BriefVox AI Privacy Policy
Operator details
The operator of BriefVox AI is: Filip Ogonowski, a natural person conducting unregistered business activity within the meaning of Art. 5 of the Polish Act of 6 March 2018 – Entrepreneurs' Law, Generała Dezyderego Chłapowskiego 12, 05-825 Grodzisk Mazowiecki, Poland.
Customer support contact: support@briefvox.com.
Privacy and data protection contact: privacy@briefvox.com.
1. Purpose of this document
This Privacy Policy explains what personal data is processed in BriefVox AI, for what purposes, on what legal bases, to whom it may be disclosed, and what rights are available to data subjects.
2. Processing roles
With respect to account data, payments, communications, logs, and Service operations, the Operator generally acts as a data controller.
With respect to audio files, video files, linked media imports, and transcriptions uploaded or imported by business customers, the Operator may act as a data processor on behalf of the User. In that case, the Data Processing Agreement applies.
For individual users, audio files, video files, linked media imports, transcriptions and AI Notes are processed to deliver the Service features requested by the User, as described in this Privacy Policy and the Terms.
3. Categories of data
Category
Examples
Account data
email address, hashed password, user ID, interface language
Payment data
Stripe payment identifiers, payment status, amounts, currency, purchase history, invoices
Technical data
IP address, login logs, session identifiers, device data, a device identifier (cookie) and hashed technical signup data used to prevent Free-plan abuse, security events
Media files and imports
audio and video recordings uploaded by the User, media imported from links, file metadata, recording length, file format, source import URL, link import rights confirmation and confirmation metadata where applicable
Transcriptions and AI Notes
conversation text, timestamps, identified speakers, user edits, TXT/DOCX/SRT/VTT exports, AI Notes content (summaries, meeting notes, translations, reports, and other types), AI Notes downloads
Communications
support messages, complaints, bug reports, Operator responses
4. Possible special category data
Audio files, video files, linked media imports, and transcriptions may contain special category data, such as information about health, beliefs, religion, opinions, trade union membership, or other sensitive data. The Operator does not require such data to be uploaded or imported. The User is responsible for having an appropriate legal basis for processing and transferring such data to the Service.
5. Purposes and legal bases for processing
Purpose
Data
Legal basis / justification
Account creation and management
account data, technical data
performance of a contract or pre-contractual steps
Transcription service delivery
audio files, video files, linked media imports, transcriptions, metadata
performance of the service contract
AI Notes generation
transcript content, AI Tokens, AI Notes output
performance of the service contract
Payment and invoice processing
payment data, identifying data
performance of a contract, legal obligations, tax accounting
Complaint handling and support
communications, account data, transcription data needed for the case
performance of a contract, legitimate interest
Security and abuse prevention
logs, IP, activity history
legitimate interest of the Operator
Optional analytics
cookie/analytics data
user consent, where required
Direct marketing
email, preferences
consent or legitimate interest, depending on channel and scope
6. Data recipients and subprocessors
Data may be shared with service providers necessary for BriefVox AI to operate. The current provider list is set out in the Subprocessors Registry.
Provider / category
Purpose
Google LLC
OAuth 2.0 identity provider — identity verification when signing in via Google
Stripe
payment processing, invoicing, subscriptions, payment disputes
Backblaze B2 (Backblaze Inc.)
storage of audio files, video files, linked media imports, exports, and transcriptions
Amazon Web Services (AWS Bedrock)
AI Notes generation (summaries, notes, translations) from transcript text; audio/video transcription is performed locally on the Operator's infrastructure and audio files are not shared with this provider
Resend (Resend, Inc.)
delivery of system messages
Vercel Inc. (frontend hosting) and the Operator's own infrastructure
Vercel: hosting and delivery of the web application (frontend) and CDN; API, database, queues and transcription run on the Operator's own servers
Accounting firm, law firm
accounting, legal support, claims
7. Data transfers outside the EEA
Some providers may process data outside the European Economic Area. Current processing locations and transfer safeguards are set out in the Subprocessors Registry.
8. Retention periods
Data
Retention period
User account
for the duration of the account, then for the period required for billing, defence of claims, or legal obligations
Source files (audio files, video files, linked media imports)
automatically and permanently deleted 3 days after upload; the transcript generated from the recording is retained
Transcriptions
indefinitely on the User's account, until manually deleted or the account is closed, unless law requires longer retention
Payment data and invoices
for the period required by tax and accounting regulations
Security logs
up to 12 months
Cookie and marketing consents
until consent is withdrawn or for the technically valid period of the consent
9. Rights of data subjects
right of access to data,
right to rectification,
right to erasure,
right to restriction of processing,
right to data portability, where applicable,
right to object to processing based on legitimate interest,
right to withdraw consent, where processing is based on consent,
right to lodge a complaint with the President of the Personal Data Protection Office (UODO).
9.1 Account data access and export
The User may request access to data and a copy of data relating to their account. After verifying the request, the Operator may provide a readable electronic report and a technical JSON variant.
The report may include data currently available in the system for the account: account data, legal acceptances, AI Notes consents, payments, subscriptions, promotions, minute balances, AI Token balances, operation history, transcription metadata, transcript segments and generated AI Notes, where the feature was used.
The export does not include passwords, storage keys, internal administrative logs, full AI provider prompts, or data whose disclosure could adversely affect the rights and freedoms of others.
In response to an access request, the Operator also provides information about processing purposes, data categories, recipients or recipient categories, retention periods, data sources and data subject rights to the extent required by GDPR.
10. Automated processing and AI
Transcription is performed automatically by an AI system. The system generates text and identifies speakers based on the audio track from a file, video, or linked media import. The output may contain errors and should be verified by the User. The Service must not make decisions with legal effects for the User based solely on automated processing without a separate explanation and legal basis.
11. Security
private file storage with no public file links,
temporary presigned URLs for downloading or playing back files,
encryption in transit,
limited administrative access,
security event logging,
account access control mechanisms.
12. Account and data deletion
The User may request account deletion or independently delete audio files, video files, linked media imports, and transcriptions if the feature is available in the dashboard. Deletion does not extend to data that the Operator is required to retain under applicable law, for billing, security, or claims purposes.
The User may download a self-service export of their account data (pursuant to Article 15 GDPR) from the My Data panel available in the privacy settings. The export covers account data, payment history, minute and AI Token balances, subscription details, and a list of transcriptions and AI Notes.
13. Sign in with Google and Google user data (Google API Services)
BriefVox AI offers optional sign-in and registration with Google ("Sign in with Google"). This section explains how the application accesses, uses, stores, shares, and deletes Google user data.
Data accessed: we use only the OAuth scopes openid, email, and profile. Through them we obtain your unique Google account identifier (Google ID), your email address together with its verification status, and basic profile information (name). We do not access Gmail, Google Drive, Calendar, Contacts, or any other Google service or data.
Data usage: we use Google user data solely to create and authenticate your BriefVox AI account, link your Google identity to an existing account, pre-fill your display name, and confirm that your email address is verified. We do not use Google user data for advertising or to train AI/ML models.
Data sharing: we do not sell or share Google user data with third parties for their own purposes. It is processed only within our own infrastructure (the hosting and database providers listed in section 6) in order to operate sign-in and your account.
Data storage and protection: your Google ID, email address, and name are stored in our database and protected by the measures described in section 11 (encryption in transit, limited administrative access, account access control mechanisms). The Google OAuth access token received from Google is used only momentarily to retrieve your profile data and is not stored by us.
Data retention and deletion: Google user data is retained for the duration of your account. It is deleted when you delete your account, except for data the Operator is required to retain under applicable law. You may request deletion of your data or unlinking of Google sign-in at any time by contacting us at the address in section 14 or via the My Data panel available in your privacy settings.
Limited Use: BriefVox AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
14. Contact
For privacy matters: privacy@briefvox.com. For account and support matters: support@briefvox.com.
Where we process transcription
Audio/video transcription is performed on the Operator's own infrastructure within the European Union (local processing on the Operator's servers). We do NOT send your recordings to third-party transcription providers.
Files are stored with our storage sub-processor (Backblaze B2, EU). AI Notes are optional and processed by our AI sub-processor (AWS Bedrock, EU) only when you choose to generate them.
If that option is available and enabled, the Service may perform local audio cleanup before transcription (for example loudness normalization or noise reduction). It runs on the same Operator infrastructure in the EU and involves no transfer of recordings to other parties.
Marketing communication and transactional email
The Operator sends two categories of email: (a) transactional (payment confirmations, security alerts, account verification, password reset, terms changes) — required to perform the contract; opt-out only by closing the account; (b) marketing (news, tips, offers) — only after the User gives a separate, voluntary opt-in consent.
Marketing consent may be withdrawn at any time with a single click on the "unsubscribe" link in the footer of every marketing email, or by emailing privacy@briefvox.com. Withdrawal does not affect the lawfulness of processing performed before the withdrawal.
The Operator does not sell or share the User's email address with third parties for marketing purposes.
Support chat
The Service offers a support chat. We store the messages and any email address you provide in order to help you and answer your questions. The legal basis is our legitimate interest (handling enquiries) and performance of the contract.
Some replies are given by an AI assistant; we always label whether you are talking to AI or a human. Our team can read and continue the conversation. Do not share passwords or payment details in the chat.
We keep conversations no longer than necessary for support. After a conversation is closed you can still view it for 7 days, after which it is automatically and permanently deleted. You may request access to or deletion of your data at any time: privacy@briefvox.com.