BriefVox AI Privacy Policy
Operator details
The operator of BriefVox AI is: Filip Ogonowski, a natural person conducting unregistered business activity within the meaning of Art. 5 of the Polish Act of 6 March 2018 – Entrepreneurs' Law, Generała Dezyderego Chłapowskiego 12, 05-825 Grodzisk Mazowiecki, Poland.
Customer support contact: support@briefvox.com.
Privacy and data protection contact: privacy@briefvox.com.
1. Purpose of this document
This Privacy Policy explains what personal data is processed in BriefVox AI, for what purposes, on what legal bases, to whom it may be disclosed, and what rights are available to data subjects.
2. Processing roles
With respect to account data, payments, communications, logs, and Service operations, the Operator generally acts as a data controller.
With respect to audio files, video files, linked media imports, and transcriptions uploaded or imported by business customers, the Operator may act as a data processor on behalf of the User. In that case, the Data Processing Agreement applies.
For individual users, audio files, video files, linked media imports, transcriptions and AI Notes are processed to deliver the Service features requested by the User, as described in this Privacy Policy and the Terms.
3. Categories of data
Category
Examples
Account data
email address, hashed password, user ID, interface language
Payment data
Stripe payment identifiers, payment status, amounts, currency, purchase history, invoices
Technical data
IP address, login logs, session identifiers, device data, a device identifier (cookie) and hashed technical signup data used to prevent Free-plan abuse, security events
Media files and imports
audio and video recordings uploaded by the User, media imported from links, file metadata, recording length, file format, source import URL, link import rights confirmation and confirmation metadata where applicable
Transcriptions and AI Notes
conversation text, timestamps, identified speakers, user edits, TXT/DOCX/SRT/VTT exports, AI Notes content (summaries, meeting notes, translations, reports, and other types), AI Notes downloads
Communications
support messages, complaints, bug reports, Operator responses
4. Possible special category data
Audio files, video files, linked media imports, and transcriptions may contain special category data, such as information about health, beliefs, religion, opinions, trade union membership, or other sensitive data. The Operator does not require such data to be uploaded or imported. The User is responsible for having an appropriate legal basis for processing and transferring such data to the Service.
5. Purposes and legal bases for processing
Purpose
Data
Legal basis / justification
Account creation and management
account data, technical data
performance of a contract or pre-contractual steps
Transcription service delivery
audio files, video files, linked media imports, transcriptions, metadata
performance of the service contract
AI Notes generation
transcript content, AI Tokens, AI Notes output
performance of the service contract
Payment and invoice processing
payment data, identifying data
performance of a contract, legal obligations, tax accounting
Complaint handling and support
communications, account data, transcription data needed for the case
performance of a contract, legitimate interest
Security and abuse prevention
logs, IP, activity history
legitimate interest of the Operator
Optional analytics
cookie/analytics data
user consent, where required
Direct marketing
email, preferences
consent or legitimate interest, depending on channel and scope
6. Data recipients and subprocessors
Data may be shared with service providers necessary for BriefVox AI to operate. The current provider list is set out in the Subprocessors Registry.
Provider / category
Purpose
Google LLC
OAuth 2.0 identity provider — identity verification when signing in via Google
Stripe
payment processing, invoicing, subscriptions, payment disputes
Backblaze B2 (Backblaze Inc.)
storage of audio files, video files, linked media imports, exports, and transcriptions
Amazon Web Services (AWS Bedrock)
AI Notes generation (summaries, notes, translations) from transcript text; audio/video transcription is performed locally on the Operator's infrastructure and audio files are not shared with this provider
Resend (Resend, Inc.)
delivery of system messages
Vercel Inc. (frontend hosting) and the Operator's own infrastructure
Vercel: hosting and delivery of the web application (frontend) and CDN; API, database, queues and transcription run on the Operator's own servers
Accounting firm, law firm
accounting, legal support, claims
7. Data transfers outside the EEA
Some providers may process data outside the European Economic Area. Current processing locations and transfer safeguards are set out in the Subprocessors Registry.
8. Retention periods
Data
Retention period
User account
for the duration of the account, then for the period required for billing, defence of claims, or legal obligations
Source files (audio files, video files, linked media imports)
automatically and permanently deleted 3 days after upload; the transcript generated from the recording is retained
Transcriptions
indefinitely on the User's account, until manually deleted or the account is closed, unless law requires longer retention
Payment data and invoices
for the period required by tax and accounting regulations
Security logs
up to 12 months
Cookie and marketing consents
until consent is withdrawn or for the technically valid period of the consent
9. Rights of data subjects
right of access to data,
right to rectification,
right to erasure,
right to restriction of processing,
right to data portability, where applicable,
right to object to processing based on legitimate interest,
right to withdraw consent, where processing is based on consent,
right to lodge a complaint with the President of the Personal Data Protection Office (UODO).
9.1 Account data access and export
The User may request access to data and a copy of data relating to their account. After verifying the request, the Operator may provide a readable electronic report and a technical JSON variant.
The report may include data currently available in the system for the account: account data, legal acceptances, AI Notes consents, payments, subscriptions, promotions, minute balances, AI Token balances, operation history, transcription metadata, transcript segments and generated AI Notes, where the feature was used.
The export does not include passwords, storage keys, internal administrative logs, full AI provider prompts, or data whose disclosure could adversely affect the rights and freedoms of others.
In response to an access request, the Operator also provides information about processing purposes, data categories, recipients or recipient categories, retention periods, data sources and data subject rights to the extent required by GDPR.
10. Automated processing and AI
Transcription is performed automatically by an AI system. The system generates text and identifies speakers based on the audio track from a file, video, or linked media import. The output may contain errors and should be verified by the User. The Service must not make decisions with legal effects for the User based solely on automated processing without a separate explanation and legal basis.
11. Security
private file storage with no public file links,
temporary presigned URLs for downloading or playing back files,
encryption in transit,
limited administrative access,
security event logging,
account access control mechanisms.
12. Account and data deletion
The User may request account deletion or independently delete audio files, video files, linked media imports, and transcriptions if the feature is available in the dashboard. Deletion does not extend to data that the Operator is required to retain under applicable law, for billing, security, or claims purposes.
The User may download a self-service export of their account data (pursuant to Article 15 GDPR) from the My Data panel available in the privacy settings. The export covers account data, payment history, minute and AI Token balances, subscription details, and a list of transcriptions and AI Notes.
13. Sign in with Google and Google user data (Google API Services)
BriefVox AI offers optional sign-in and registration with Google ("Sign in with Google"). This section explains how the application accesses, uses, stores, shares, and deletes Google user data.
Data accessed: we use only the OAuth scopes openid, email, and profile. Through them we obtain your unique Google account identifier (Google ID), your email address together with its verification status, and basic profile information (name). We do not access Gmail, Google Drive, Calendar, Contacts, or any other Google service or data.
Data usage: we use Google user data solely to create and authenticate your BriefVox AI account, link your Google identity to an existing account, pre-fill your display name, and confirm that your email address is verified. We do not use Google user data for advertising or to train AI/ML models.
Data sharing: we do not sell or share Google user data with third parties for their own purposes. It is processed only within our own infrastructure (the hosting and database providers listed in section 6) in order to operate sign-in and your account.
Data storage and protection: your Google ID, email address, and name are stored in our database and protected by the measures described in section 11 (encryption in transit, limited administrative access, account access control mechanisms). The Google OAuth access token received from Google is used only momentarily to retrieve your profile data and is not stored by us.
Data retention and deletion: Google user data is retained for the duration of your account. It is deleted when you delete your account, except for data the Operator is required to retain under applicable law. You may request deletion of your data or unlinking of Google sign-in at any time by contacting us at the address in section 14 or via the My Data panel available in your privacy settings.
Limited Use: BriefVox AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
14. Contact
For privacy matters: privacy@briefvox.com. For account and support matters: support@briefvox.com.
Где мы обрабатываем транскрипцию
Транскрипция аудио/видео выполняется на собственной инфраструктуре Оператора в пределах Европейского союза (локальная обработка на серверах Оператора). Мы НЕ передаём ваши записи сторонним поставщикам транскрипции.
Файлы хранятся у нашего субобработчика хранилища (Backblaze B2, ЕС). AI Notes необязательны и обрабатываются нашим ИИ-субобработчиком (AWS Bedrock, ЕС) только когда вы решаете их сгенерировать.
Если такая опция доступна и включена, Сервис может выполнить локальную очистку звука перед транскрипцией (например, нормализацию громкости или шумоподавление). Она выполняется на той же инфраструктуре Оператора в ЕС и не предполагает передачу записей третьим лицам.
Маркетинговая коммуникация и транзакционные письма
Оператор отправляет две категории писем: (а) транзакционные (подтверждения оплаты, оповещения безопасности, верификация аккаунта, сброс пароля, изменения условий) — необходимы для исполнения договора; отказ возможен только закрытием аккаунта; (б) маркетинговые (новости, советы, предложения) — только после отдельного добровольного согласия (opt-in).
Маркетинговое согласие можно отозвать в любой момент одним кликом по ссылке «отписаться» в каждом маркетинговом письме, или по email privacy@briefvox.com. Отзыв не влияет на законность обработки до отзыва.
Оператор не продаёт и не передаёт email Пользователя третьим лицам для маркетинговых целей.
Чат поддержки
В Сервисе доступен чат поддержки. Мы храним сообщения и указанный вами адрес электронной почты, чтобы помочь и ответить на вопросы. Правовое основание — наш законный интерес (обработка обращений) и исполнение договора.
Некоторые ответы даёт AI-ассистент; мы всегда указываем, общаетесь ли вы с ИИ или с человеком. Наша команда может читать и продолжать разговор. Не сообщайте в чате пароли или платёжные данные.
Мы храним разговоры не дольше, чем это необходимо для поддержки. После закрытия разговора вы можете просматривать его ещё 7 дней; затем он автоматически и окончательно удаляется. Вы можете в любое время запросить доступ или удаление: privacy@briefvox.com.