TalkScribe

DRAFT - pending legal review

This document is a starter template that reflects TalkScribe's current technical posture. It has not yet been reviewed by qualified counsel and is not legally binding. We expect to publish a reviewed version before our first paid customer signup. If you need a binding agreement before then, contact hello@talkscribe.me.

Privacy Policy

What we do with your data, in plain language.

Last updated: May 2, 2026

Overview

TalkScribe is a voice-intelligence service that transcribes audio and produces structured artifacts (summaries, outlines, action items, key quotes). This Privacy Policy explains what data we collect, how we use it, and the choices you have. It applies to the TalkScribe website, dashboard, public REST API, and any other TalkScribe service.

Two things matter most:

  • Audio is processed in real time and not stored on TalkScribe's serversbeyond what's required to forward bytes to our speech-to-text provider during the transcription itself.
  • We do not use your transcripts, audio, or any customer content to train AI models- ours or any third party's.

What we collect

We collect three categories of information:

Account information

  • Email address - required for account creation and sign-in. Used to send magic-link sign-in emails and service notifications.
  • Display name - optional, set by you in settings.
  • Plan- which TalkScribe subscription tier (Trial, Starter, Pro, Business) you're on.
  • Custom vocabulary - the proper nouns and jargon you choose to bias transcription toward, if any.
  • Theme + save-history preferences - your dashboard settings.

Content you create

  • Audioyou record or upload, while it's being transcribed (see Audio handling below).
  • Transcripts - the text output of transcription, but only when you have save history turned on. Save history is OFF by default; with it off, transcripts stay in your browser and never reach our database.
  • AI-generated artifacts - polished transcripts, summaries, outlines, action items, and key quotes that you generate and save.

Operational data

  • Usage events - minutes transcribed per recording, for billing accuracy. Recorded regardless of save-history setting.
  • Trial fingerprint - for users without an account, a one-way SHA-256 hash of browser characteristics used to enforce the 30-minute free-trial budget. Not linked to any identity.
  • Standard server logs - IP address, user agent, request paths, timestamps. Used for security and operational troubleshooting; rotated on a short retention window.
  • Audit log (Business plan workspaces only) - significant administrative actions in your workspace, surfaced back to you via the audit-export endpoint.

How we use it

We use your data to:

  • Provide the TalkScribe service - transcription, polish, insights, exports.
  • Authenticate you and keep your account secure.
  • Bill you accurately for usage.
  • Send service notifications (e.g., sign-in links, billing receipts).
  • Detect, prevent, and respond to abuse and security incidents.
  • Comply with our legal obligations.

We do not sell your data. We do not share your data with advertising networks. We do not use your content to train AI models.

Audio handling

Audio handling is the part most users care about, so it gets its own section.

  • Live recording- your browser captures audio, chunks it (~3 seconds at a time), and streams those chunks to TalkScribe's server. We forward each chunk to our speech-to-text provider, receive the text, and discard the audio bytes. They are not written to persistent storage.
  • File upload - for files larger than the live-chunk window (e.g., podcast uploads), the file is briefly stored in our blob storage so the transcription job can fetch it. The blob is deleted automatically after transcription completes (within minutes).
  • Save history - only the resulting text is persisted, and only when you have save history enabled. The underlying audio is never persisted in any case.

AI and training

We use third-party AI models to transcribe audio and generate polished text and structured insights (summaries, outlines, action items, key quotes). Our agreements with these providers specifically prohibit them from training their models on your content.

TalkScribe itself does not train any AI model on your transcripts, audio, or other content. We do not have an in-house model training pipeline.

Subprocessors we share data with

We rely on a small number of trusted infrastructure providers to deliver the service. Each handles a specific narrow function:

SubprocessorPurposeData handled
VercelApplication hosting + blob storage for in-flight uploadsHTTP requests, audio uploads (transient)
NeonManaged PostgreSQL databaseAccount info, transcripts (when saved), usage events, audit logs
xAISpeech-to-text + LLM (polish + insights)Audio (transient), transcript text
ResendTransactional email (sign-in links, receipts)Email address, message content
Vercel KVRate-limit + cost-cap countersHashed identity, request counts

We'll update this list as our infrastructure changes. If you have a Data Processing Agreement (DPA) with us, we'll notify you of material subprocessor changes per the terms of that agreement.

Data retention

  • Account information - kept while your account is active. Deleted within 30 days of account closure (longer for legal-hold or fraud-investigation cases).
  • Transcripts you saved - kept until you delete them or close your account. Workspace owners on Business plans can configure a workspace-level retention period that auto-deletes older transcripts.
  • Audio (transient) - deleted within minutes of transcription completion.
  • Usage events - kept for billing reconciliation, rolled into aggregates after 24 months.
  • Server logs - rotated on a short window (typically 30 days) unless flagged for security investigation.
  • Audit logs (Business workspaces) - kept for the life of the workspace; cascaded to delete on workspace deletion. Owners can export the full log via the compliance-export endpoint before deletion.

Your rights

Depending on where you live, you may have rights under GDPR (European Economic Area, UK), CCPA / CPRA (California), or other privacy laws. These typically include:

  • The right to access the data we hold about you.
  • The right to correct inaccurate data.
  • The right to delete your data.
  • The right to export your data in a portable format.
  • The right to object to certain processing.
  • The right to lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at hello@talkscribe.me. We respond within 30 days.

We do not sell personal information and have not in the past 12 months. We do not knowingly process the personal information of California residents under 16 without consent.

Cookies and local storage

TalkScribe uses cookies and browser local storage for the following purposes:

  • Authentication- a session cookie keeps you signed in. Strictly necessary; the service doesn't function without it.
  • Theme preference - local storage remembers whether you chose dark or light mode.
  • Trial tracking - the trial fingerprint (a SHA-256 hash of browser characteristics) is held in memory and used to enforce the free-trial budget.

We do not use third-party advertising or analytics cookies.

Security

We protect your data with industry-standard practices:

  • All data is encrypted in transit (TLS 1.2+).
  • Database connections use TLS and require authentication.
  • Access to production systems is limited to authorized personnel and uses MFA.
  • API keys + webhook secrets are stored as SHA-256 hashes, not plaintext.
  • Webhooks are HMAC-SHA256-signed so receivers can verify authenticity.
  • Regular dependency updates and security patching.

No system is perfectly secure. If you suspect a vulnerability, please report it to hello@talkscribe.me.

Children

TalkScribe is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, contact us and we'll delete it.

International transfers

TalkScribe is operated from the United States and our infrastructure providers are based primarily in the US and EU. If you access the service from outside these regions, your data will be transferred to and processed in those regions. Where required by law (e.g., for EU/UK personal data), we use Standard Contractual Clauses or other recognized transfer mechanisms.

Changes to this policy

We may update this Privacy Policy as our service evolves. Material changes will be announced via email to active account holders and via a notice on the homepage at least 30 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.

Contact us

For privacy questions, data-rights requests, or anything else related to this policy, email hello@talkscribe.me.