BriefVox AI Privacy Policy
Operator details
The operator of BriefVox AI is: Wojciech Ogonowski, osoba fizyczna prowadząca działalność nierejestrowaną w rozumieniu art. 5 ustawy – Prawo przedsiębiorców, Grodzisk Mazowiecki, Polska.
Customer support contact: support@briefvox.com.
Privacy and data protection contact: privacy@briefvox.com.
1. Purpose of this document
This Privacy Policy explains what personal data is processed in BriefVox AI, for what purposes, on what legal bases, to whom it may be disclosed, and what rights are available to data subjects.
2. Processing roles
With respect to account data, payments, communications, logs, and Service operations, the Operator generally acts as a data controller.
With respect to audio files, video files, linked media imports, and transcriptions uploaded or imported by business customers, the Operator may act as a data processor on behalf of the User. In that case, the Data Processing Agreement applies.
For individual users, audio files, video files, linked media imports, transcriptions and AI Notes are processed to deliver the Service features requested by the User, as described in this Privacy Policy and the Terms.
3. Categories of data
Category
Examples
Account data
email address, hashed password, user ID, interface language
Payment data
Stripe payment identifiers, payment status, amounts, currency, purchase history, invoices
Technical data
IP address, login logs, session identifiers, device data, security events
Media files and imports
audio and video recordings uploaded by the User, media imported from links, file metadata, recording length, file format, source import URL, link import rights confirmation and confirmation metadata where applicable
Transcriptions and AI Notes
conversation text, timestamps, identified speakers, user edits, TXT/DOCX/SRT/VTT exports, AI Notes content (summaries, meeting notes, translations, reports, and other types), AI Notes downloads
Communications
support messages, complaints, bug reports, Operator responses
4. Possible special category data
Audio files, video files, linked media imports, and transcriptions may contain special category data, such as information about health, beliefs, religion, opinions, trade union membership, or other sensitive data. The Operator does not require such data to be uploaded or imported. The User is responsible for having an appropriate legal basis for processing and transferring such data to the Service.
5. Purposes and legal bases for processing
Purpose
Data
Legal basis / justification
Account creation and management
account data, technical data
performance of a contract or pre-contractual steps
Transcription service delivery
audio files, video files, linked media imports, transcriptions, metadata
performance of the service contract
AI Notes generation
transcript content, AI Tokens, AI Notes output
performance of the service contract
Payment and invoice processing
payment data, identifying data
performance of a contract, legal obligations, tax accounting
Complaint handling and support
communications, account data, transcription data needed for the case
performance of a contract, legitimate interest
Security and abuse prevention
logs, IP, activity history
legitimate interest of the Operator
Optional analytics
cookie/analytics data
user consent, where required
Direct marketing
email, preferences
consent or legitimate interest, depending on channel and scope
6. Data recipients and subprocessors
Data may be shared with service providers necessary for BriefVox AI to operate. The current provider list is set out in the Subprocessors Registry.
Provider / category
Purpose
Stripe
payment processing, invoicing, subscriptions, payment disputes
S3 storage provider
storage of audio files, video files, linked media imports, exports, and transcriptions
AI transcription provider (e.g. AssemblyAI / Deepgram / OpenAI)
automatic transcription of audio files, video files, and linked media imports
Email provider (e.g. Resend / Postmark / AWS SES)
delivery of system messages
Hosting / infrastructure
application, API, database, and queue operations
Accounting firm, law firm
accounting, legal support, claims
7. Data transfers outside the EEA
Some providers may process data outside the European Economic Area. Current processing locations and transfer safeguards are set out in the Subprocessors Registry.
8. Retention periods
Data
Retention period
User account
for the duration of the account, then for the period required for billing, defence of claims, or legal obligations
Audio files, video files, linked media imports, and transcriptions
indefinitely on the User's account, until manually deleted or the account is closed, unless law requires longer retention
Payment data and invoices
for the period required by tax and accounting regulations
Security logs
12 months
Cookie and marketing consents
until consent is withdrawn or for the technically valid period of the consent
9. Rights of data subjects
right of access to data,
right to rectification,
right to erasure,
right to restriction of processing,
right to data portability, where applicable,
right to object to processing based on legitimate interest,
right to withdraw consent, where processing is based on consent,
right to lodge a complaint with the President of the Personal Data Protection Office (UODO).
9.1 Account data access and export
The User may request access to data and a copy of data relating to their account. After verifying the request, the Operator may provide a readable electronic report and a technical JSON variant.
The report may include data currently available in the system for the account: account data, legal acceptances, AI Notes consents, payments, subscriptions, promotions, minute balances, AI Token balances, operation history, transcription metadata, transcript segments and generated AI Notes, where the feature was used.
The export does not include passwords, storage keys, internal administrative logs, full AI provider prompts, or data whose disclosure could adversely affect the rights and freedoms of others.
In response to an access request, the Operator also provides information about processing purposes, data categories, recipients or recipient categories, retention periods, data sources and data subject rights to the extent required by GDPR.
10. Automated processing and AI
Transcription is performed automatically by an AI system. The system generates text and identifies speakers based on the audio track from a file, video, or linked media import. The output may contain errors and should be verified by the User. The Service must not make decisions with legal effects for the User based solely on automated processing without a separate explanation and legal basis.
11. Security
private file storage with no public file links,
temporary presigned URLs for downloading or playing back files,
encryption in transit,
limited administrative access,
security event logging,
account access control mechanisms.
12. Account and data deletion
The User may request account deletion or independently delete audio files, video files, linked media imports, and transcriptions if the feature is available in the dashboard. Deletion does not extend to data that the Operator is required to retain under applicable law, for billing, security, or claims purposes.
The User may download a self-service export of their account data (pursuant to Article 15 GDPR) from the My Data panel available in the privacy settings. The export covers account data, payment history, minute and AI Token balances, subscription details, and a list of transcriptions and AI Notes.
13. Contact
For privacy matters: privacy@briefvox.com. For account and support matters: support@briefvox.com.