Privacy Policy

Version 2026-04-14.2 · Last updated April 14, 2026

We collect only the information necessary to provide our service: your email address and usage data. Audio submitted for real-time transcription is processed in real time and is not stored.

Audio and video uploaded for project transcription is stored on our servers until you delete the project or your account. See "Data retention" below for full details on what we keep, for how long, and why.

Sensitive content in recordings

We do not intentionally process "special categories" of personal data as defined by GDPR Article 9 — such as health information, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, or data concerning sex life or sexual orientation. VoiceTextTranslate is a general-purpose speech-to-text and translation service and is not designed, marketed, or optimized for any of those categories.

Audio you upload may nevertheless contain this kind of content incidentally — for example if you record a medical appointment, a religious service, or a political discussion. If you choose to upload such content, you are responsible for ensuring you have a lawful basis to do so, including obtaining the consent of the individuals whose voices are in the recording where your local law requires it. When we receive that content, we process it solely to deliver the transcription or translation you requested — we do not analyze it for its sensitive attributes, and the same retention rules described below apply.

Voice is not used for biometric identification. We transcribe speech and, where requested, distinguish between speakers within a single recording (speaker "diarization"). We do not create voiceprints and do not attempt to identify individuals by the characteristics of their voice. Speaker diarization labels segments as "speaker 1", "speaker 2", and so on — it does not link those labels to any specific person.

Cookies

We use a small number of cookies:

• Session cookie — required to keep you signed in while you use the app. Strictly necessary; cannot be disabled.
• CSRF token cookie — protects forms from cross-site request forgery. Strictly necessary.
• Google Analytics (_ga, _gid) — helps us understand how people use the app so we can improve it. Only set if you accept analytics in the cookie banner. You can change your choice at any time via the "Cookie preferences" link in the footer of the landing page.
• analytics_consent cookie — remembers your answer to the cookie banner so we don't keep asking. Strictly necessary to enforce your choice.

Change my cookie choice

Third-party sub-processors

To operate the service we share data with a small number of third-party providers, each of which processes personal data only on our documented instructions under a data processing agreement. The current list is maintained on a dedicated page so that changes can be tracked over time:

→ View our current sub-processor list

Use of your content to train models. We do not use your content to train or improve any machine-learning models ourselves. The AI providers we use to deliver transcription, translation, and synthesis each have their own policies on how customer data may be used; we select providers based in part on their data-use practices. For the current list of providers and links to their privacy and data-processing documentation, see the sub-processor list linked above.

Legal basis for processing

Under the EU General Data Protection Regulation (GDPR), we are required to identify a lawful basis for each category of processing. For VoiceTextTranslate:

• Providing the service — operating your account, authenticating you, transcribing and translating the content you submit, delivering results to you. Legal basis: performance of a contract (Art. 6(1)(b)). You cannot use the service without agreeing to our Terms, and we cannot provide the service without processing this data.
• Billing and financial records — processing payments, tracking credit balances, issuing refunds. Legal basis: performance of a contract (Art. 6(1)(b)) for the transaction itself, and legal obligation (Art. 6(1)(c)) for retaining financial records under tax and accounting law.
• Security, error reporting, and service reliability — detecting abuse, monitoring for errors, investigating incidents. Legal basis: legitimate interests (Art. 6(1)(f)) — keeping the service secure and reliable is necessary for you and other users.
• Analytics (Google Analytics) — understanding how the service is used so we can improve it. Legal basis: your consent (Art. 6(1)(a)), collected via the cookie consent banner. You can withdraw consent at any time by clicking "Cookie preferences" in the footer.
• Customer support — responding to your questions and data subject rights requests. Legal basis: legitimate interests (Art. 6(1)(f)) for routine support; legal obligation (Art. 6(1)(c)) for data subject rights requests under GDPR Chapter III.

International data transfers

Most of our infrastructure and sub-processors are located in the European Union: our hosting, database, and object storage are in Frankfurt, Germany (DigitalOcean FRA1), and several of our AI providers are EU-based as well.

However, a small number of our sub-processors are based in the United States — specifically Stripe, Deepgram, Google Cloud, Sentry, and Middleware.io. When we share data with these providers, it is transferred to the US under the safeguards required by Chapter V of the GDPR: Standard Contractual Clauses (SCCs) incorporated into each provider's data processing agreement. For each US-based provider, see our sub-processor list for the specific role and the link to their DPA.

Payments and Stripe

We use Stripe to process payments. We do not see or store your card details — they are collected directly by Stripe. On our side, we keep a reference to your Stripe customer record (an opaque identifier) so we can show you your past purchases and process refunds.

When you delete your account we ask Stripe to delete your customer record. Stripe will retain historical transaction data (charges, invoices, refunds) as required by financial, tax, and anti-fraud laws; at that point Stripe is the controller of that data, not us. See Stripe's privacy policy.

If you used Stripe Link (Stripe's cross-merchant one-click checkout), your Link account is owned by you directly through Stripe and is shared across every merchant that accepts Link. Deleting your VoiceTextTranslate account does not delete your Link account or remove any cards stored in it — you can manage Link yourself at link.com.

Your rights

Under the GDPR you have the following rights with respect to the personal data we hold about you:

• Right of access and portability (Art. 15 and Art. 20) — you can request a copy of the personal data we hold about you as a structured JSON file directly from your Settings page ("Request data export"). The export includes your account info, projects with transcripts and translations, usage records, and billing history.
• Right to rectification (Art. 16) — you can ask us to correct any inaccurate or incomplete personal data.
• Right to erasure (Art. 17) — you can ask us to delete your personal data. You can also delete your account yourself at any time from the Settings page.
• Right to restrict processing (Art. 18) — in certain circumstances you can ask us to limit how we process your data.
• Right to object (Art. 21) — you can object to processing based on our legitimate interests.
• Right to withdraw consent (Art. 7(3)) — where we rely on your consent (for example, analytics cookies), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email privacy@almond.blue. We will respond within 30 days as required by Article 12.

Right to lodge a complaint. If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Polish Data Protection Authority (Urząd Ochrony Danych Osobowych) at uodo.gov.pl, or with the supervisory authority in your own EU member state. We would appreciate the opportunity to address your concerns first — please contact us at privacy@almond.blue before filing a complaint — but this is your right and we respect it.

Automated decision-making. We do not make any decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. Transcription and translation output from our AI providers is informational and is not used to make decisions about you.

Selling or sharing for advertising. We do not sell your personal information and we do not share it with third parties for advertising or marketing purposes.

Data retention

We retain personal data only as long as needed for the purposes described in this policy.

Data you control

• Project media files (uploaded audio and video) are retained until you delete the project or your account. When you delete a project, the associated files are removed from S3 via a background cleanup job.
• Project transcripts, translations, and exports are retained until you delete the project or your account.
• Downloadable batch export archives are generated on demand, meant to be downloaded promptly, and automatically purged when they expire. You can regenerate them at any time from the project.
• Account data (email, password hash, sign-in timestamps) is retained while your account is active. When you delete your account, all personal identifiers are erased immediately — see "Deleting your account" on the Settings page.

Data that is never stored

• Live session audio. Audio captured during real-time sessions is streamed to our speech-to-text providers and discarded as soon as the session ends. We do not persist the raw audio server-side.
• Live session transcripts. Transcripts produced during a live session are shown in your browser and are not stored on our servers.

Data retained for accounting and legal compliance

Tax, accounting, and anti-fraud laws require us to retain certain financial records for several years after the transaction. These include past purchases, usage records, refund events, and double-entry ledger entries. After you delete your account, these records are retained in anonymized form: transaction data stays for audit, but personal identifiers are removed so the records can no longer be linked back to you.

Operational logs and backups

Server logs and application traces may be retained by our hosting and observability providers for their standard retention periods (typically under 30 days). Our database provider takes automated backups for disaster recovery; deleted records cycle out of those backups over time as the rolling backup window advances. We cannot selectively edit individual records within backup snapshots, but deleted records are not restored from backups except in the event of a disaster-recovery restore.

Children's privacy

VoiceTextTranslate is not directed to children. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have collected information from a child, please contact us and we will delete it.

Contact us

For privacy questions, data subject rights requests (access, correction, export, deletion), or any concerns about how we process your personal data, contact us at privacy@almond.blue. We aim to respond within 30 days, as required by GDPR Article 12.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated and may require you to re-accept the updated policy.

← Back to home