Privacy Policy

We collect several categories of information depending on how you interact with the Service:

(a) Information You Provide to Us: When you create an account, we collect your name, email address, and password. If you subscribe to a paid plan, your payment information (credit card number, billing address) is collected and processed by our third-party payment processor, Creem — we do not store your full payment card details on our servers. You may optionally provide a profile picture, organization name, and preferred language settings.

(b) Audio and Content Data: When you use our transcription features, we process audio data from your microphone, system audio, or uploaded audio files (MP3, WAV, M4A, OGG, FLAC, WebM, MP4). This audio is transmitted to third-party speech recognition providers for real-time processing and is not persistently stored on our servers unless you explicitly enable cloud sync. The resulting transcriptions, translations, AI-generated summaries, and any notes you create constitute your "User Content."

(c) Usage Information: We automatically collect information about how you use the Service, including session timestamps, session duration, features used (transcription, translation, AI summarization, search, export), number of sessions created, file import activity, and interaction patterns.

(d) Device and Technical Information: We collect device identifiers, IP address, browser type and version, operating system, screen resolution, language preferences, and referring URLs.

(e) Information from Third-Party Services: If you sign in using Google or GitHub OAuth, we receive your name, email address, and profile picture from these providers. We do not access your contacts, calendar, or other data from these services beyond what is needed for authentication.

We use the information we collect for the following purposes:

(a) Providing and Operating the Service: Processing your audio for transcription and translation; generating AI summaries and key points; enabling search across your sessions; syncing your data across devices when cloud sync is enabled; and processing your subscription payments.

(b) Improving the Service: Analyzing aggregated usage patterns to identify bugs, improve performance, and develop new features. We may use de-identified and aggregated transcription data to evaluate and improve the accuracy of our transcription and translation pipelines. We do not use your identifiable audio recordings or User Content to train third-party AI models.

(c) Communication: Sending you transactional emails (account verification, password resets, payment receipts, subscription changes); service-related announcements (maintenance windows, security alerts, feature updates); and, with your consent, promotional communications about new features or offers. You can opt out of promotional emails at any time.

(d) Security and Fraud Prevention: Monitoring for suspicious activity, preventing unauthorized access, enforcing rate limits, and protecting against abuse of the Service.

(e) Legal Compliance: Complying with applicable laws, regulations, legal processes, or enforceable governmental requests; enforcing our Terms of Service; and protecting the rights, property, and safety of ScribeMate, our users, and the public.

ScribeMate employs a local-first architecture designed to give you maximum control over your data:

(a) Local Storage: By default, your transcriptions, translations, summaries, and session data are stored locally on your device using IndexedDB. This data remains entirely under your control and is not transmitted to our servers unless you choose to enable cloud sync.

(b) Cloud Sync: If you enable cloud sync, your data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 encryption. Cloud-synced data is stored on infrastructure provided by reputable cloud service providers (such as Amazon Web Services or Microsoft Azure) located in the United States.

(c) Audio Data: Audio streams sent for real-time transcription are processed by our speech recognition providers and are not stored by ScribeMate after the transcription is completed. Uploaded audio files for import processing are temporarily stored during processing and automatically deleted within 24 hours of processing completion.

(d) Security Measures: We implement industry-standard security practices including regular security audits, role-based access controls, encrypted database connections, rate limiting, and application-level monitoring. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

(e) Data Retention: We retain your account information for as long as your account is active. If you delete your account, we will delete or de-identify your Personal Information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements). Local data on your device is not affected by account deletion and remains under your control.

We do not sell your Personal Information. We may share your information in the following circumstances:

(a) Speech Recognition Providers: We transmit audio data to third-party speech recognition services (including Azure Cognitive Services and Google Cloud Speech-to-Text) for transcription processing. These providers process audio data according to their respective privacy policies and data processing agreements.

(b) Translation and AI Providers: Transcribed text may be sent to third-party translation services and AI/LLM providers (such as OpenAI, Anthropic, and others) for translation and summarization. We send only the text content necessary for processing.

(c) Payment Processor: Payment information is collected and processed by Creem. We do not have access to your full credit card number. Creem's handling of your payment data is governed by Creem's Privacy Policy.

(d) Analytics Providers: We use privacy-respecting analytics tools to understand Service usage patterns. These tools collect aggregated, non-personally-identifiable data.

(e) Legal Requirements: We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.

(f) Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website of any change in ownership or uses of your Personal Information.

(g) With Your Consent: We may share information with third parties when you have given us explicit consent to do so.

We use only essential and functional cookies on our website and Service:

(a) Session Token Cookie: Required for authentication and session management. The Service cannot function properly without this cookie.

(b) Language Preference Cookie: Stores your selected interface language so you don't have to choose it on each visit.

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. You can control cookies through your browser settings. Disabling the session cookie will prevent you from logging in. For more details, please see our Cookie Policy.

Depending on your location, you may have the following rights regarding your Personal Information:

(a) Access: You have the right to request a copy of the Personal Information we hold about you.

(b) Correction: You have the right to request correction of inaccurate or incomplete Personal Information.

(c) Deletion: You have the right to request deletion of your Personal Information. You can delete your account at any time from Settings, or contact us to request deletion.

(d) Data Portability: You have the right to receive your data in a structured, commonly used, machine-readable format. You can export all your data (transcriptions, translations, summaries) from Settings in TXT, Markdown, PDF, DOCX, or SRT formats at any time.

(e) Objection and Restriction: You have the right to object to or request restriction of certain processing of your Personal Information, particularly where processing is based on our legitimate interests.

(f) Withdraw Consent: Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

(g) Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

For EU/EEA Residents: You have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a data protection supervisory authority.

For California Residents: You have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what Personal Information is collected, the right to request deletion, and the right to opt out of the sale of Personal Information (which we do not engage in).

To exercise any of these rights, please contact us at privacy@scribemate.app. We will respond to your request within 30 days.

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. These countries may have data protection laws that are different from the laws of your country. When we transfer Personal Information from the European Economic Area, United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms.

The Service is not directed to children under the age of 13 (or under the age of 16 in the European Economic Area). We do not knowingly collect Personal Information from children under these ages. If you are a parent or guardian and believe that your child has provided us with Personal Information, please contact us at privacy@scribemate.app so that we can take steps to delete such information. If we become aware that we have collected Personal Information from a child under the applicable age without parental consent, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (sent to the email address associated with your account) or by posting a prominent notice on our website prior to the change becoming effective. We will also update the "Last updated" date at the top of this Policy. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@scribemate.app

We will endeavor to respond to all inquiries within 30 days.