BriefVox AI Privacy Policy
Operator details
The operator of BriefVox AI is: Filip Ogonowski, a natural person conducting unregistered business activity within the meaning of Art. 5 of the Polish Act of 6 March 2018 – Entrepreneurs' Law, Generała Dezyderego Chłapowskiego 12, 05-825 Grodzisk Mazowiecki, Poland.
Customer support contact: support@briefvox.com.
Privacy and data protection contact: privacy@briefvox.com.
1. Purpose of this document
This Privacy Policy explains what personal data is processed in BriefVox AI, for what purposes, on what legal bases, to whom it may be disclosed, and what rights are available to data subjects.
2. Processing roles
With respect to account data, payments, communications, logs, and Service operations, the Operator generally acts as a data controller.
With respect to audio files, video files, linked media imports, and transcriptions uploaded or imported by business customers, the Operator may act as a data processor on behalf of the User. In that case, the Data Processing Agreement applies.
For individual users, audio files, video files, linked media imports, transcriptions and AI Notes are processed to deliver the Service features requested by the User, as described in this Privacy Policy and the Terms.
3. Categories of data
Category
Examples
Account data
email address, hashed password, user ID, interface language
Payment data
Stripe payment identifiers, payment status, amounts, currency, purchase history, invoices
Technical data
IP address, login logs, session identifiers, device data, a device identifier (cookie) and hashed technical signup data used to prevent Free-plan abuse, security events
Media files and imports
audio and video recordings uploaded by the User, media imported from links, file metadata, recording length, file format, source import URL, link import rights confirmation and confirmation metadata where applicable
Transcriptions and AI Notes
conversation text, timestamps, identified speakers, user edits, TXT/DOCX/SRT/VTT exports, AI Notes content (summaries, meeting notes, translations, reports, and other types), AI Notes downloads
Communications
support messages, complaints, bug reports, Operator responses
4. Possible special category data
Audio files, video files, linked media imports, and transcriptions may contain special category data, such as information about health, beliefs, religion, opinions, trade union membership, or other sensitive data. The Operator does not require such data to be uploaded or imported. The User is responsible for having an appropriate legal basis for processing and transferring such data to the Service.
5. Purposes and legal bases for processing
Purpose
Data
Legal basis / justification
Account creation and management
account data, technical data
performance of a contract or pre-contractual steps
Transcription service delivery
audio files, video files, linked media imports, transcriptions, metadata
performance of the service contract
AI Notes generation
transcript content, AI Tokens, AI Notes output
performance of the service contract
Payment and invoice processing
payment data, identifying data
performance of a contract, legal obligations, tax accounting
Complaint handling and support
communications, account data, transcription data needed for the case
performance of a contract, legitimate interest
Security and abuse prevention
logs, IP, activity history
legitimate interest of the Operator
Optional analytics
cookie/analytics data
user consent, where required
Direct marketing
email, preferences
consent or legitimate interest, depending on channel and scope
6. Data recipients and subprocessors
Data may be shared with service providers necessary for BriefVox AI to operate. The current provider list is set out in the Subprocessors Registry.
Provider / category
Purpose
Google LLC
OAuth 2.0 identity provider — identity verification when signing in via Google
Stripe
payment processing, invoicing, subscriptions, payment disputes
Backblaze B2 (Backblaze Inc.)
storage of audio files, video files, linked media imports, exports, and transcriptions
Amazon Web Services (AWS Bedrock)
AI Notes generation (summaries, notes, translations) from transcript text; audio/video transcription is performed locally on the Operator's infrastructure and audio files are not shared with this provider
Resend (Resend, Inc.)
delivery of system messages
Vercel Inc. (frontend hosting) and the Operator's own infrastructure
Vercel: hosting and delivery of the web application (frontend) and CDN; API, database, queues and transcription run on the Operator's own servers
Accounting firm, law firm
accounting, legal support, claims
7. Data transfers outside the EEA
Some providers may process data outside the European Economic Area. Current processing locations and transfer safeguards are set out in the Subprocessors Registry.
8. Retention periods
Data
Retention period
User account
for the duration of the account, then for the period required for billing, defence of claims, or legal obligations
Source files (audio files, video files, linked media imports)
automatically and permanently deleted 3 days after upload; the transcript generated from the recording is retained
Transcriptions
indefinitely on the User's account, until manually deleted or the account is closed, unless law requires longer retention
Payment data and invoices
for the period required by tax and accounting regulations
Security logs
up to 12 months
Cookie and marketing consents
until consent is withdrawn or for the technically valid period of the consent
9. Rights of data subjects
right of access to data,
right to rectification,
right to erasure,
right to restriction of processing,
right to data portability, where applicable,
right to object to processing based on legitimate interest,
right to withdraw consent, where processing is based on consent,
right to lodge a complaint with the President of the Personal Data Protection Office (UODO).
9.1 Account data access and export
The User may request access to data and a copy of data relating to their account. After verifying the request, the Operator may provide a readable electronic report and a technical JSON variant.
The report may include data currently available in the system for the account: account data, legal acceptances, AI Notes consents, payments, subscriptions, promotions, minute balances, AI Token balances, operation history, transcription metadata, transcript segments and generated AI Notes, where the feature was used.
The export does not include passwords, storage keys, internal administrative logs, full AI provider prompts, or data whose disclosure could adversely affect the rights and freedoms of others.
In response to an access request, the Operator also provides information about processing purposes, data categories, recipients or recipient categories, retention periods, data sources and data subject rights to the extent required by GDPR.
10. Automated processing and AI
Transcription is performed automatically by an AI system. The system generates text and identifies speakers based on the audio track from a file, video, or linked media import. The output may contain errors and should be verified by the User. The Service must not make decisions with legal effects for the User based solely on automated processing without a separate explanation and legal basis.
11. Security
private file storage with no public file links,
temporary presigned URLs for downloading or playing back files,
encryption in transit,
limited administrative access,
security event logging,
account access control mechanisms.
12. Account and data deletion
The User may request account deletion or independently delete audio files, video files, linked media imports, and transcriptions if the feature is available in the dashboard. Deletion does not extend to data that the Operator is required to retain under applicable law, for billing, security, or claims purposes.
The User may download a self-service export of their account data (pursuant to Article 15 GDPR) from the My Data panel available in the privacy settings. The export covers account data, payment history, minute and AI Token balances, subscription details, and a list of transcriptions and AI Notes.
13. Sign in with Google and Google user data (Google API Services)
BriefVox AI offers optional sign-in and registration with Google ("Sign in with Google"). This section explains how the application accesses, uses, stores, shares, and deletes Google user data.
Data accessed: we use only the OAuth scopes openid, email, and profile. Through them we obtain your unique Google account identifier (Google ID), your email address together with its verification status, and basic profile information (name). We do not access Gmail, Google Drive, Calendar, Contacts, or any other Google service or data.
Data usage: we use Google user data solely to create and authenticate your BriefVox AI account, link your Google identity to an existing account, pre-fill your display name, and confirm that your email address is verified. We do not use Google user data for advertising or to train AI/ML models.
Data sharing: we do not sell or share Google user data with third parties for their own purposes. It is processed only within our own infrastructure (the hosting and database providers listed in section 6) in order to operate sign-in and your account.
Data storage and protection: your Google ID, email address, and name are stored in our database and protected by the measures described in section 11 (encryption in transit, limited administrative access, account access control mechanisms). The Google OAuth access token received from Google is used only momentarily to retrieve your profile data and is not stored by us.
Data retention and deletion: Google user data is retained for the duration of your account. It is deleted when you delete your account, except for data the Operator is required to retain under applicable law. You may request deletion of your data or unlinking of Google sign-in at any time by contacting us at the address in section 14 or via the My Data panel available in your privacy settings.
Limited Use: BriefVox AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
14. Contact
For privacy matters: privacy@briefvox.com. For account and support matters: support@briefvox.com.
Onde processamos a transcrição
A transcrição de áudio/vídeo é realizada na infraestrutura própria do Operador dentro da União Europeia (processamento local nos servidores do Operador). NÃO enviamos as suas gravações a fornecedores de transcrição terceiros.
Os ficheiros são armazenados no nosso subcontratante de armazenamento (Backblaze B2, UE). As AI Notes são opcionais e processadas pelo nosso subcontratante de IA (AWS Bedrock, UE) apenas quando decide gerá-las.
Se essa opção estiver disponível e ativada, o Serviço pode realizar limpeza local de áudio antes da transcrição (por exemplo, normalização de volume ou redução de ruído). É executada na mesma infraestrutura do Operador na UE e não implica transferência das gravações a terceiros.
Comunicação de marketing e email transacional
O Operador envia duas categorias de emails: (a) transacionais (confirmações de pagamento, alertas de segurança, verificação de conta, redefinição de senha, alterações de termos) — necessários para executar o contrato; opt-out apenas encerrando a conta; (b) marketing (novidades, dicas, ofertas) — apenas após consentimento separado e voluntário (opt-in).
O consentimento de marketing pode ser retirado a qualquer momento com um clique no link "cancelar subscrição" no rodapé de cada email de marketing, ou por email para privacy@briefvox.com. A retirada não afeta a licitude do tratamento anterior.
O Operador não vende nem partilha o email do Utilizador com terceiros para fins de marketing.
Chat de apoio
O Serviço oferece um chat de apoio. Armazenamos as mensagens e qualquer e-mail que forneça para o ajudar e responder às suas perguntas. A base jurídica é o nosso interesse legítimo (tratamento de pedidos) e a execução do contrato.
Algumas respostas são dadas por um assistente de IA; indicamos sempre se está a falar com a IA ou com uma pessoa. A nossa equipa pode ler e continuar a conversa. Não partilhe palavras-passe nem dados de pagamento no chat.
Mantemos as conversas apenas pelo tempo necessário para apoio. Após uma conversa ser encerrada, pode vê-la durante mais 7 dias; depois é eliminada automática e permanentemente. Pode solicitar acesso ou eliminação a qualquer momento: privacy@briefvox.com.