信頼性とセキュリティ
The receipts behind our privacy promise. Last updated: May 2, 2026.
Privacy promise, in plain language
- ✓You choose how long audio is kept. The default is 90 days from upload, but the picker on the upload page lets you set anything from "delete the moment transcription completes" up to one year.
- ✓Encrypted in transit and at rest. All traffic is HTTPS. Audio at rest in Cloudflare R2 is encrypted with AES-256.
- ✓AI の学習には使いません。 The OpenAI API agreement explicitly excludes API traffic from model training. We don't fine-tune models on user data either.
- ✓販売・共有はしません。 We have no data-sale business model. Only the subprocessors listed below see your data, and only for what they're named below.
- ✓いつでも削除できます。 One-click delete for individual transcriptions or your entire account.
副処理者
These are the third-party services that process your data, what they do, where they run, and a link to their DPA.
| プロバイダー | 用途 | リージョン | DPA |
|---|---|---|---|
| Vercel | Application hosting (Next.js runtime, edge network) リクエストメタデータ、サーバーログ | EU (Frankfurt) | DPA → |
| Cloudflare R2 | Encrypted object storage for uploaded audio files Audio/video files (uploaded), encrypted at rest | EU | DPA → |
| Modal | Serverless compute that runs the transcription worker Audio temporarily streamed through ephemeral container filesystem during transcription. Modal does not yet offer EU regions for our workload tier. | US | DPA → |
| OpenAI | Speech-to-text transcription via the API (gpt-4o-transcribe-diarize) Audio sent for transcription. Per OpenAI policy: not used for training, retained ≤30 days for abuse monitoring. EU data residency is enterprise-tier only. | US | DPA → |
| Neon | PostgreSQL database hosting (transcripts, account info — no audio) Account info, transcripts, billing references | EU (Frankfurt) | DPA → |
| Stripe | 決済処理 Card details (handled by Stripe — never touch our servers), billing email | EU / Global (PCI-DSS) | DPA → |
| Clerk | Authentication and user management Email, name, OAuth tokens, session data | EU | DPA → |
| Resend | トランザクションメール配信 Recipient email, message content (transcript-ready notifications) | EU | DPA → |
| Plausible | Privacy-friendly website analytics (no cookies, no PII) Page-view counts, aggregate event counts. No personal identifiers. | EU | DPA → |
| Google Analytics 4(オプトイン) | Page-view + conversion analytics, gated behind consent Page URL, IP (anonymised), session events, GA-assigned client ID. Only loaded after the user accepts analytics cookies in the consent banner. | US (Google operates globally; SCCs + IP anonymisation apply) | DPA → |
| Google Ads(オプトイン) | Conversion measurement for advertising attribution, gated behind consent Conversion events: Stripe session ID (transaction_id), amount paid (USD), conversion-action label, gclid match. Only loaded after the user accepts advertising cookies. | US (same as GA4) | DPA → |
データの所在
We are an EU-based company (Klarweb, Oslo) and pick EU data residency wherever the provider supports it. Today that means:
- 音声ストレージ — Cloudflare R2, EU jurisdiction.
- データベース — Neon, Frankfurt (eu-central-1).
- ホスティング — Vercel、フランクフルト(fra1)。
- 認証 — Clerk、EU インスタンス。
- メール — Resend、EU 送信リージョン。
- 常時稼働の分析 — Plausible、EU。
Subprocessors that run in the United States:
- Modal (the transcription worker) and OpenAI (the speech-to-text model) — audio transits through both during the few minutes it takes to transcribe, then leaves no persistent copy on either.
- Stripe — 決済処理。
- Google Analytics 4 and Google Ads — opt-in only, gated behind the cookie banner. Default-denied via Consent Mode v2; nothing is sent to Google unless you accept. If you reject, no data goes to Google at all.
EU/US transfers for these processors rely on Standard Contractual Clauses (SCCs). For Google specifically we additionally rely on consent (you opt in via the banner) and IP anonymisation. If your use case requires zero US transit, message us via the contact page before uploading sensitive content — and reject the cookie banner so the Google processors never load.
GDPR への対応
If you're in the EU/EEA, you have the right to access, rectify, port, and erase your personal data. The shortcuts:
- Access / portability — export every transcript and account record from your profile page.
- 削除 — delete individual transcriptions, or delete your entire account (Profile → Delete account). Account deletion removes audio, transcripts, billing references, and all associated subprocessor records.
- Rectification / objection — message us via your in-app inbox and we'll respond within the GDPR-mandated 30 days.
暗号化
- 転送中 — all browser ↔ server traffic is TLS 1.2+. Database connections to Neon use SSL.
- 保存時 — Cloudflare R2 encrypts uploaded audio with AES-256 server-side. Neon database storage is encrypted.
- カード情報 — handled exclusively by Stripe (PCI-DSS Level 1). Card numbers never touch our servers.
私たちが持っていないもの
In the spirit of being honest about what we are and aren't:
- SOC 2 / ISO 27001 — not certified. We're a small team and haven't pursued formal audits yet. If you need SOC 2 for procurement, message us — we can talk about timelines.
- HIPAA BAA — we don't sign Business Associate Agreements. Don't upload PHI.
- 100% EU 専用のデータ所在 — storage, database, hosting, auth, email, and Plausible analytics are EU. Modal compute, OpenAI transcription, and Stripe payments run in the US (SCCs in place). Google Analytics and Google Ads are also US, but opt-in only — they never load if you reject the cookie banner. Reach out if your case requires zero US transit before uploading.
セキュリティ問題の報告
Found a vulnerability? Message us via /contact with the details. We respond to security reports within 72 hours.