or Apple ID.
• Login activity — the time you last signed in, used for security alerts.

2. What we do not collect

• Audio file content after transcription — discarded immediately.
• Location data — we never request location permission.
• Contacts, calendar, photo library beyond what you explicitly attach to a job (currently no photo attachment is shipped).
• Advertising identifiers — we do not run ads and do not track for ad attribution.
• Payment card details — Apple is the merchant of record for in-app purchases.

3. Where your data lives

• Account data, transcripts, AI outputs, and job records are stored on our self-hosted PostgreSQL database, running on a Hetzner Cloud server in the EU.
• Voice recordings are transmitted in transit to OpenAI's Whisper API (OpenAI privacy policy) and not retained anywhere afterwards.
• Transcript text is transmitted to Anthropic Claude (Anthropic privacy policy) to produce the structured outputs.
• Subscription state lives in our database and in your RevenueCat customer record (RevenueCat privacy policy).

4. Third parties we share data with

We share only what each service needs to do its job:

• OpenAI (Whisper) — receives a single audio file per voice note, returns the transcript. OpenAI does not train on data submitted through paid API endpoints (per their API data policy).
• Anthropic (Claude) — receives the transcript text plus the job's basic context (title, trade type), returns structured documentation. Anthropic does not train on data submitted through paid API endpoints.
• Apple (App Store / StoreKit) — handles the subscription purchase itself; we receive only the resulting entitlement state.
• RevenueCat — receives a webhook from Apple when your subscription state changes and forwards it to us. RevenueCat sees only your purchase metadata, never your transcripts or documents.

That is the complete list. We do not share data with anyone else, ever.

5. How long we keep it

Account, transcript, and document data is kept until you delete your account. On account deletion (Settings → Delete Account) we remove every row associated with your tenant within seconds. There is no soft-delete or recovery window.

Voice audio is never persisted, so deletion is not applicable.

6. Your rights

• Access — every document Bergg has ever produced for you is visible in the app. Tap any job to see its voice notes, transcripts, and outputs.
• Correction — you can edit any AI-generated output in the app.
• Deletion — Settings → Delete Account permanently removes your entire account and all data.
• Portability — you can export any generated document as a PDF and save it to your device.

7. Security

• All traffic between the app and our server is encrypted in transit (HTTPS via Cloudflare).
• Passwords are hashed with bcrypt (cost 12) — we cannot recover your password, only reset it.
• Access tokens expire after 1 hour. Refresh tokens are opaque, sha256-hashed at rest, and rotated on every use with reuse-detection (presenting a previously-rotated token revokes the entire session family).
• All tenant data is isolated at the API layer — every query is scoped to your tenant before it runs.

8. Children

Bergg is intended for adults running a trade business. We do not knowingly collect data from anyone under 16. If you believe a child has registered, email us at the address below and we will delete the account.

9. Changes to this policy

If we change anything material we will update the "Last updated" date at the top of this page and, for breaking changes, prompt you to re-accept on next login.

10. Contact

Questions, requests, or complaints: visit bergg.app/support or email the address shown in your App Store receipt.

Bergg · Terms of Service · Last reviewed 2026-05-29