Privacy Policy
This Privacy Policy informs you about the type, scope and purpose of the processing of personal data within the online offering Scriber – including our web application and Android mobile app (hereinafter "Scriber", "we" or "us").
1. Controller (Art. 4 No. 7 GDPR)
Determin UG (haftungsbeschränkt)
Bahnhofstraße 33
38547 Calberlah
Email: [email protected]
2. Definitions
The definitions of Art. 4 GDPR apply (e.g. "personal data", "processing", "controller", "processor", "data subject").
3. Data Processing at a Glance
3.1 Web Application
| Feature | Processed Data | Purpose | Storage Duration | Legal Basis |
|---|---|---|---|---|
| Audio recording | Audio stream from microphone | Provide transcription service | Until deleted by user | Art. 6 (1) (b) GDPR |
| File upload & transcription | Uploaded audio files, metadata | Transcription of the file | Until deleted by user/account | Art. 6 (1) (b) GDPR |
| Cookies & Local Storage | Session tokens, UI & language settings | Authentication, UX | Auth cookies 24 h/7 d, preferences 7 d | Art. 6 (1) (b)/(f) GDPR |
| Usage analytics (Umami) | Page views, events, IP hash (one-way, not reversible) | Product improvement | 24 months | Art. 6 (1) (a) GDPR |
3.2 Android Mobile App "Scriber"
| Feature | Processed Data | Purpose | Storage Duration | Legal Basis |
|---|---|---|---|---|
| Audio recording | Audio stream from device microphone | Provide transcription service | Until deleted by user in app | Art. 6 (1) (b) GDPR |
| Audio file import | Audio files from device storage | Transcription of imported files | Until deleted by user in app | Art. 6 (1) (b) GDPR |
| User account | Email, encrypted password hash | Authentication, account management | Until account deletion | Art. 6 (1) (b) GDPR |
| Authentication tokens | JWT access & refresh tokens | Secure API access | Access token: until expiry; Refresh token: until logout | Art. 6 (1) (b) GDPR |
| App preferences | UI settings, transcription preferences | User experience | Until app uninstall or data clear | Art. 6 (1) (f) GDPR |
Android App Permissions
The Scriber Android app requests the following permissions:
| Permission | Purpose |
|---|---|
| Microphone (RECORD_AUDIO) | Record audio for transcription |
| Audio Files (READ_MEDIA_AUDIO) | Import existing audio files for transcription |
| Internet | Send audio to our servers for transcription, sync account data |
| Notifications | Inform you about transcription progress and completion |
| Foreground Service | Continue recording/transcription when app is in background |
Local Data Storage on Android
The Android app stores data locally on your device:
- Audio recordings: Stored in app-private storage, accessible only by Scriber
- Authentication tokens: Stored using Android EncryptedSharedPreferences with AES-256-GCM encryption
- User preferences: Stored using Android DataStore
- Recording metadata: Stored in a local Room database
This local data is never shared with third parties and remains on your device unless you explicitly upload recordings for transcription.
Availability Notification
- Data collected: Name, email address, company (optional)
- Purpose: Newsletter and product updates
- Storage: Secure mailbox ([email protected]); deleted after notification or upon request
- Legal basis: Art. 6 (1) (a) GDPR – consent (revocable at any time)
Contact Form
When you submit an enquiry via our website's contact form, we collect the personal data you provide (name, email address, message content, consent confirmation). We use this data exclusively to process and respond to your enquiry. The legal basis is Art. 6 (1) (b) GDPR. Your data will not be passed on without your consent and will be deleted once your enquiry has been fully resolved. By sending us your data, you automatically consent to our Privacy Policy and Terms of Service.
4. Purposes & Legal Bases
We process data only if at least one of the conditions of Art. 6 (1) GDPR is fulfilled. Typically:
- Contract performance & pre-contractual measures (lit. b)
- Consent (lit. a) – especially for analytics cookies
- Legitimate interest (lit. f) – e.g. technical provision of the service
5. Recipients & Third-Party Providers (This data is only processed in the demo version)
| Recipient / Service | Location | Role | Further information |
|---|---|---|---|
| Supabase Inc. (Cloud) | EU (AWS eu-central-1) | Processor (hosting, DB, auth, storage) | RLS, encryption in transit & at rest |
| Umami (self-hosted by Determin UG, Germany) | Germany | Processor | No cookies, anonymised usage statistics, one-way IP hash (cannot identify), no personal data stored |
| Requesty (Demo version only) | EU | Sub-processor (LLM post-processing) | Transmission of text snippets only; Standard Contractual Clauses |
| Google Play Services (Android app demo only) | USA | Sub-processor (authentication, billing) | Only when using Google Sign-In or in-app purchases; Google Privacy Policy applies |
| (optional) |
For on-premise deployments, no personal data is transferred to us or third parties; all data remains entirely within the customer's infrastructure.
6. Storage Period & Deletion
We store personal data only as long as it is required for the respective purpose or statutory retention periods apply.
7. Data Subject Rights
Data subjects have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21).
Consents can be withdrawn at any time with effect for the future.
8. Security of Processing
We take appropriate technical and organisational measures in accordance with Art. 32 GDPR:
Web Application:
- TLS encryption for all data in transit
- RLS policies in Supabase
- Access control and backups
Android App:
- All network traffic encrypted via HTTPS (TLS 1.2+)
- Authentication tokens stored using AES-256-GCM encryption
- Audio files stored in app-private directories
9. Reserved Right of Modification
We reserve the right to adapt this Privacy Policy. The current version is always available at /en/privacy.
10. Supervisory Authority
Complaints can be addressed to the competent data protection supervisory authority Berlin (BlnBDI).
11. Contact
Questions about data protection? Email: [email protected]