Privacy Policy

Last Updated: March 4, 2026

At Transcryb, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application. We comply with UK GDPR, the Data Protection Act 2018, CCPA/CPRA, and other global data protection regulations.

Data Controller

The data controller responsible for your personal data is:

Zwiers Studios Ltd (Trading as Transcryb)

Company number: 08017260

Registered office: Churchill House, 137-139 Brent Street, London, England, NW4 4DJ

Email: info@transcryb.ai

For data protection queries, contact us at info@transcryb.ai. We are registered in England and Wales.

Information We Collect

Personal Information

Email address (for account creation and authentication)
Name (optional, for personalisation)
Voice profiles (biometric data: mathematical representations for speaker identification)
Payment information (processed securely through PCI-compliant providers)
Subscription tier and usage statistics

Usage and Technical Data

App usage statistics (transcription count, features used)
Device information (type, OS version for compatibility)
IP address and approximate location (derived from IP)
Browser and user agent information (web version)
Crash reports and performance data (to improve the app)

Content Data

Audio files (temporarily processed, deleted immediately after transcription)
Transcribed text (stored only if you explicitly save it)
Voice embeddings (numerical representations, not actual voice recordings)
Uploaded documents (PDFs, DOCX, TXT - processed and deleted after conversion)
Generated summaries and replies (stored only if you save them)
Translation results (temporarily cached for up to 24 hours)

Communications Data

Support correspondence (emails and in-app messages you send us)

Legal Basis for Processing

Under UK GDPR Article 6, we process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)): Providing transcription, translation, summarisation, and related services; managing your account; processing payments
Consent (Art. 6(1)(a)): Creating voice profiles (biometric data under Art. 9); optional personalisation features; marketing communications (if any)
Legitimate interest (Art. 6(1)(f)): Improving app performance and user experience; analysing aggregated usage patterns; fraud prevention and security; sending service-related communications
Legal obligation (Art. 6(1)(c)): Retaining payment records as required by tax and accounting law; responding to lawful requests from authorities

Special category data: Voice profiles used for speaker identification constitute biometric data under UK GDPR Article 9. We process this data solely on the basis of your explicit consent (Art. 9(2)(a)), which you provide when you choose to create a voice profile. You may withdraw this consent at any time by deleting your voice profiles.

How We Use Your Information

We use your information solely to:

Provide transcription and related services
Authenticate and manage your account
Process payments for premium features
Analyse aggregated usage patterns to improve app performance
Send important service updates (not marketing)
Comply with legal obligations

Important: We NEVER sell, rent, or share your personal data with third parties for marketing purposes.

Data Security and Storage

Security Measures

End-to-end encryption for sensitive data transmission
AES-256 encryption for data at rest
Secure authentication with JWT tokens
Regular security audits and updates
HTTPS/TLS for all API communications
Privacy by design and by default in all systems

Data Retention

Audio files: Deleted immediately after processing (typically within seconds)
Uploaded documents: Deleted immediately after text extraction
Transcripts and summaries: Retained only if you explicitly save them; deleted when you remove them or your account is terminated
Voice profiles: Retained until you delete them or your account is terminated, whichever comes first; permanently deleted within 30 days of account termination
Translation cache: Temporarily cached for up to 24 hours, then automatically deleted
Account data: Retained while account is active; deleted within 30 days of account termination
Usage logs: Anonymised after 90 days
Payment records: Retained as required by law (typically 7 years)
Support correspondence: Retained for 2 years after resolution

How Voice Profiles Work

Voice profiles help identify speakers across recordings:

We create mathematical representations (embeddings) of voice characteristics
These are numerical vectors, not actual voice recordings
Voice embeddings are classified as biometric data under UK GDPR Article 9
Profiles are created only when you explicitly choose to name a speaker, providing your consent
You can withdraw consent and delete any voice profile at any time
Profiles are never shared with other users
Voice analysis is performed by Microsoft Azure Cognitive Services on secure servers
All voice profiles are permanently deleted upon account termination

Third-Party Services and Sub-Processors

We use the following third-party services to provide Transcryb:

Deepgram: Audio transcription and speech-to-text processing (US-based)
OpenAI: Text processing, summarisation, smart replies, and AI features (US-based)
Anthropic: Advanced language understanding and content analysis (US-based)
Microsoft Azure Cognitive Services: Voice analysis and speaker identification
Payment Processing: PCI-DSS compliant payment processors

All sub-processors are bound by data processing agreements and process only the minimum data necessary. These providers do not use your content to train their general AI models. We never sell or share your data for advertising.

We will notify users of material changes to our sub-processors via email or in-app notification. A current list of sub-processors is available upon request at info@transcryb.ai.

Your Rights and Choices

Under UK GDPR and global privacy laws, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data
Portability: Export your data in a portable format
Restriction: Limit how we process your data
Objection: Object to processing based on legitimate interest
Withdraw Consent: Revoke consent at any time (including biometric consent for voice profiles)
Automated Decision-Making: Not be subject to solely automated decisions with legal or significant effects

How to Exercise Your Rights

To make a formal data subject request, email info@transcryb.ai. We will acknowledge your request within 7 days and respond substantively within one month. In complex cases, we may extend this by a further two months, and will inform you if so.

Data Control Features in Transcryb

Delete individual transcripts, summaries, or voice profiles anytime
Export all your data in common formats (JSON, CSV)
Disable voice recognition feature completely
Clear all voice profiles with one click
View detailed usage history and limits
Delete your account and all associated data permanently

Automated Decision-Making

Transcryb does not make automated decisions that produce legal effects or similarly significantly affect you. Our AI features (transcription, summarisation, translation) are tools that generate outputs for your review and do not make decisions about you.

Usage limit enforcement is applied automatically based on your subscription tier, but this does not constitute automated decision-making with significant effects under UK GDPR Article 22.

Apple App Store Compliance

Data Collection Disclosure

Data Linked to You: Email, Name (optional), Voice Profiles (optional)
Data Not Linked to You: Crash Data, Performance Data, Usage Analytics

Privacy Nutrition Labels

Contact Info: Used for account management
User Content: Audio and text, processed with your consent
Identifiers: User ID for service provision
Usage Data: To improve app performance
Diagnostics: Crash logs and performance metrics

App Tracking Transparency

Transcryb does NOT track you across apps or websites owned by other companies.

Data Breach Notification

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay via email and in-app notification.

Children's Privacy

Transcryb is not intended for children under 13 in the UK and US, or under 16 in the EU/EEA. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately. If you believe a child has created an account, please contact us at info@transcryb.ai.

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate (including Deepgram, OpenAI, Anthropic, and Microsoft). We ensure all international transfers are lawful through:

UK transfers: UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses
EU/EEA transfers: EU Standard Contractual Clauses (SCCs)
Adequacy decisions: Where the destination country has been granted adequacy status

You may request a copy of the relevant transfer safeguards by contacting info@transcryb.ai.

Cookies and Tracking

Transcryb uses only strictly necessary cookies and similar technologies:

Authentication token: First-party, session-based, essential for login
Session identifier: First-party, session-based, security
User preferences: First-party, persistent, stores language and theme settings

We do NOT use advertising, tracking, or analytics cookies. No third-party cookies are set by our application.

California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA and CPRA:

Right to know: What personal information is collected, used, and disclosed
Right to delete: Request deletion of personal information
Right to correct: Request correction of inaccurate personal information
Right to opt-out of sale or sharing: We never sell or share your data for cross-context behavioural advertising
Right to limit use of sensitive personal information: Voice biometric data is classified as sensitive personal information under CPRA
Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at info@transcryb.ai. We will acknowledge your request within 10 business days and respond within 45 calendar days.

Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with your local data protection authority.

UK residents: Information Commissioner's Office (ICO)

Website: ico.org.uk/make-a-complaint

Phone: 0303 123 1113

EU/EEA residents may also contact their local data protection authority. We encourage you to contact us first at info@transcryb.ai so we can try to resolve your concern.

Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We will notify you of any material changes via email and in-app notification at least 30 days before they take effect. This policy is reviewed at least annually.

Contact Us

For privacy-related questions or to exercise your rights:

Email: info@transcryb.ai

Support: support@transcryb.ai

Company: Zwiers Studios Ltd
Company number: 08017260
Churchill House, 137-139 Brent Street
London, England, NW4 4DJ
(Trading as Transcryb)

We aim to respond to all privacy requests within 30 days.