Privacy & Cookies Policy
for transcriptmate.com
Effective date: 01 September 2025
1. Controller & contact
The controller of personal data for account, billing, support, security and marketing purposes is Hinter Sp. z o.o., ul. Ignacego Mościckiego 1, 24‑110 Puławy, Poland, KRS 0000812678, NIP 7162827816, REGON 384805111. Contact: hello@transcriptmate.com.
We have not appointed a Data Protection Officer. For privacy matters please contact us by e‑mail.
2. Scope
This Policy covers processing of personal data of visitors to transcriptmate.com and users of app.transcriptmate.com (Freemium, Pay‑as‑you‑go and Subscription plans), as well as persons contacting us by e‑mail or forms.
3. Roles under GDPR
We act as Controller for data related to: registration and management of Accounts, billing and payments (Stripe/local gateways), customer support and communications, security, and (if you opt‑in) marketing communications.
We act as Processor for personal data contained in the Materials you upload (audio/video, texts, prompts, metadata) and the AI Outputs generated from them. In that respect, our cooperation is governed by the Data Processing Agreement (DPA) (Annex to the Terms of Service).
Definitions:
Materials – any files/information you provide (e.g., audio/video recordings, prompts, metadata).
AI Outputs – content generated by the Service based on your Materials (e.g., transcripts, summaries, posts, articles, reports).
4. Data we process & sources
- Account data: name, e‑mail, password (hash), user ID.
- Billing data: company details, VAT/NIP, address, payment history, order IDs, payment method.
- Communications: message content, tickets, satisfaction feedback.
- Technical data: server logs, IP address, device/browser identifiers, timestamps, error and performance data.
- Materials / AI Outputs (processor role): voices/images in recordings, conversation content, transcriptions and generated outputs.
We obtain data directly from you (registration, forms, uploads), from payment providers (transaction status) and from security/monitoring systems.
5. Purposes, legal bases & retention
| Purpose | Legal basis (GDPR) | Scope | Retention |
|---|---|---|---|
| Create & operate your Account; provide the SaaS and Pay‑as‑you‑go services (incl. Freemium) | Art. 6(1)(b) – contract | Account & technical data | Up to 3 years after Account closure (claims) |
| Billing, accounting & taxes | Art. 6(1)(c) – legal obligation | Billing data, payment history | 5 years (per tax rules) |
| Support & communication | Art. 6(1)(f) – legitimate interest (customer communications) | Communications | Up to 12 months after ticket closure |
| Security, anti‑abuse, logs | Art. 6(1)(f) – legitimate interest (service security) | Technical data | Up to 90 days (logs) |
| Own marketing (only if you opt‑in to the channel) | Art. 6(1)(a) – consent; B2B may also rely on Art. 6(1)(f) | E‑mail/phone, identifiers | Until withdrawal of consent/objection |
Materials / AI Outputs (processor role):
Data export is available for 30 days after termination; afterwards operational deletion begins.
Backups may retain fragments for up to 90 days (integrity of backups).
6. AI transparency
AI Outputs are generated automatically based on your Materials/instructions. While we aim for usefulness, AI Outputs may contain errors or inaccuracies and are provided "as is". They are not legal/medical/financial advice. You are responsible for verifying AI Outputs before use. (See Terms of Service for licence and responsibility.)
We do not make decisions producing legal effects concerning you based solely on automated processing within the meaning of Art. 22 GDPR.
7. Recipients & sub‑processors
We share data only as necessary with providers of hosting, payments (e.g., Stripe/local gateway), e‑mail delivery, monitoring/logging, analytics (if used) and customer support tools.
For Materials we act as Processor and may engage sub‑processors. The current list of sub‑processors is published in the Service or provided upon request. We enter into data processing agreements with them and require appropriate security measures.
8. International transfers
We do not transfer personal data outside the EEA. If that changes in the future, we will implement appropriate safeguards (e.g., EU Standard Contractual Clauses/adequacy decisions and additional measures) and notify you in advance, allowing you to object.
9. Your rights
You have the right to request: access, rectification, erasure, restriction, portability and to object to processing (including direct marketing). You may withdraw consent at any time; withdrawal does not affect prior lawful processing.
You also have the right to lodge a complaint with a supervisory authority (in Poland: the President of the Personal Data Protection Office – uodo.gov.pl). Please contact us first – we will do our best to help.
10. Security
We apply appropriate technical and organisational measures, including TLS encryption in transit, access control and least‑privilege, updates and security testing, backups, event logging and incident response procedures, and staff confidentiality. We follow risk‑based, privacy‑by‑design/default principles.
11. Cookies & similar technologies
We use cookies and similar technologies in the website/app.
Categories:
- Necessary – essential for operation and security (e.g., session, checkout for Pay‑as‑you‑go).
- Functional (optional) – improve user experience (e.g., remember settings).
- Analytics/Statistics (optional) – measure traffic and performance.
- Marketing (optional) – personalised content/ads (if used).
Consents:
- On first visit we show a banner allowing you to choose categories (other than necessary).
- You can change settings anytime in "Cookie settings" or your browser.
- Details (cookie list, durations, providers) are available in the cookie banner/policy.
12. Children
The Service is not directed to persons under 16. If we learn we process a child's data without a valid basis, we will take steps to delete it.
13. Changes to this Policy
We may update this Policy, e.g., when introducing new features or providers. We will announce material changes in the Service at least 5 days in advance. Each version will have an effective date and version number.
14. Documents & roles – summary
- Terms of Service – service use & billing (incl. FUP, SLA, AI terms).
- DPA – Data Processing Agreement (Annex to the Terms) – applies to Materials/AI Outputs where we act as Processor.
- List of sub‑processors – published in the Service or available on request.
Version: 1.0 (01 September 2025)