Note: ScribX is currently in beta. This policy is a working draft — please consult a qualified legal professional before deploying it for production use. Sections marked [to complete] require your specific details.
1. Information we collect
Account information
When you register, we collect your name, email address, organization name and a hashed password. We do not store plaintext passwords.
Meeting data
When you use the ScribX extension or platform, we process:
- Audio streams — captured in real time for transcription only; audio is not persisted after processing.
- Transcripts — the text output of speech-to-text processing, stored and linked to your account.
- Summaries and notes — AI-generated structured notes derived from transcripts.
- Participant metadata — names and email addresses of meeting participants, if provided.
Voiceprints and speaker identification
ScribX uses speaker diarization to label transcript segments by speaker. This may involve processing voice characteristics to distinguish participants. We treat voiceprint data as biometric information. We do not build persistent voiceprint profiles without explicit consent, and we do not share voice characteristics with third parties except as required for the transcription service (see Section 5). Illinois residents: see our DPA for BIPA compliance commitments.
Usage data
We collect standard server logs (IP address, browser type, timestamps, pages visited) and in-product analytics to understand feature usage and improve the service.
Payment information
Payments are processed by a third-party processor [to complete]. We do not store full card numbers on our servers.
We do not use your meeting content to train AI models — ever. Audio is discarded after processing. Transcripts and notes are never shared with AI providers for training purposes. We contractually prohibit all sub-processors from training models on your data.
2. How we use your information
- To provide, operate and improve the ScribX service.
- To generate meeting transcripts, translations and AI summaries.
- To send transactional emails (account verification, password reset, billing receipts).
- To respond to support requests.
- To detect and prevent fraud, abuse and security incidents.
- To comply with legal obligations.
We do not use your meeting content to train AI models, and we do not sell your data to third parties.
3. Data retention
Transcripts, summaries and structured notes are retained for as long as your account is active. You may delete individual meetings or your entire account at any time from the CMS.
Audit logs are retained for a minimum of 7 years to meet financial and compliance requirements. Usage logs are retained for 90 days. Deleted data is purged from backups within 30 days.
4. Security
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We enforce role-based access controls, conduct regular security reviews and maintain an incident response plan.
Our infrastructure is hosted on [to complete — specify cloud provider and region]. We follow the principle of least privilege for internal data access.
5. Sharing and disclosure
We do not sell, rent or trade your personal data. We may share data with:
- Sub-processors — cloud infrastructure, speech-to-text providers and analytics tools listed in our Data Processing Agreement.
- Legal requirements — if required by law, court order or to protect rights and safety.
- Business transfers — in connection with a merger, acquisition or sale of assets, with notice to you.
6. Your rights
Depending on your jurisdiction, you may have the right to:
- Access a copy of your personal data.
- Correct inaccurate data.
- Delete your data ("right to be forgotten").
- Restrict or object to processing.
- Data portability (receive your data in a machine-readable format).
- Withdraw consent at any time where processing is based on consent.
To exercise any right, contact us at privacy@scribx.app. We will respond within 30 days.
EEA / UK residents: You may also lodge a complaint with your local data protection authority. Below is our legal basis by processing activity:
| Processing activity | Legal basis |
|---|---|
| Providing the Service (transcription, summaries) | Performance of contract (Art. 6(1)(b) GDPR) |
| Account management and billing | Performance of contract (Art. 6(1)(b) GDPR) |
| Product analytics and improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR); withdrawable at any time |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
7. Cookies
We use strictly necessary cookies (session authentication) and optional analytics cookies. You can disable optional cookies from your browser settings. We do not use advertising cookies.
8. Children's privacy
ScribX is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us immediately and we will delete it.
9. Changes to this policy
We may update this policy from time to time. We will notify you by email and post the updated policy with a new "last updated" date at least 14 days before changes take effect.
10. Contact
TDA Develop
Email: privacy@scribx.app
Address: [to complete]