← Back to Speecho

Privacy Policy

Last updated: May 2026

Speecho ("we", "our", or "us") operates the Speecho speech-to-text service. This policy explains what data we collect, how we use it, and your rights under GDPR, CCPA, and similar laws.

1. Data We Collect

• Account data: email address and a hashed password when you register.
• Transcription data: file name, detected language, duration, and the resulting text. Audio files are streamed to OpenAI for processing and are not stored on our servers.
• Payment data: all payment processing is handled by Paddle as our Merchant of Record. We store only the order ID and the amount of credits added. We never see, store, or process your card details.
• Usage data: IP address (used for rate limiting only, not retained long-term), request timestamps.
• Analytics data: aggregated, anonymous traffic data (page views, country, device type) collected by Cloudflare Web Analytics. No cookies are set; no personal identification.

2. How We Use Your Data

• To provide and operate the transcription service.
• To send transactional emails (payment receipts, transcription results, account-related notifications). We use Resend for email delivery.
• To prevent abuse via rate limiting.
• To monitor errors and improve service stability via Sentry (only error context, no user content).
• To understand aggregate traffic patterns via Cloudflare Web Analytics.

3. Data Retention

• Transcription history (file name, text, metadata): automatically deleted after 30 days.
• Account data: retained until you delete your account.
• Guest data: stored on our servers and linked to a token in your browser; deleted automatically after 90 days of inactivity.
• Payment records: retained for 7 years for tax and accounting compliance.

4. Third-Party Services

• OpenAI — processes audio files for transcription. Files are sent for inference only and are not used by OpenAI to train models. Subject to OpenAI's Privacy Policy.
• Paddle — handles payments as Merchant of Record, including tax compliance. Subject to Paddle's Privacy Policy.
• Resend — delivers transactional emails. Subject to Resend's Privacy Policy.
• Neon — hosts our PostgreSQL database in the EU/US region.
• Railway — hosts our backend application.
• Cloudflare — hosts our static landing pages and provides DNS, CDN, and Web Analytics.
• Sentry — error tracking and session replay (replays only triggered on errors).

5. Cookies and Tracking

We do not use advertising or tracking cookies. Authentication tokens are stored in your browser's localStorage for keeping you signed in. Cloudflare may set technical cookies necessary for security and basic functioning of the website.

6. International Data Transfers

Your data may be processed in the United States, the European Union, or Ukraine (where our team is based). We use providers that comply with GDPR and standard contractual clauses for cross-border transfers.

7. Your Rights

Under GDPR, CCPA, and similar laws, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Export your data in a portable format
• Object to specific processing activities

To exercise any of these rights, email us at privacy@speecho.app. We respond within 30 days.

8. Children's Privacy

The Service is not intended for users under 16 years old. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us immediately.

9. Changes

We may update this policy from time to time. The date at the top reflects the latest revision. Material changes will be communicated to registered users via email.

10. Contact

Questions? Email us at privacy@speecho.app.