Privacy Policy

Last updated: 10/26/2025

Introduction

This Privacy Policy explains how EzTranscribe ("the App", "we") processes personal data when accounts are created and when audio files are uploaded for machine transcription and translation via OpenAI APIs, in line with GDPR transparency obligations. The App is the controller for account and service data; OpenAI acts as our processor for transcription/translation under an Article 28 Data Processing Addendum (DPA).

Controller and Contacts

  • Controller: EzTranscribe.
  • Contact for privacy requests: (info@eztranscribe.com).

Categories of Data

  • Account data: Email, password hash, profile settings, subscription/billing identifiers if applicable.
  • Usage/technical data: IP address, device/browser data, timestamps, error logs for security and fraud prevention.
  • User content: Uploaded audio for processing and resulting text output; audio is handled transiently and not stored beyond technical necessity on EzTranscribe servers.
  • Support data: Communications and related metadata for customer support.

Purposes and Lawful Bases

  • Account creation, authentication, and core service delivery (transcription/translation): performance of a contract, Art. 6(1)(b) GDPR.
  • Security, abuse prevention, and service integrity (e.g., rate limiting, anomaly detection): legitimate interests, Art. 6(1)(f) GDPR, balanced against rights.
  • Compliance with legal obligations (e.g., tax/records if paid plans): Art. 6(1)(c) GDPR.
  • Optional product updates/marketing (where applicable): consent, Art. 6(1)(a) GDPR, with withdrawal at any time.

Processors and Third Parties

  • OpenAI (processor): Transcription and translation are performed via OpenAI's API under a DPA; OpenAI processes data per our instructions and implements security measures outlined in its policies. For API services, OpenAI states business/enterprise API data is not used to train models by default; see OpenAI data-use documentation and enterprise privacy posture.
  • Other service providers: Hosting, authentication, payments, analytics as necessary, each bound by Art. 28 GDPR terms and confidentiality.

International Data Transfers

If personal data is transferred outside the EEA/UK, appropriate safeguards (e.g., EU Standard Contractual Clauses and supplementary measures) are applied consistent with GDPR Arts. 44–49 when engaging OpenAI and other processors.

Data Minimization and Storage

  • Audio files: Not stored on EzTranscribe servers; retained only transiently for processing before deletion post-processing completion.
  • Transcripts/translations: Stored in the user account only as needed to provide the service; deleted on account deletion or upon request unless retention is legally required.
  • Logs/security data: Retained for a limited, proportionate period for security and compliance, then deleted or anonymized.

Retention

Personal data is kept only as long as necessary for stated purposes or to meet legal obligations; defined schedules cover account data (life of account), support communications (time-limited), and security logs (short-term).

Data Subject Rights

Individuals have rights of access, rectification, erasure, restriction, portability, and objection, and may withdraw consent at any time without affecting prior processing; requests can be submitted via the contact provided. There is also a right to lodge a complaint with a supervisory authority (e.g., Bavarian DPA for Bavaria).

Account Deletion

On account deletion, all personal data associated with the account (including stored transcripts/translations and settings) is removed from active systems and from backups within a defined period, subject to data retained to comply with legal obligations.

Security

EzTranscribe implements technical and organizational measures such as encryption in transit/at rest, access controls, and least-privilege administration; OpenAI documents enterprise security and privacy controls, with encryption and segregated processing under its DPA and enterprise policies.

Children's Data

EzTranscribe is not directed to children under the age defined by applicable law; accounts must be created by individuals with capacity to consent.

OpenAI Policies and Your Data

Use of OpenAI APIs is subject to OpenAI's privacy policy, DPA, and usage policies; OpenAI explains how service data may be used and provides opt-outs and enterprise controls that limit training usage, particularly for API/enterprise contexts.

Changes to this Policy

Material changes will be communicated in-app or by email with an effective date; continued use after changes indicates acceptance.