我可以上传哪些文件格式进行有声读物转换？

Tontaube 支持 PDF、TXT、DOCX、EPUB 和其他流行的文档格式。我们的人工智能会处理这些文件以提取文本，从而进行高质量的音频转换。

生成内容的积分系统如何运作？

积分是我们应用内用于文本转语音和语音克隆的货币。定价取决于文本处理和语音选择。预计每小时音频的费用相当于 0.20 美元至 2 美元。

我可以将我的有声读物用于商业用途吗？

是的！您保留全部权利。从您自己的文本创建的有声读物可以下载、商业使用或在其他地方发布，不受任何限制。

什么是人工智能文本优化？

我们可选的人工智能增强功能使用人工智能模型优化文本以适应音频，通过删除元数据和格式化标题来改善听觉流畅性。

语音克隆如何工作？

通过提供一个简短的音频样本，Tontaube 会创建您声音的数字克隆。然后您可以使用此声音来朗读任何文档或书籍。您的声音将保持私密，并且只有您可以访问它。

What file formats can I upload for audiobook conversion?

Tontaube supports PDF, TXT, DOCX, EPUB, and other popular document formats. Our AI processes these files to extract text for high-quality audio conversion.

How does the credit system work for generation?

Credits are our in-app currency for text-to-speech and cloning. Pricing depends on text processing and voice selection. Expect an equivalent of $0.20-$2 per hour of audio.

Can I use my audiobooks commercially?

Yes! You retain full rights. Audiobooks created from your own texts can be downloaded, used commercially, or published elsewhere without restrictions.

What is AI text optimization?

Our optional AI enhancement uses AI models to optimize text for audio by removing metadata and formatting headers for a better listening flow.

How does Voice Cloning work?

By providing a short audio sample, Tontaube creates a digital clone of your voice. You can then use this voice to narrate any document or book. Your voice will stay private and only you have access to it.

Tontaube | Text to Speech, AI Voices & Voice Cloning for Audiobooks

Books Voice Studio

English Deutsch Español Français Italiano Português Русский हिन्दी 中文 العربية

Privacy Policy for Tontaube

Version: 8. September 2025

We, Cremer & Cremer Technologies UG (haftungsbeschränkt), located in Berlin, Germany, take the protection of your personal data seriously. This Privacy Policy informs you how we collect, process, and protect your data in connection with the use of our app Tontaube and its related services (“Services”). The processing is carried out in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

In this Privacy Policy, we use the term “Personal Data” as defined by the GDPR, meaning any data that is or can be potentially attributed to an identifiable individual.

1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is our Data Protection Officer. If you have any questions about data protection, you can contact them at the following email address:

Jonathan Cremer
Herderstraße 22, 12163 Berlin, Deutschland
data-protection@craitech.io

2. Legal Bases for Processing

We base every processing of your personal data on one of the following legal bases of the GDPR (Art. 6):

Contract — Art. 6(1)(b) Necessary to fulfill the user agreement and to provide you with the app’s features.
Consent — Art. 6(1)(a) Applies to voluntary features such as newsletters or optional statistics. You can withdraw your consent at any time in the settings.
Legitimate Interest — Art. 6(1)(f) Serves security purposes (abuse and fraud prevention), product improvement, and internal analysis, provided your interests do not override ours.
Legal Obligation — Art. 6(1)(c) Required to comply with tax and commercial law retention obligations, as well as other legal requirements.

This overview shows why we process your data; the following sections specify which data is covered and for what purpose it is used.

3. Categories of Personal Data We Collect

(a) Data provided by You

Category	Examples
Registration Data	Username / Pseudonym, email address, password hash, confirmation of legal age (if required)
Payment Data	Transaction ID, plan, payment status (via App Store, Google Play, or direct billing)
Content	Uploaded text, image, or PDF files
Voice Cloning	A short voice recording to create a personal synthetic voice. Stored encrypted and linked exclusively to your account. You can delete it at any time in the app.
Communication & Feedback	Support requests, error reports, feature requests
Verification Data (optional)	ID or address proof, if identity verification is necessary

(b) Automatically Collected Data

Category	Examples
App Interactions	Clicked buttons, viewed screens, timestamps
Generated Content	Audio texts, EPUB files
Content Organization	Playlists, listening progress, bookmarks, reading progress
Device Information	IP address (log storage max. 30 days), operating system, device model, app version
Diagnostic Data	Crash logs, performance metrics

(c) Data from Third-Party Sources

Source	What we receive
Payment Service Providers (e.g., Stripe) & App Marketplaces (Apple App Store, Google Play Store)	Confirmation of successful payments (Transaction ID, status), information on subscriptions, chargebacks
Authentication Providers	Name, email, avatar image, token (for Apple/Google login)

4. Purposes of Processing and Legal Bases

Purpose	Description	Legal Basis (Art. 6 GDPR)
Provision of Services	Create account, login, generate audio texts	lit. b
Payment Processing	Process purchases, create invoices, tax archiving	lit. b and lit. c
Voice Cloning & Audio Text Generation	Analyze uploaded texts/audio, create synthetic audios	lit. a – Consent; lit. b
Content Organization, Progress Saving	Save playlists, listening progress, and bookmarks	lit. b
Personalization & UX Optimization	Save preferences, in-app suggestions	lit. f
Security & Fraud Prevention	Analyze log/device data, IP logs	lit. f; where applicable lit. c
Customer Support & Communication	Respond to your inquiries, product notices	lit. b; lit. f
Error Analysis & Product Improvement	Crash reports, usage statistics	lit. f
Marketing Communication (optional)	Newsletters, surveys	lit. a – Consent

When we rely on legitimate interest (lit. f), you can object to the processing at any time (see “Your Rights”).

5. Recipients of Your Data

Service Provider	Location / Data Centers	Purpose	Guarantees
Google Cloud Platform & Firebase (Google Ireland Ltd.)	EU / worldwide	Hosting, database, file storage, push services, AI-powered Text-to-Speech & document conversion	DPA + DPF / SCCs
Cloudflare Inc.	USA / worldwide	Request routing, DDoS protection, blocking suspicious requests	DPA + DPF / SCCs
Google Analytics 4 (Google Ireland Ltd.)	EU / USA	Reach measurement, app statistics (no ads remarketing activated)	DPA + DPF / SCCs
OpenAI API (OpenAI Ireland Ltd. / OpenAI LLC)	EU / USA	AI-powered text and audio processing (zero-retention mode)	DPA + SCCs
RunPod Inc.	EU region (Frankfurt) / worldwide	Temporary GPU computing power for AI calculations	DPA + SCCs

All of the above-mentioned processors process personal data exclusively according to our instructions and are contractually bound to confidentiality and to appropriate technical and organizational measures (Art. 28(3) GDPR).

5.2 Independent Controllers

Recipient	Purpose	Legal Basis
Stripe Payments Europe Ltd.	Payment processing, fraud and money laundering prevention, legal accounting	Contract (Art. 6(1)(b)), legal obligation (lit. c)
Google AdMob & Google Advertising Partners	Display of (non-)personalized in-app advertising	Consent (Art. 6(1)(a)) via CMP
Apple Distribution International Ltd. (for users in Europe)	Processing of in-app purchases and subscriptions via the Apple App Store; providing purchase confirmations to us.	Contract (Art. 6(1)(b))
Google Commerce Limited (for users in Europe)	Processing of in-app purchases and subscriptions via the Google Play Store; providing purchase confirmations to us.	Contract (Art. 6(1)(b))

If you consent to personalized advertising, Google AdMob will have access to your device ID and app interactions. You can withdraw this consent at any time in the app settings. Stripe, Apple, and Google process certain transaction and risk data independently to fulfill their regulatory obligations.

5.3 Other Recipients

Other users – only upon your express instruction (e.g., when sharing your own texts/audio texts).
Authorities / Courts – exclusively when legally required or for the enforcement of rights.
Successors in the context of a merger, acquisition, or similar transaction.

6. International Data Transfer

Some of the mentioned service providers operate servers in third countries, particularly in the USA. The transfer of personal data only occurs if one of the following protective measures is in place:

Standard Contractual Clauses (SCCs) of the EU Commission (Art. 46(2)(c) GDPR).
EU–US Data Privacy Framework (DPF) for certified US companies (e.g., Google LLC, Cloudflare Inc., Stripe Inc.).
Additional technical and organizational measures such as end-to-end encryption, regional data storage, access restrictions, and pseudonymization.

Copies of the SCCs or proof of DPF certification are available upon request at data-protection@craitech.io. Please note that US authorities may be legally authorized to access data stored there; we take appropriate measures to ensure the protection of your data in such cases as well.

7. Storage Period

Data Type	Purpose	Retention Period	Deletion/Anonymization Criterion
Registration & Account Data	Provision of services (user agreement)	Until account deletion + 14 days	Automated deletion from production systems 14 days after account deletion, or immediately upon explicit request via email.
Voice sample (voice cloning)	Creation of a personal synthetic voice	Until you delete it or your account is deleted	Immediate removal following in-app deletion
Profile Data / Preferences	Personalized UX	Concurrent with account data	See above
Payment & Invoice Documents	Legal retention, bookkeeping	10 years	Deletion after the expiration of the commercial and tax law period (§ 257 HGB, § 147 AO).
Business & Support Correspondence	Contract fulfillment, proof obligations	6 years	Deletion after the expiration of the commercial law retention period (§ 257 HGB).
IP Log Files & Security Logs	IT security, abuse prevention	30 days	Automatic rotation/anonymization jobs; longer storage only in case of security-relevant incidents.
Error & Performance Logs	Error analysis, product improvement	90 days (pseudonymized)	Fully anonymized statistics may be retained indefinitely.
Legally Relevant Documents in Case of Disputes	Assertion/defense of claims	Until the conclusion of the proceedings + 3 years (statutory limitation period)	Deletion after case closure or expiration of the limitation period.
Backup Datasets	Data recovery	30 days	Ring backup, automatic overwriting.

Unless legal obligations prevent it, we will also delete or anonymize data earlier if you request it.

8. Cookies

We do not currently use cookies or similar tracking technologies that would require consent.

9. Your Rights

As a data subject, you have the following rights under the GDPR:

Right of access (Art. 15 GDPR) – You can request a copy of your stored personal data.
Right to rectification (Art. 16 GDPR) – You can have incorrect or incomplete data corrected.
Right to erasure (‘right to be forgotten’, Art. 17 GDPR) – You can request that your data be deleted, provided no legal retention obligations prevent it.
Right to restriction of processing (Art. 18 GDPR) – You can restrict the processing of your data under certain conditions.
Right to data portability (Art. 20 GDPR) – You have the right to receive your data in a machine-readable format.
Right to object (Art. 21 GDPR) – You can object to the processing of your data if it is based on legitimate interest.
Right to withdraw consent (Art. 7(3) GDPR) – If you have given consent for data processing, you can withdraw it at any time with future effect.

If you believe that the processing of your personal data violates the GDPR, you can contact a data protection supervisory authority. This can be the authority responsible for your place of residence or the supervisory authority responsible for us:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Alt-Moabit 59–61 10555 Berlin Website: https://www.datenschutz-berlin.de

Alternatively, you can file a complaint with the data protection authority responsible for your place of residence.

To exercise your rights, please contact us at data-protection@craitech.io.

10. Automated Decision-Making

10.1 No Decisions with Legal or Similar Significant Effect

We do not make exclusively automated decisions that produce legal effects concerning you or similarly significantly affect you (Art. 22(1) GDPR).

10.2 Profiling for Advertising and Analytical Purposes

However, we use automated procedures to create pseudonymous usage and advertising profiles (“profiling” within the meaning of Art. 4 No. 4 GDPR):

Personalized Advertising (Google AdMob) Your device ID/Ad-ID, app interactions and – if shared – demographic characteristics are processed by Google to tailor ads to your presumed interests.
Reach Analysis (Google Analytics 4) For app optimization, we collect pseudonymous usage profiles (e.g., session duration, interaction paths).

Legal Basis: Your consent (Art. 6(1)(a) GDPR) or our legitimate interest in app security and product improvement (Art. 6(1)(f) GDPR), where consent is not required.

Your Choices:

You can withdraw your consent at any time in the app settings.
You have the right to object to profiling at any time (Art. 21(1) GDPR). An informal notification to data-protection@craitech.io is sufficient.

The profiles are used exclusively for the stated purposes; we do not use them to make automated decisions with legal effect (e.g., credit or insurance decisions).

11. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to adapt it to legal or technical changes. Material changes will be published on our website, and we will inform you in the app or by email about significant changes where required. If consent is necessary, we will obtain it before you continue to use the Services. Changes take effect upon publication, unless otherwise specified.