Vertrouwen & beveiliging
The receipts behind our privacy promise. Last updated: May 2, 2026.
Privacy promise, in plain language
- ✓You choose how long audio is kept. The default is 90 days from upload, but the picker on the upload page lets you set anything from "delete the moment transcription completes" up to one year.
- ✓Encrypted in transit and at rest. All traffic is HTTPS. Audio at rest in Cloudflare R2 is encrypted with AES-256.
- ✓Nooit gebruikt om AI te trainen. The OpenAI API agreement explicitly excludes API traffic from model training. We don't fine-tune models on user data either.
- ✓Nooit verkocht of gedeeld. We have no data-sale business model. Only the subprocessors listed below see your data, and only for what they're named below.
- ✓Altijd te verwijderen. One-click delete for individual transcriptions or your entire account.
Subverwerkers
These are the third-party services that process your data, what they do, where they run, and a link to their DPA.
| Aanbieder | Doel | Regio | DPA |
|---|---|---|---|
| Vercel | Applicatiehosting (Next.js runtime, edge-netwerk) Verzoekmetadata, serverlogs | EU (Frankfurt) | DPA → |
| Cloudflare R2 | Versleutelde objectopslag voor geüploade audiobestanden Audio-/videobestanden (geüpload), versleuteld in rust | EU | DPA → |
| Modal | Serverless compute die de transcriptie-worker uitvoert Audio wordt tijdelijk gestreamd via een efemeer containerbestandssysteem tijdens transcriptie. Modal biedt nog geen EU-regio's voor onze workload-tier. | US | DPA → |
| OpenAI | Spraak-naar-tekst transcriptie via de API (gpt-4o-transcribe-diarize) Audio verzonden voor transcriptie. Per OpenAI-beleid: niet gebruikt voor training, ≤30 dagen bewaard voor misbruikmonitoring. EU-datalocatie alleen op enterprise-niveau. | US | DPA → |
| Neon | PostgreSQL-databasehosting (transcripties, accountinfo — geen audio) Accountinfo, transcripties, factuurreferenties | EU (Frankfurt) | DPA → |
| Stripe | Betalingsverwerking Kaartgegevens (door Stripe afgehandeld — raken onze servers nooit aan), factuur-e-mail | EU / Global (PCI-DSS) | DPA → |
| Clerk | Authenticatie en gebruikersbeheer E-mail, naam, OAuth-tokens, sessiegegevens | EU | DPA → |
| Resend | Bezorging van transactionele e-mail Ontvanger-e-mail, berichtinhoud (transcript-gereed meldingen) | EU | DPA → |
| Plausible | Privacy-vriendelijke website-analyse (geen cookies, geen PII) Paginabezoektellingen, totale gebeurtenistellingen. Geen persoonlijke identifiers. | EU | DPA → |
| Google Analytics 4 (opt-in) | Pageview- + conversie-analyse, met consent-gating Pagina-URL, IP (geanonimiseerd), sessiegebeurtenissen, GA-toegewezen client-ID. Alleen geladen nadat de gebruiker analyticscookies accepteert in de consent-banner. | US (Google operates globally; SCCs + IP anonymisation apply) | DPA → |
| Google Ads (opt-in) | Conversiemeting voor advertentie-attributie, met consent-gating Conversiegebeurtenissen: Stripe-sessie-ID (transaction_id), betaald bedrag (USD), conversieactielabel, gclid-match. Alleen geladen nadat de gebruiker advertentiecookies accepteert. | US (same as GA4) | DPA → |
Datalocatie
We are an EU-based company (Klarweb, Oslo) and pick EU data residency wherever the provider supports it. Today that means:
- Audio-opslag — Cloudflare R2, EU jurisdiction.
- Database — Neon, Frankfurt (eu-central-1).
- Hosting — Vercel, Frankfurt (fra1).
- Authenticatie — Clerk, EU-instantie.
- E-mail — Resend, EU-verzendregio.
- Altijd-actieve analyse — Plausible, EU.
Subprocessors that run in the United States:
- Modal (the transcription worker) and OpenAI (the speech-to-text model) — audio transits through both during the few minutes it takes to transcribe, then leaves no persistent copy on either.
- Stripe — betalingsverwerking.
- Google Analytics 4 and Google Ads — opt-in only, gated behind the cookie banner. Default-denied via Consent Mode v2; nothing is sent to Google unless you accept. If you reject, no data goes to Google at all.
EU/US transfers for these processors rely on Standard Contractual Clauses (SCCs). For Google specifically we additionally rely on consent (you opt in via the banner) and IP anonymisation. If your use case requires zero US transit, message us via the contact page before uploading sensitive content — and reject the cookie banner so the Google processors never load.
GDPR-houding
If you're in the EU/EEA, you have the right to access, rectify, port, and erase your personal data. The shortcuts:
- Access / portability — export every transcript and account record from your profile page.
- Verwijdering — delete individual transcriptions, or delete your entire account (Profile → Delete account). Account deletion removes audio, transcripts, billing references, and all associated subprocessor records.
- Rectification / objection — message us via your in-app inbox and we'll respond within the GDPR-mandated 30 days.
Versleuteling
- Tijdens transport — all browser ↔ server traffic is TLS 1.2+. Database connections to Neon use SSL.
- In rust — Cloudflare R2 encrypts uploaded audio with AES-256 server-side. Neon database storage is encrypted.
- Kaartgegevens — handled exclusively by Stripe (PCI-DSS Level 1). Card numbers never touch our servers.
Wat we niet hebben
In the spirit of being honest about what we are and aren't:
- SOC 2 / ISO 27001 — not certified. We're a small team and haven't pursued formal audits yet. If you need SOC 2 for procurement, message us — we can talk about timelines.
- HIPAA BAA — we don't sign Business Associate Agreements. Don't upload PHI.
- 100% EU-only datalocatie — storage, database, hosting, auth, email, and Plausible analytics are EU. Modal compute, OpenAI transcription, and Stripe payments run in the US (SCCs in place). Google Analytics and Google Ads are also US, but opt-in only — they never load if you reject the cookie banner. Reach out if your case requires zero US transit before uploading.
Een beveiligingsprobleem melden
Found a vulnerability? Message us via /contact with the details. We respond to security reports within 72 hours.