Privacy Policy

1. Introduction

This privacy policy explains how we collect, use, process, and protect your personal data when you use our transcription service, including our website and mobile application. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

We operate both a website and a mobile application that provides real-time audio transcription services. This policy applies to both platforms.

2. Data Controller

The data controller responsible for your personal data is:

3. What Data We Collect

3.1 Website Data

• Analytics Data (Matomo): We collect anonymized website usage data including:
  • Pages visited
  • Time spent on pages
  • Anonymized IP addresses
  • Browser type and version
  • Operating system
  • Referring website

3.2 Mobile App Data

• Audio Data: Audio recordings you choose to transcribe (processed in real-time, not stored on our servers)
• Transcription Data: The text transcriptions generated from your audio (stored locally on your device only)
• IP Address: Your device's IP address when connecting to our transcription service
• Usage Data: Metadata about service usage including:
  • Timestamp of transcription requests
  • Duration of transcription sessions
  • Number of requests made

3.3 Contact Data

• Contact Inquiries: If you contact us via email, we collect your name and email address to respond to your inquiry

4. Why We Collect This Data (Legal Basis)

4.1 Website Analytics

Purpose: To understand how visitors use our website and improve user experience.
Legal Basis: Legitimate interest - The data is fully anonymized and stored on our own servers, which means your privacy is protected while we gain insights to improve our service.

4.2 Transcription Service

Purpose: To provide real-time audio transcription services.
Legal Basis: Contract performance - Processing is necessary to deliver the transcription service you requested.

4.3 IP Address and Usage Data

Purpose: Fraud detection, abuse prevention, rate limiting, and service security.
Legal Basis: Legitimate interest - Protecting our service infrastructure and ensuring fair usage for all users.

4.4 Contact Inquiries

Purpose: To respond to your inquiries and provide customer support.
Legal Basis: Legitimate interest or contract performance.

5. Where We Process and Store Your Data

5.1 Website

• Hosting (Vercel): Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel provides the infrastructure and technical services to deliver our website. Vercel processes technical usage data such as IP addresses, browser information, timestamps, and log data necessary for delivery and security.
  Legal Basis: Legitimate interest for secure and efficient operation.
  Data Transfer: Data may be transferred to the USA based on EU Standard Contractual Clauses.
  Privacy Policy: vercel.com/legal/privacy-policy
• Analytics (Matomo): We use Matomo, an open-source web analytics platform, hosted on our own servers in Austria. All collected data is stored exclusively on our servers and is not shared with third parties. The data is fully anonymized (IP addresses are anonymized, cookiesless).
  Legal Basis: Legitimate interest for analyzing and optimizing our service.
  

5.2 Mobile App

• Local Storage: All transcription data and recordings are stored exclusively on your device. We do not have access to this data.
• Transcription Server: Our own server located in Germany (EU) processes audio in real-time via WebSocket connection. Audio is transmitted but not stored.
• IP and Usage Logs: Stored on our German server with restricted access for fraud detection and service security.

International Data Transfers: With the exception of Vercel hosting services (which use EU servers but may transfer data to the USA under Standard Contractual Clauses), all data processing occurs within the European Economic Area (EEA). Your audio and transcription data never leaves the EU and is processed exclusively on our German server or stored locally on your device.

6. Data Retention

• Website Analytics: Anonymized analytics data is retained for 24 months, then automatically deleted
• Audio Data: Audio is processed in real-time and is NOT stored on our servers. It exists only temporarily in memory during transmission and is immediately discarded after transcription
• Transcription Text: Stored only on your device. You control retention and can delete it at any time through the app
• IP Address and Usage Logs: Retained for 90 days for security and fraud detection purposes, then automatically deleted
• Contact Inquiries: Email correspondence is retained only as long as necessary to respond to your inquiry, unless longer retention is legally required

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

• Service Providers:
  • Vercel (Website Hosting): US-based company, GDPR-compliant with Standard Contractual Clauses
  • Matomo (Analytics): Self-hosted on our own servers in Austria, no third-party data sharing
• Legal Obligations: We may disclose data if required by law, court order, or government request
• Security Threats: To protect against fraud, abuse, or security threats to our service or users

All third-party service providers are GDPR-compliant and process data only according to our instructions and applicable data protection agreements.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten") under certain conditions
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise these rights, please contact us at office@soticek.com. We will respond within 30 days.

9. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encrypted connections (TLS/SSL) for real-time transcription
• Secure server infrastructure with regular security updates
• Access controls and authentication for server access
• Regular security monitoring and audits
• Data minimization - we collect only what is necessary
• No persistent storage of audio data on servers
• Self-hosted analytics to avoid third-party tracking

While we implement strong security measures, no method of data transmission over the internet or electronic storage can guarantee absolute security. However, we continuously work to protect your personal data.

10. Cookies and Tracking

Our website does NOT use cookies. We use Matomo analytics in a privacy-friendly configuration that:

• Does not use cookies or local storage
• Anonymizes IP addresses (last 2 bytes removed)
• Does not track users across websites
• Does not create user profiles
• Stores all data on our own servers (not shared with third parties)

Our mobile app does not use cookies as it operates natively on your device. All data is stored locally on your device under your control.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically. Continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us:

By using our website and services, you acknowledge that you have read and understood this privacy policy.