Skip to content

Trust

Privacy and Security

Audio stays on the device

Inference runs entirely on the end-user's device, in every binding and in every plan. The audio your application captures or processes never travels to Rapidly servers, and we have no technical ability to see, hear, or store it. This is structural: the SDK has no upload path for audio.

License verification options

The Rapidly SDK currently ships with offline license verification only. License keys are validated locally on the device, with no network calls required. This works in fully air-gapped environments and is the default today.

Future plans (activation, subscription) will add connected verification for customers who want continuous renewal or per-end-user metering. Those plans include offline fallback windows. The offline-only plan stays available for customers who need it.

For high-security and regulated environments

The offline-only licensing option suits environments where outbound network traffic is restricted or audited, including military, healthcare, regulated finance, and broadcast.

  • Source-available bindings. The Swift, Kotlin, and Python wrappers are on GitHub for audit.
  • Code-signed Apple distribution. The xcframework is code-signed, and the macOS slice is additionally notarized.
  • App Store compliance. PrivacyInfo.xcprivacy manifest is bundled with every Apple slice.
  • No SDK telemetry today. The current offline-only licensing path does not phone home or report usage back to us. When connected verification plans ship, this policy will be updated with exactly what is transmitted.

Who we are

Rapidly Labs AS is a Norwegian company that builds audio technology for shaping any audio. We operate the website at rapidly.io and ship the Rapidly SDK.

  • Company name: Rapidly Labs AS
  • Organization number: 937 250 274
  • Registered address: Sagveien 23F, 0459 Oslo, Norway
  • Privacy contact: privacy@rapidly.io

For the purposes of the EU General Data Protection Regulation (GDPR), Rapidly Labs AS is the data controller for the personal data described below.

Personal data we collect

Through rapidly.io:

  • Newsletter signup: email address, plus your opt-in confirmation for the newsletter and privacy terms.
  • Contact form: your full name, work email, company name, and the content of your message.
  • Cookies and traffic data: set only after you accept analytics in our cookie banner. Used in pseudonymous form to understand traffic patterns.

We do not process any special categories of personal data (sometimes called "sensitive personal data").

If you contact us by email, social media, or other channels outside the website, we will also receive whatever you choose to share in that conversation.

How we use your data

  • Answer questions submitted through our contact form, including licensing, support, and partnership inquiries.
  • Send newsletter updates when you have opted in. You can unsubscribe from every email we send.
  • Understand which pages and features are used on rapidly.io, in aggregate and pseudonymous form, to improve the site.
  • Comply with legal obligations that apply to us (accounting, tax, responding to lawful requests).

We do not sell, rent, or trade your personal data.

Who we share it with

We use the following processors to operate rapidly.io. Each is bound by appropriate data-processing terms and either operates inside the EU or relies on an EU-approved transfer mechanism.

ProcessorPurpose
VercelHosting, edge functions, and CDN for rapidly.io
CloudflareDNS and traffic protection
SupabaseOperational data storage
AttioCustomer-relationship management. Newsletter signups and contact-form submissions are stored here.
ResendTransactional email (replies to inquiries, newsletter delivery)
Google WorkspaceBusiness email used by the Rapidly team
PostHogProduct analytics. Captures pseudonymous interaction events to understand how visitors use the site. Hosted in the EU. Loads only after you accept analytics cookies.
Google AnalyticsPseudonymous traffic analytics. Loads only after you accept analytics cookies.

We share information with these processors strictly on the basis described in this policy and never for their own independent purposes.

Where your data is stored

The website (Vercel) and our application backend (Supabase) are hosted within the European Economic Area. Some of the processors above (notably Google Workspace, Google Analytics, and Cloudflare) operate globally, including in the United States. Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses or the EU-US Data Privacy Framework as appropriate.

How long we keep your data

  • Newsletter subscribers: until you unsubscribe or ask us to delete your record.
  • Contact-form messages: retained in our CRM for as long as it is reasonable to maintain the business relationship, then deleted. You can ask for earlier deletion at any time.
  • Cookies: session cookies expire when you close your browser. Persistent cookies have lifetimes from a few days to one year, depending on purpose.
  • Backups: when we delete data on request, please allow up to 30 days for it to clear from backups.

Cookies

We use a small number of cookies, grouped as follows:

  • Strictly necessary cookies that keep the site working. These cannot be turned off, and they do not track you across other sites.
  • Analytics cookies that help us understand which pages and features are useful. These run only after you accept analytics in our cookie banner.

You can change your cookie preferences at any time using the banner.

Your rights under the GDPR

If you live in the EEA, the UK, or another jurisdiction that recognizes equivalent rights, you have the right to:

  • Access the personal data we hold about you and how we use it.
  • Rectify any inaccurate or incomplete data.
  • Erase your personal data, subject to any legal retention obligations.
  • Restrict how we process your data while a dispute is being resolved.
  • Object to processing that we base on legitimate interests.
  • Portability: receive your personal data in a structured, machine-readable format.
  • Withdraw consent for any processing we base on consent (for example, newsletter signups or analytics cookies). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, write to privacy@rapidly.io. We will respond within the time limits set by the GDPR (normally one month).

You also have the right to complain to your national data protection authority. For Norwegian residents, that is Datatilsynet (datatilsynet.no).

Children

Our website and services are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please email privacy@rapidly.io and we will delete it without unnecessary delay.

Changes to this policy

We may update this policy as the business evolves: new products, new processors, new legal requirements. Material changes will be posted on this page along with a new effective date. The latest version is always live at rapidly.io/privacy.

Contact us

For any privacy question, including to exercise the rights above:

  • Email: privacy@rapidly.io
  • Postal: Rapidly Labs AS, Sagveien 23F, 0459 Oslo, Norway
  • Organization number: 937 250 274

Last updated: 2026-05-12.