Updated Apr 17, 2026
ClassEve Private Limited operates the classeve.com website and related software applications. This Privacy Policy explains how we collect, use, store, and protect information when you use our services.
By accessing or using our services, you consent to the practices described in this policy. If you do not agree, please discontinue use immediately.
For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), ClassEve Private Limited (CIN U47912PB2024PTC061395) is the Data Fiduciary in respect of the personal data you provide.
Grievance Officer: Ranjit Singh, Director and Grievance Officer. Contact: security@classeve.com. We acknowledge grievances within 24 hours and resolve them within 30 days of receipt, in line with §10 of the DPDP Act and §5(9) of the Consumer Protection (E-Commerce) Rules, 2020.
You may contact the Grievance Officer in writing at the email above, or by post at the registered office: ClassEve Private Limited, Gali No. 2, Sohal Patti, Khudi Kalan, Barnala, Punjab 148107, India.
Account information: When you create an account, we collect your email address and authentication credentials. If you sign in through a third-party provider such as Google or GitHub, we receive your name and email address from that provider.
Subscription and account status: We record subscription state (trial / active / canceled / past-due), plan tier, and account-management events for billing and access control. For Lven Cloud subscribers we additionally record daily transcription counts to enforce plan limits; for Lven Instant subscribers no transcription metering occurs because transcription runs entirely on your device and never reaches our infrastructure.
Audio data — Lven Instant (flagship, on-device): Your microphone audio is processed entirely on your machine by a speech model that ships inside the app. The audio never leaves the device, is never uploaded to ClassEve or any subprocessor, and is discarded as soon as the local transcription completes. We physically cannot read, store, or share it because we never receive it.
Audio data — Lven Cloud (the legacy server-side build): Audio recordings you submit for transcription are captured when you hold the Lven hotkey, transmitted over TLS to our transcription subprocessor (Groq), processed in real time, and discarded — they are not persisted on our servers or by Groq. Transcription text for Cloud sessions is written to your account's history so you can review it on any signed-in device.
Audio data — earslate (live translation on Android): Ambient audio is streamed in real time over an encrypted WebSocket to Google's Gemini Live API for translation and discarded. Engaged only while you hold the translation tile.
Transcription text storage: Lven Cloud stores transcript text on your account so the history view can sync across devices. Lven Instant stores history locally on each device only — no transcript text is sent to or stored by ClassEve.
Device and technical data: We may collect device identifiers, operating system versions, application versions, and IP addresses for security, debugging, and fraud prevention purposes.
Payment data: Payment processing is handled entirely by Paddle.com Market Limited. We do not store credit card numbers, CVV codes, or other raw payment credentials on our systems. We retain only the customer identifier necessary to manage your subscription.
The Lven applications request access to your device microphone. The microphone is activated only while you hold the transcription hotkey (or equivalent gesture). The application does not listen ambiently, does not record continuously, and does not retain audio between transcription sessions.
On Lven Instant — the flagship on-device build — your microphone audio is processed and discarded entirely on your machine. Nothing leaves your device. There is no recovery scenario in which an attacker compromising our servers can read what you dictated, because we never had the audio.
On Lven Cloud — the legacy server-side build — audio is captured locally and sent to our transcription subprocessor (Groq) via TLS for the duration of the request only. Groq returns the text and discards the audio.
Audio data constitutes sensitive personal data. You may revoke microphone permission at any time via your operating system's privacy settings. Revoking permission disables transcription. On Lven Instant you may also delete the local transcription history at any time from the app's history panel. On Lven Cloud, deleting the server-side history requires signing in to /dashboard and using the delete-transcripts action, or contacting the Grievance Officer.
We do not use your voice data to train machine learning models, and we do not share it with advertisers, data brokers, or any third party outside the transcription-processing chain described in "Information sharing" below.
To provide, maintain, and improve our services, including account management, transcription processing, and subscription enforcement.
To communicate with you regarding your account, billing, service updates, and support requests.
To detect, prevent, and address fraud, abuse, and security incidents.
To comply with applicable legal obligations, including those arising under the laws of India.
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We share information with a small set of named subprocessors, each bound by contract to process data solely on our behalf and under security obligations consistent with the DPDP Act and, where applicable, the EU GDPR and California CCPA. The full list is maintained at /legal/subprocessors and includes: Cloudflare (hosting and edge compute), Supabase (user database, authentication, and binary downloads), Groq (audio transcription inference — Lven Cloud only; Lven Instant transcription never crosses any subprocessor), Google (live speech translation inference via Gemini Live, used only for earslate sessions), Paddle (payment processing and Merchant of Record), and Spacemail (transactional email).
We may disclose information when required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of ClassEve, its users, or the public.
ClassEve is incorporated in the Republic of India and operates partly via subprocessors outside India. Personal data flows are itemised below; we observe Government of India notifications under DPDP §16 and will publish changes to this list within 7 days of any restriction notification.
Cloudflare, Inc. (United States — globally distributed edge network): API request routing, rate-limiting, edge caching of public marketing pages. No transcript audio or text is retained at the edge.
Supabase, Inc. (United States — primary region us-east): authentication credentials (hashed), profile metadata, paired-device records, transcription text, comp-code redemptions, audit log.
Groq, Inc. (United States): in-flight transcription of audio — Lven Cloud sessions only. Audio is processed and discarded by Groq within seconds; we do not store the audio at our end either. Lven Instant transcription never reaches Groq because it runs entirely on the user's device.
Google LLC (United States): real-time speech translation inference for the earslate live-translation feature. Audio is processed in-flight and not retained. Engaged only when a user starts an earslate session.
Paddle.com Market Limited (United Kingdom; merchant data co-processed in the EU): payment processing, subscription management, VAT/GST invoicing, customer self-service portal.
Spaceship, Inc. / Spacemail (United States and EU/EEA): transactional and customer-support email delivery from no-reply@classeve.com and support@classeve.com.
Transfers are protected by industry-standard TLS in transit, encryption at rest, contractual data-processing terms with each subprocessor, and limitation of access to the minimum personnel and minimum data scope required for service delivery. The full subprocessor list is maintained at /legal/subprocessors and updated in advance of any change.
We retain personal data only for the period necessary for the purpose for which it was collected, as required by DPDP §8(7) and GDPR Article 5(1)(e). The table below summarises retention by category.
Account email + profile metadata: until 30 days after you delete your account, or as long as the account is active.
Server-side transcription text (Lven Cloud only): 90 days from creation, after which the row is automatically purged from our database. The locally cached history on your device is yours to keep or delete. Lven Instant stores transcription history exclusively on your device — nothing is retained on our servers because nothing is sent.
Paired-device records (refresh tokens, device kind, last-seen timestamp): until you revoke the device, or 180 days after last activity, whichever is sooner.
Contact-form submissions (email, subject, message body, hashed IP): up to 180 days after the support team marks the ticket handled. Honeypot-flagged spam submissions are deleted within 30 days.
Trial-eligibility hash (canonicalized email, one-way): retained indefinitely after a free trial is used, to prevent trial farming. This is the only personal-data residue after account deletion. You can request its removal — note that removal allows a fresh trial.
Paddle webhook event log (event_id only, no user PII): 30 days after processing.
Paddle reconciliation queue: up to 90 days after the entry is resolved.
Audit log entries (admin actions): retained indefinitely; user references are redacted (NULLed) within 30 days of account deletion. The integrity of the audit trail is preserved as a security control under DPDP §8(5).
Cloudflare access logs and Supabase platform logs: retained per provider policy (typically 30 days) and outside our direct deletion mechanism.
In the event of a personal-data breach as defined under DPDP §2(t) or GDPR Article 4(12), we will notify the Data Protection Board of India under §8(6) and any affected user within 72 hours of becoming aware of the breach, in line with GDPR Article 33+34 timelines.
Each notification will describe the nature of the breach, the categories and approximate number of affected data subjects, the contact for further information, the likely consequences, and the measures taken or proposed to address the breach.
If you suspect a breach of your data, please email security@classeve.com immediately.
We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted storage of authentication credentials, and access controls on internal systems.
No method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.
Under the DPDP Act, 2023, you have the right to: (a) obtain a summary of your personal data we process and the processing activities undertaken; (b) request correction, completion, or erasure of your personal data; (c) nominate another person to exercise these rights in the event of your death or incapacity; and (d) file a grievance with the Grievance Officer named above, and subsequently with the Data Protection Board of India under §27 of the Act.
To exercise any of these rights, contact the Grievance Officer. You may also withdraw your consent at any time by deleting your account; note that withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you specific rights regarding your personal information.
Right to know (§1798.100, §1798.110, §1798.115): you may request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and any third parties we share it with.
Right to delete (§1798.105): you may request deletion of personal information we have collected, subject to certain statutory exceptions (e.g., complete a transaction, comply with law).
Right to correct (§1798.106): you may request correction of inaccurate personal information.
Right to opt out of sale or sharing (§1798.120): we do not sell or share personal information as those terms are defined under the CCPA. You nonetheless have the right to direct us not to do so in the future.
Right to non-discrimination (§1798.125): we will not discriminate against you for exercising any CCPA right.
To exercise these rights, email security@classeve.com with subject line "CCPA Request." We respond within 45 days as required by §1798.130.
Our services are not directed to individuals under the age of 18 (DPDP §9 defines a "child" as anyone under 18 years of age). We do not knowingly collect personal information from minors. The signup form requires you to attest that you are 18 or older before an account can be created.
If we discover or are notified that a minor has created an account, we will delete the account and any associated personal data without undue delay. To report a minor's account, email security@classeve.com.
We do not undertake age-gating beyond a self-attestation checkbox. Parents and guardians are encouraged to monitor minors' use of the internet generally.
We may update this Privacy Policy from time to time. The revised version will be indicated by an updated date at the top of this page. Continued use of our services after changes are posted constitutes acceptance of those changes.
For privacy-related inquiries, contact us at security@classeve.com.
ClassEve Private Limited, Barnala, Punjab 148107, India.