BriefVox AIBriefVox AI
Inicio

BriefVox AI

Data Processing Agreement

Última actualización: 2026-05-22

Este documento aún no tiene traducción legal dedicada para el idioma elegido. Se muestra la versión disponible.

BriefVox AI Data Processing Agreement

Parties

Data Controller / Client: the user or organization using BriefVox AI as data controller.

Data Processor / BriefVox AI: Wojciech Ogonowski, osoba fizyczna prowadząca działalność nierejestrowaną w rozumieniu art. 5 ustawy – Prawo przedsiębiorców, Grodzisk Mazowiecki, Polska.

1. Subject matter

This Agreement sets out the terms for entrusting the processing of personal data in connection with the Client's use of BriefVox AI, in particular the processing of audio files, video files, linked media imports, transcriptions, metadata, and exports.

2. Nature and purposes of processing

receiving audio files, video files, or media links from the Client,

storing files in encrypted storage,

automatic transcription of the audio track to text,

speaker identification and generation of timestamps,

providing the online editor and TXT/DOCX/SRT/VTT exports,

generating AI Notes (summaries, meeting notes, translations, reports, and other types) from transcript content, where the Client uses that feature,

technical operations, security, backups, and logging.

3. Categories of data subjects and data

Category

Description

Categories of data subjects

individuals appearing in recordings, employees, contractors, conversation partners, the Client's customers, persons who have communicated with the Client

Categories of data

voice recordings, statements, names, contact details, company data, information contained in conversations, timestamps, speaker identification, content of automatically generated AI Notes (where the feature is active)

Special category data

may appear incidentally or intentionally in a recording if uploaded by the Client; the Client is responsible for the legal basis for processing such data

4. Duration of processing

Processing continues for the period during which the Client uses the Service and for the period during which files and transcriptions are stored in the Client's account, until they are deleted, the account is closed, or the agreement is terminated, taking into account backup retention and legal obligations.

5. Obligations of the processor

Process data only on documented instructions from the Client, unless required otherwise by law.

Ensure that persons authorized to process data are bound by confidentiality obligations.

Implement appropriate technical and organizational measures to protect data.

Assist the Client in fulfilling the rights of data subjects, to the extent technically possible.

Assist the Client in handling personal data breaches, where the breach relates to entrusted data.

Upon termination of services, delete or return data in accordance with the Client's instructions, unless law requires continued retention.

Provide the information necessary to demonstrate compliance with processing obligations, within reasonable limits and with protection of business confidentiality and the security of other clients.

6. Client obligations

The Client is responsible for the lawfulness of recordings, source links, and data submitted to BriefVox AI.

The Client is responsible for fulfilling information obligations towards individuals whose data is included in recordings, where applicable.

The Client must not upload or import data that it is not permitted to process or submit for transcription.

The Client must secure its own account and user access on the Client's side.

7. Subprocessors

BriefVox AI may engage subprocessors necessary for the delivery of the service. The current subprocessor list is set out below and in the Subprocessors Registry.

Subprocessor

Role

Location / transfer

Stripe

payments and billing

Irlandia (Stripe Payments Europe Ltd., Irlandia; Stripe, Inc., USA)

S3 provider / hosting

file storage and infrastructure

USA / EU (Cloudflare R2)

AI transcription provider

audio/video media transcription

USA (Google) / UE (AWS eu-north-1)

Email provider

system notifications

USA

BriefVox AI must notify the Client of material changes to the list of subprocessors, giving the opportunity to raise a reasoned objection to the extent required by GDPR and the agreement.

8. Security measures

encryption in transit,

private file storage,

temporary file access links,

administrative access controls,

security event logging,

limited staff access to data,

user data segregation,

data breach procedure.

9. Personal data breaches

BriefVox AI must notify the Client of any breach of entrusted personal data without undue delay after becoming aware of it, providing available information to allow the Client to assess the risk and fulfil its legal obligations.

10. Audit

The Client may request information confirming the application of data protection measures. On-site audits require prior agreement on timing, scope, and confidentiality rules, and must be conducted in a manner that does not compromise the security or confidentiality of other clients' data.

11. Termination

Upon termination of services, BriefVox AI will delete or return data in accordance with the Client's instructions, unless law requires continued retention. Data held in backups may be deleted in accordance with the backup retention cycle.

Annex 1 — Processing instructions

Element

Description

Subject matter

transcription of audio files, video files, and linked media imports, and provision of results

Duration

duration of the account and data retention period

Purpose

delivery of the transcription service

Categories of data

audio files, video files, linked media imports, transcriptions, metadata, timestamps, speaker identifications, AI Notes content (where the feature is active)

Categories of data subjects

individuals present in the recordings

TérminosPrivacidadCookiesReembolsosSuscripcionesAI NotesDPARetención de datosSeguridadSubprocesadoresContactoFAQConfiguración de cookies