Privacy Policy

We are the data controller for the personal information you provide directly to Transcribr. Where you upload audio or video that contains other people's personal information (such as interviewees, meeting attendees, or podcast guests), you are the controller of that information and we act as your data processor in handling it on your behalf.

You can reach our Privacy Officer at privacy@transcribr.net.

We collect three categories of information.

Account information. Your email address, display name, and (when you subscribe) billing identifiers held by our payment provider. We never see or store your full payment-card details — those are tokenised by Stripe.

Content you upload. Audio and video files, the transcripts we produce from them, speaker labels you edit, and AI-generated artefacts (show notes, chat history) tied to those transcripts.

Usage and technical information. Pages you visit, features you use, credit-debit history, IP address, browser/device metadata, and error reports. We collect this to keep the service running, debug problems, and bill correctly.

We may collect sensitive information within the meaning of the Privacy Act if it appears in audio you upload (for example, health, racial or ethnic origin, or political opinion discussed in an interview). By uploading such content you consent to us processing it for the limited purpose of transcribing and returning it to you.

The primary purpose of collection is to provide the transcription service you signed up for: turning audio into text, surfacing speaker labels, generating exports, and giving you a place to manage the result.

Related secondary purposes — fraud prevention, complying with our legal obligations, improving the service, and (where you've opted in) sending you product updates — are reasonably expected of an online service and consistent with the primary purpose.

We rely on the following lawful bases (relevant for GDPR users): performance of our contract with you, our legitimate interests in running and securing the service, your consent for optional features (e.g. AI generation, marketing email), and compliance with legal obligations such as tax record-keeping.

Your audio is sent to a third-party speech-to-text provider so it can be transcribed. We retain the original audio file according to your audio retention setting (default: 7 days; configurable to 1, 7, 30, 90 days, or “keep forever”). After that window the audio is deleted from our storage. The transcript text remains in your account until you delete it.

When you opt into AI features (Show Notes generation, Ask Your Transcript chat), the transcript text for that single transcription is sent to a third-party LLM provider so it can produce the requested output. The provider operates under a zero-data-retention policy: they do not persist or train models on your data.

We do not train AI models on your transcripts, and we do not authorise our service providers to do so. AI features are off by default for any new transcript and only run when you click the relevant button.

We disclose personal information to the following categories of recipient, and only to the extent necessary to deliver the service or to comply with the law:

• Speech-to-text provider (cloud-based, US): processes your audio to produce transcripts. Operates under a written agreement and a zero-retention policy.
• LLM provider (cloud-based, US, via OpenRouter): processes transcript text when you use AI features. Zero data retention.
• Payment processor (Stripe): processes subscription payments and manages tokenised payment methods.
• Email provider (Resend): sends magic-link sign-in emails and transactional notifications.
• Cloud storage provider (Cloudflare R2): stores audio files and generated artefacts.
• Hosting platform (Vercel): serves the application.
• Analytics and error monitoring: limited operational data only — never the contents of transcripts.
• Government, regulator or court: where we are required by Australian or applicable foreign law (for example, in response to a lawful subpoena or under our obligations to the Office of the Australian Information Commissioner).
• An acquirer, in the event of a merger, sale, or restructure of our business — under equivalent privacy commitments.

We do not sell your personal information.

Transcribr is based in Sydney, Australia, but our service providers are hosted in multiple regions, primarily the United States and (for Cloudflare R2) the customer-elected region. By using the service you acknowledge that personal information may be processed outside Australia.

As required by Australian Privacy Principle 8, we take reasonable steps before disclosing personal information overseas — including written agreements that bind our providers to standards substantially similar to the APPs and (for EU users) to Standard Contractual Clauses approved by the European Commission.

Where you are an enterprise customer with specific data-residency requirements, contact us about our Data Processing Agreement and region-pinning options.

We hold personal information using a combination of technical and organisational measures: TLS in transit, encryption at rest by our storage providers, access control on our administrative systems, audit logging on credit-affecting actions, and a principle of least privilege for staff.

No system is perfectly secure. If we become aware of an eligible data breach under the Australian Notifiable Data Breaches scheme, we will notify affected users and the Office of the Australian Information Commissioner without undue delay.

We retain personal information only as long as necessary for the purposes described above, or as required by law (for example, financial records under the Income Tax Assessment Act 1997).

Audio files follow your per-account retention setting (1–90 days or indefinite). Transcript text persists until you delete it. Account information is retained while your account is active and for a reasonable period after deletion to handle disputes and meet legal obligations.

Under the Australian Privacy Act, you have rights to:

• request access to the personal information we hold about you (APP 12);
• request correction of personal information that is inaccurate (APP 13);
• complain about a privacy issue and have it investigated (see Complaints below);
• be anonymous or use a pseudonym, where lawful and practicable.

We will respond to a verified request within a reasonable period (and within 30 days where APP 12 specifically applies). There is no charge for a typical request.

You can also export or delete your data directly from your account at any time.

If you are in the EU, EEA or UK, you additionally have rights to data portability, erasure (“right to be forgotten”), restriction of processing, and to object to processing based on legitimate interests. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

Our lawful bases are listed in section 3. You may lodge a complaint with your local supervisory authority — for example, the UK ICO at ico.org.uk or the relevant EU DPA — though we'd like to hear from you first so we can fix things directly.

For international transfers out of the EU/UK we rely on Standard Contractual Clauses and conduct transfer impact assessments where required.

California residents have the right to know what personal information we collect, the right to deletion, the right to correct inaccurate information, the right to opt-out of “sale” or “sharing” (we don't sell or share for cross-context behavioural advertising), and the right not to be discriminated against for exercising these rights.

To exercise any of these rights, email privacy@transcribr.net. We may need to verify your identity using account information you've already given us.

Transcribr is not directed at children under 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without parental consent, please contact us and we will delete it promptly.

We use a small number of essential cookies for authentication (your sign-in session) and to remember your preferences. We do not use third-party advertising cookies and do not participate in cross-context behavioural advertising.

Analytics. We use a privacy-friendly, self-hosted analytics service (Umami via analytics.vertial.com) to understand which pages are visited and how the product is used. This service does not set cookies, does not collect personal information, does not fingerprint devices, and does not share data with third parties. Aggregated visit counts are the only data we receive. We rely on legitimate interests under Art. 6(1)(f) GDPR for this processing; you may object at any time by emailing privacy@transcribr.net, in which case we will configure exclusion of your visits.

We may update this policy from time to time. The “last updated” date at the top reflects the most recent change. Material changes will be communicated by email to your account contact and surfaced inside the app before they take effect.

If you have a privacy complaint, email privacy@transcribr.net with the details. We will acknowledge your complaint within 5 business days and aim to respond substantively within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.