CVOsc, published by Aleph Void LLC ("Aleph Void," "we," "us," or "our"), does not collect, transmit, sell, or share any personal data tied to your identity. The audio you capture, your recordings, and your settings stay on your device. The Android build sends a limited stream of anonymous diagnostic and usage data through Firebase Analytics and Crashlytics so we can measure stability and aggregate usage — details and the Google Play Data Safety disclosure are below. The iOS / iPadOS build contains no analytics or crash-reporting SDKs.
CVOsc exists for one purpose only.
CVOsc is a multichannel oscilloscope app for inspecting, recording, and playing back Control Voltage (CV) and audio-rate signals from a USB audio interface.
It helps musicians, Eurorack and modular synth users, and engineers visualize signals from any DC offset enabled soundcard, detect pitch in real time, and capture recordings for later reference or playback. The app does not analyze your behavior, build a profile, or perform any activity unrelated to signal capture, visualization, and playback.
What we collect, transmit, and store — in plain English.
No personally identifiable information. CVOsc does not collect your name, email, contacts, precise location, browsing history, authentication credentials, financial data, health information, or communications. The Android build collects anonymous diagnostic and aggregate usage data via Firebase — see the Google Play Data Safety section below.
Audio never leaves your device. Samples captured from your interface are processed and stored locally only. The Android build transmits anonymous crash reports and aggregate usage events to Google's Firebase servers (Analytics and Crashlytics). The iOS / iPadOS build performs no network transmission for app functionality.
On your device only: your recordings (per-channel audio files and JSON sidecars), channel scaling preferences, and UI settings. This data lives in the app's sandboxed storage and is retained until you delete it from within the app or uninstall the app, at which point it is removed by the operating system.
We do not sell user data and we do not share user data with third parties for advertising, credit assessment, or any purpose unrelated to the app. Firebase Analytics and Crashlytics data on the Android build is processed by Google acting as our service provider under the Firebase Data Processing and Security Terms; we do not use it for advertising and we have not enabled Google Signals or ads personalization.
Each permission CVOsc requests on iOS, iPadOS, and Android, and why it is required for the app to function.
iOS / iPadOS (NSMicrophoneUsageDescription) and Android (android.permission.RECORD_AUDIO) both group USB audio class input under the microphone permission. CVOsc requires this permission to read samples from the connected USB audio interface — that is the app's core function. It is not used for the built-in microphone in any non-obvious way; the signal chain is simply whatever audio device you have routed as input.
Declared as android.hardware.usb.host (not required). Allows CVOsc to enumerate a connected USB audio class interface (a DC offset enabled soundcard). The manifest includes a USB_DEVICE_ATTACHED intent filter so Android can offer to open CVOsc when a supported interface is plugged in. No USB data is ever forwarded off the device.
Recordings and settings are written to the app's sandboxed storage — the Documents directory on iOS / iPadOS and scoped app storage on Android. No cloud storage, no shared folders, no access to other apps' data. Files remain on the device until you delete them or uninstall the app.
The Android build uses Google Play Billing to unlock two optional features: the Tuner and Record/Playback. Purchases are processed entirely by Google Play — we never see your payment information. The only thing CVOsc receives from the Billing library is a boolean indicating whether you own each product. Entitlement state is stored locally; no account is created.
CVOsc's audio engine performs no network requests. The Android build embeds three Google client libraries that talk to Google's servers on its behalf: Google Play Billing (entitlement checks), Firebase Analytics (aggregate usage), and Firebase Crashlytics (crash reports). All three use HTTPS. No remote configuration, A/B testing, advertising SDK, or third-party analytics is embedded. The iOS / iPadOS build performs no network requests at all.
CVOsc does not execute remote code. The app contains no dynamic module loading, no remotely hosted scripts, and no runtime evaluation of downloaded payloads. All Swift and Kotlin code is bundled inside the app binary reviewed by the App Store and Google Play.
CVOsc uses the standard audio-session modes on each platform (AVAudioSession.Mode.measurement on iOS / iPadOS, AudioRecord / AudioTrack on Android) only while you have the app in the foreground and capture or playback is active. There is no background recording when the app isn't in use.
The data the Android build of CVOsc collects, why, and how it is handled — mirroring the Data Safety form in the Google Play Console. This section applies to the Android build only; the iOS / iPadOS build collects nothing.
The Android build embeds Firebase Analytics and Firebase Crashlytics (Google LLC). The data types below are collected automatically by these SDKs. CVOsc does not log custom events, set user IDs, or attach user properties beyond the SDK defaults.
| Data type | Category | Purpose | Required? | Source |
|---|---|---|---|---|
| Crash logs | App info and performance | Analytics, App functionality | Required | Crashlytics |
| Diagnostics | App info and performance | Analytics, App functionality | Required | Crashlytics, Analytics |
| Other app performance data | App info and performance | Analytics | Required | Analytics |
| App interactions | App activity | Analytics | Required | Analytics (auto-collected events: first_open, session_start, screen_view, app_update) |
| Device or other IDs | Device or other IDs | Analytics | Required | Firebase Installation ID (Crashlytics), App Instance ID (Analytics) |
For clarity, the following Data Safety categories are not collected by CVOsc: personal info (name, email, phone, address, identifiers tied to a real person), financial info, health and fitness, messages, photos, videos, audio recordings (your CV/audio captures stay on your device), files and docs, calendar, contacts, web browsing history, search history, installed apps, precise location.
Our certification under the App Store Review Guidelines and Google Play Developer Program Policies.
We certify that CVOsc's data usage complies with the Apple App Store Review Guidelines (including the App Privacy Details requirements) and the Google Play Developer Program Policies (including the User Data policy, the SDK policy, and the Families policy). Specifically:
The data controller responsible for CVOsc is Aleph Void LLC. We do not operate any servers that store user data. The Android build's Firebase Analytics and Crashlytics data is processed by Google LLC on our behalf as a data processor under the Firebase Data Processing and Security Terms. Aleph Void LLC remains the publisher accountable for this policy.
CVOsc is a tool for musicians, audio engineers, and Eurorack / modular synth users. It is not directed at children under the age of 13 (or under 16 in jurisdictions where that is the applicable age). We do not knowingly collect personal information from children. Because the app does not collect any personal information from any user, no special handling for children's data is required.
Privacy laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA) grant users rights including access, correction, deletion, portability, and the right to object to processing of their personal data.
Because CVOsc does not collect direct identifiers (name, email, account ID, government ID, device-level advertising ID) and does not sell or share user data, the personal data we hold about you is limited to the pseudonymous Firebase identifiers and aggregate event data described in the Google Play Data Safety section above (Android build only). All recordings, channel settings, and UI preferences are stored locally on your own device, and you can view, edit, or delete them from within the app, from the system file manager, or by uninstalling the app. To request access, correction, export, or deletion of the Firebase data tied to your installation, email privacy@alephvoid.com; we will respond within 30 days.
We do not "sell" or "share" personal information as those terms are defined under the CCPA/CPRA.
We may update this privacy policy from time to time, for example to reflect changes to the app's functionality, requested permissions, or applicable law. When we do, we will update the "Effective date" and "Last updated" fields below and post the revised policy at this URL. For material changes, we will additionally note the change in the release notes for the corresponding version of the app on the App Store and Google Play listings. Your continued use of the app after a revised policy takes effect constitutes acceptance of the updated policy.
Questions, concerns, or reports about this privacy policy can be sent to privacy@alephvoid.com or filed as a public issue on our GitHub repository. See also our Support page.
Effective date: May 2, 2026
Last updated: May 2, 2026