Skip to main content
← Back to Transkripsie

Privacy Policy

Last updated: April 24, 2026

1. Who we are

Transkripsie, Inc. (“Transkripsie”, “we”, “us”, or “our”) is a Delaware C-corporation that operates the transcription and meeting-intelligence service at https://transkripsie.com, along with our macOS app, iOS app, Chrome extension, and meeting bot that joins Google Meet, Zoom, Microsoft Teams, and Webex calls (collectively, the “Service”).

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over it. For privacy questions or to exercise your rights, contact privacy@transkripsie.com.

2. What information we collect

Account information

  • Name and email address.
  • Hashed password (bcrypt) and, if you enable them, WebAuthn passkey credentials and MFA secrets.
  • Login timestamps and authentication session metadata.

Content you provide

  • Audio and video files you upload or record.
  • Recordings captured by our meeting bot when you invite it to a call.
  • Transcripts, speaker labels, notes, and AI-generated summaries derived from that content.
  • Voice biometric embeddings (“voiceprints”) — only if you opt in to speaker identification (see Section 6).

Device and usage data

  • IP address, browser or app version, operating system, and device identifiers.
  • Service usage events (uploads, transcriptions started, features used) for product analytics and abuse prevention.
  • Diagnostic logs and error reports.

Optional integrations

  • If you connect Google Calendar, we receive event metadata (title, time, attendees, conferencing link) so the bot can join scheduled meetings.
  • If billing is active for your account, payment metadata is handled by Stripe; we do not store full card numbers.

3. How we use information

  • To provide transcription, diarisation, and summarisation of your recordings.
  • To dispatch the meeting bot to calls you schedule and to deliver the resulting transcript and summary to you.
  • To authenticate you, secure your account, prevent fraud and abuse, and enforce our Terms of Service.
  • To provide customer support and respond to your requests.
  • To send transactional email about your account (receipts, security alerts, product changes).
  • To monitor service health, debug issues, and improve product performance.
  • To comply with legal obligations and to establish, exercise, or defend legal claims.

We do not sell your personal information, and we do not use your audio, transcripts, or summaries to train third-party or general-purpose AI models.

4. Lawful bases (GDPR users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on these legal bases:

  • Contract (Art. 6(1)(b) GDPR) — to provide the Service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, product analytics, and direct communications about the Service. Our interests are balanced against your rights.
  • Consent (Art. 6(1)(a) and Art. 9(2)(a) for biometric data) — for voiceprint extraction, Google Calendar integration, and any optional features that ask you to opt in. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable law and lawful requests from authorities.

5. Sharing and sub-processors

We share personal data only with vetted service providers who help us run the Service under written contracts that require appropriate confidentiality and security measures (including EU Standard Contractual Clauses where required). The current list, with purpose, location, and data shared, is published at /sub-processors.

Our current sub-processors include:

  • Hetzner Online GmbH (Germany / Ashburn, VA) — primary application hosting and storage.
  • Recall.ai, Inc. (USA) — meeting bot infrastructure.
  • Third-party speech recognition engine (US-based) — converting audio to text.
  • OpenRouter, Inc. (USA) — AI summary generation.
  • Zoho Corporation (India / Netherlands) — transactional email delivery.
  • Google LLC (USA) — Google Calendar integration, only for users who connect a Google account.
  • Backblaze, Inc. (USA) — encrypted off-site backups.
  • Stripe, Inc. (USA) — payment processing, when billing is enabled on your account.

We may also disclose information when required by valid legal process, to protect our rights or the safety of others, or in connection with a corporate transaction such as a merger, acquisition, or asset sale (in which case we will notify you of any change in ownership or use of your personal data).

6. Voice biometrics (voiceprints)

Voiceprints are mathematical embeddings that allow the Service to recognise individual speakers across recordings. We extract them only if you affirmatively opt in to speaker identification in your account settings. If you do not opt in, no voiceprint is created.

  • Voiceprints are stored encrypted and bound to your account.
  • You may turn the feature off at any time. When you do, all voiceprints associated with your account are deleted immediately.
  • Illinois residents: Because of the Illinois Biometric Information Privacy Act (BIPA), the speaker-identification feature is not available to Illinois users at this time, and we will not extract or store voiceprints for accounts identified as Illinois-based.

7. Recordings and consent

When you record, upload, or invite our meeting bot to a call, you may capture the voices and statements of other people. With respect to those third-party voices, you are the data controller and Transkripsie is your processor. You are solely responsible for providing all notices and obtaining all consents required by applicable law — including the federal Electronic Communications Privacy Act (ECPA), the California Invasion of Privacy Act (CIPA), the Illinois Biometric Information Privacy Act (BIPA), and the laws of any other all-party or two-party consent jurisdiction in which a recording subject is located.

When the meeting bot joins a call, it announces its presence in the meeting chat. Participants who remain in the meeting after that announcement are deemed to consent to recording and transcription. This in-meeting notice does not, by itself, satisfy every legal requirement in every jurisdiction; you remain responsible for any additional notices or consents required.

If a recording subject contacts us directly with a deletion or access request, we will refer them to you as the controller and reasonably assist you in responding.

8. International data transfers

We are based in the United States and the Service is operated primarily from the US and the European Union (Hetzner Ashburn, VA and Hetzner Germany). Your personal data may be transferred to, stored in, or processed in the United States and other countries where we or our sub-processors operate.

  • For transfers of personal data out of the EEA or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (2021/914).
  • For transfers out of the United Kingdom, we rely on the UK International Data Transfer Addendum to the SCCs.
  • Where appropriate, we apply supplementary technical and organisational measures (encryption in transit and at rest, access controls, audit logging).

9. Data retention

  • Account data: retained while your account is active and for 30 days after deletion (a soft-delete window during which you can recover the account); permanently purged thereafter.
  • Recordings, transcripts, and summaries: retained until you delete them individually or delete your account.
  • Voiceprints: deleted immediately when you opt out of speaker identification or delete your account.
  • Backups: rotated on a 30-day cycle; deleted content disappears from backups within that window.
  • Operational and security logs: retained for 90 days, then deleted or anonymised.
  • Billing records: retained as required by tax and accounting law (typically 7 years).

10. Security

We apply industry-standard technical and organisational measures to protect your data, including:

  • TLS 1.2 or higher for all data in transit.
  • Encryption at rest for audio and transcripts.
  • Bcrypt password hashing; JWT-based authentication; optional WebAuthn passkeys and multi-factor authentication.
  • Rate limiting, abuse detection, and audit logs of administrative actions.
  • Principle of least privilege for staff access; access is logged and reviewed.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to security@transkripsie.com.

11. Cookies and tracking

We use only strictly necessary cookies and equivalent local storage to operate the Service: an authentication session token (JWT in localStorage), a CSRF token, and a rate-limit fingerprint. We do not currently use tracking cookies, advertising cookies, or third-party analytics scripts. If we adopt analytics or other non-essential storage in the future, we will update this policy and present a consent banner where required.

12. Your rights

12.1 All users

Regardless of where you live, you can:

  • Delete your account using the “Delete account” button in Settings, or by emailing privacy@transkripsie.com.
  • Export your data using the “Download my data” button in Settings, or by email request.
  • Correct your account information in Settings.
  • Object to specific processing activities by contacting us.

We respond to verified requests within 30 days. We verify requests by sending a confirmation email to the address on file; for sensitive requests we may ask for additional information to confirm your identity.

12.2 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know the categories and specific pieces of personal information we collect, use, and disclose about you.
  • Request deletion of your personal information, subject to legal exceptions.
  • Request correction of inaccurate personal information.
  • Opt out of the “sale” or “sharing” of personal information — we do not sell or share personal information as those terms are defined under the CPRA, and we do not engage in cross-context behavioural advertising.
  • Limit the use of sensitive personal information — voiceprints are sensitive personal information and are processed only with your opt-in consent.
  • Be free from retaliation for exercising any of these rights.

You may submit a request through the in-app controls or by emailing privacy@transkripsie.com. You may use an authorised agent; we will request written authorisation and verify your identity.

12.3 EU, UK, and Swiss residents (GDPR / UK GDPR)

If you are in the EEA, the UK, or Switzerland, you have the right to:

  • Access the personal data we hold about you and receive a copy in a portable format.
  • Rectify inaccurate or incomplete personal data.
  • Erase your personal data (“right to be forgotten”).
  • Restrict or object to certain processing, including processing based on legitimate interests.
  • Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Lodge a complaint with your local supervisory authority. In the UK, that is the Information Commissioner’s Office (ICO).

For the purposes of GDPR, the controller of your account data is Transkripsie, Inc. For third-party voices captured in your recordings, you are the controller and Transkripsie is your processor (see Section 7).

13. Children

The Service is not directed to, and we do not knowingly collect personal information from, anyone under the age of 16. If you believe a child under 16 has provided us with personal information, contact privacy@transkripsie.com and we will promptly delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes that affect how we use your personal data, we will notify you by email or through an in-app notice before the change takes effect.

15. Contact

Transkripsie, Inc.— a Delaware C-corporation.