Privacy Policy

Data controller

TranscribeCat is operated by Klarweb in Oslo, Norway — a Norwegian-incorporated entity in the EEA. For GDPR purposes, Klarweb is the controller of personal data processed via transcribecat.com. Contact details are at the bottom of this page.

What we collect

We collect only what is necessary to provide the service:

• Account info — email address and name, provided via Clerk authentication (Google OAuth or email sign-up).
• Audio and video files — uploaded for transcription. You choose retention at upload time (instant on completion up to one year, default 90 days). Files are then deleted automatically.
• Transcripts — the text output of your transcriptions, stored until you delete them.
• Payment info — handled entirely by Stripe. We do not store your card details.
• Usage data — always-on (Plausible): page views, durations, file formats, aggregate event counts (upload-started, checkout-completed, transcript-downloaded). Plausible sets no cookies and uses no personal identifiers. Legal basis: legitimate interest, since no personal data is processed.
• Usage data — opt-in (Google Analytics 4): page views, session events, IP (anonymised). Loaded only with your explicit consent via the cookie banner. Legal basis: consent under Art. 6(1)(a) GDPR.
• Conversion data — opt-in (Google Ads): when you complete a paid checkout, we send Google a conversion event containing the Stripe session ID, the amount paid, and the currency. Loaded only with your explicit consent via the cookie banner. Legal basis: consent under Art. 6(1)(a) GDPR. You can withdraw consent at any time using the "Manage cookies" link in the footer; future events will not fire.

How we use your data

• To transcribe your audio and video files and deliver results.
• To process payments and issue refunds.
• To send transactional emails (receipts, account notifications).
• To improve the service based on aggregate usage patterns.
• To measure which marketing channels send paying customers (only with your consent, via Google Ads conversion measurement).

We do not sell your data. We do not"share" your data for cross-context behavioural advertising (CCPA/CPRA terminology). We do not use your files or transcripts to train AI models, and our transcription subprocessor (OpenAI) operates under a zero-retention agreement that prohibits training on your data.

Third-party processors

We use the following processors to operate TranscribeCat. The full subprocessor list including processing regions and DPA links is at /trust.

• Clerk — authentication and user management. Region: EU.
• Stripe — payment processing. Region: US (Stripe is a recognised PCI-DSS Level 1 service provider).
• Cloudflare R2 — encrypted object storage for uploaded audio. Region: EU.
• OpenAI — speech-to-text transcription via the OpenAI API. Per OpenAI's API data usage policy, audio sent through the API is not used to train OpenAI models and is retained by OpenAI for at most 30 days for abuse monitoring.
• Modal — serverless compute that runs the transcription worker. Audio passes through Modal's ephemeral container filesystem during processing and is deleted when the job completes. Modal does not retain copies.
• Neon — PostgreSQL database hosting (transcripts, account info, no audio). Region: EU (Frankfurt).
• Resend — transactional email delivery. Region: EU.
• Plausible — privacy-friendly website analytics. Region: EU. Does not use cookies or collect personal data.
• Google Analytics 4 (opt-in only)— loaded only after you accept analytics cookies in the banner. Data sent: page URL, IP (anonymised), session events, GA-assigned client ID. Region: US, processed under Google's Standard Contractual Clauses. Retention in Google: 14 months by default.
• Google Ads (opt-in only)— loaded only after you accept advertising cookies in the banner. Data sent on conversion: Stripe session ID (used as transaction_id), amount paid (USD), and conversion-action label. Region: US, same SCCs as GA4.
• Vercel — application hosting. Region: EU (Frankfurt).

How we record consent

Your cookie consent choice is stored on your device in localStorage under the key tc-consent-v2, with a timestamp. We don't maintain a server-side log of who consented when — the timestamp on your device is the record. This means: clearing your browser's storage for transcribecat.com resets the banner, and we'll ask again on your next visit. After 12 months we re-prompt automatically, in line with EDPB guidance on periodic re-confirmation.

International transfers

The data flow is mostly within the EEA: account, audio storage, database, email, and Plausible analytics all stay in the EU. Three processors operate from the US: Stripe (payments), Google Analytics, and Google Ads. Transfers to those US processors are covered by Standard Contractual Clauses; for Google specifically, we additionally rely on consent (you opt in via the banner) and supplementary measures (IP anonymisation in GA4). If you don't opt in, no data goes to Google.

Data Retention

• Audio and video files — you choose at upload time how long the original file is kept. Options range from instant deletion the moment a transcript is ready, up to one year. The default is 90 days from upload. The picker is on the upload page next to the language selector.
• Transcripts — kept until you delete them or delete your account.
• Account data — kept until you delete your account. Accounts inactive for 12 months receive a 30-day deletion warning email, then are deleted along with all transcripts and any remaining audio.

Your rights (EU/EEA / Norway)

Klarweb is established in Norway and processes data under GDPR + the Norwegian Personopplysningsloven. You have the following rights:

• Access — export your account data, transcripts, and audio retention status from the profile page; or request a copy by message.
• Rectification — correct inaccurate personal data via your profile or by message.
• Erasure — delete individual transcriptions or your entire account from the profile page. Deletion is immediate; backups roll off within 30 days.
• Restriction / objection — ask us to stop processing in specific scenarios; we'll review and respond within 30 days.
• Portability — the export above is provided in a machine-readable format (JSON + plain text).
• Withdraw consent — for cookies, use the "Manage cookies" link in the footer. For email marketing (if any), use the unsubscribe link in the email itself.
• Lodge a complaint— with the Norwegian Datatilsynet (Datatilsynet.no) or your local supervisory authority if you believe we're handling your data improperly.

Security

All data is transmitted over HTTPS. Database connections use SSL. Authentication is handled by Clerk with industry-standard security practices. Payment data is processed by PCI-compliant Stripe infrastructure.

Contact

For privacy-related questions, message us via your in-app inbox or the contact page.