Privacy Policy

1. Distributed privacy architecture

Unlike traditional transcription services, ScribeChrono uses a hybrid edge processing architecture.

Your original files stay with you

When you use the Service, initial processing of complex media (such as large videos) runs locally in your web browser memory.

Data minimization

Only the extracted, highly compressed, anonymized audio stream is sent to our servers for speech-to-text. Your original video files are never uploaded, stored, or analyzed on our servers.

2. Data we collect

To perform our contractual obligations and provide the Service, we process the following categories:

1. Account and billing data — email address, encrypted credentials, payment information (processed securely by PCI-DSS compliant providers, not stored on our servers).
2. Transcription data (ephemeral) — extracted audio streams required for transcription and resulting text.
3. Technical and usage data — anonymized IP address, browser type, error logs, and performance metrics for security and optimization only.

3. How we use data (purposes and legal bases)

We process personal data only on the following legal bases (GDPR Article 6):

• Contract performance — providing transcription, account management, and customer support.
• Legitimate interest — securing infrastructure against fraud and abuse, improving technical performance.
• Legal obligation — accounting and tax requirements.

Firm commitment: ScribeChrono does not sell, rent, or commercialize your personal data or transcribed content to third parties under any circumstances.

4. Sharing and subprocessors (zero data retention)

To deliver fast service, we use cloud infrastructure and natural language processing (AI) models operated by certified subprocessors.

Zero data retention (ZDR)

Our AI infrastructure partners are bound by strict data processing agreements (DPAs). Audio streams sent for speech recognition are purged immediately after processing.

No model training

Your data (audio streams and transcripts) are never used to train, improve, or fine-tune AI models—neither by ScribeChrono nor by our subprocessors.

5. International data transfers

ScribeChrono operates globally. For users in the European Economic Area (EEA) or United Kingdom, transfers to third countries (including the United States) rely on appropriate safeguards, including:

• European Commission Standard Contractual Clauses (SCCs);
• the EU–US Data Privacy Framework or equivalent adequate certification mechanisms.

6. Security and retention

Encryption

All data in transit between your device and our infrastructure is protected with industry-standard protocols (TLS 1.3). Data at rest is encrypted with AES-256.

Retention period

• Transcription history is kept while your account is active.
• You may permanently delete a transcript from your dashboard.
• If you delete your account, associated text and streams are removed from our databases within 30 days (including backup purges).

7. Your rights (GDPR, CCPA, LGPD)

Depending on your jurisdiction, you may have the following rights:

• Access and portability — obtain a copy of data we hold about you.
• Rectification and erasure — correct inaccurate data or request permanent account deletion.
• Restriction and objection — limit or object to certain processing.
• California residents (CCPA) — right to know what data is collected; ScribeChrono does not “sell” your data (Do Not Sell).

We will respond to requests within the statutory 30-day period.

8. Children

The Service is not intended for anyone under thirteen (13) years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect data from minors. If such processing is discovered, the data will be deleted immediately.

9. Contact and data protection

For questions about this policy, our security practices, or to exercise your legal rights:

• Email: privacy@scribechrono.com
• Suggested subject line: “Data protection / GDPR request”