← Back to Speecho Privacy Policy
Last updated: July 2026
Speecho ("we", "our", or "us") is operated by Maksym Soloviov, an individual entrepreneur (Фізична особа-підприємець / FOP) registered in Ukraine. Registration number and registered business address are available on written request at support@speecho.app. This policy explains what data we collect, how we use it, and your rights under GDPR, CCPA, and similar laws.
1. Data We Collect
- Account data: email address and a hashed password when you register.
- Transcription data: file name, detected language, duration, and the resulting text. Audio files are streamed to OpenAI and/or Groq for AI inference, or to Replicate when you enable speaker identification. Audio is not stored on our servers after processing completes. Generated AI summaries, notes, chapters and translations are stored alongside the transcript.
- Handwriting scans: photos you upload for text recognition are processed in memory and streamed to OpenAI for recognition. The images are never written to disk or stored — only the recognized text is saved, under the same 30-day rule as transcripts.
- Caption videos: a video you upload for subtitle burning is processed on our server; the finished subtitled video is stored temporarily so you can download it and is deleted within 24 hours. The extracted transcript follows the normal 30-day rule.
- Transcript chat: questions you ask about a transcript (and the AI answers) are processed transiently through the AI providers listed below and are not stored on our servers. The chat thread exists only in your browser.
- Live subtitles data: when you start a live subtitles session, microphone audio is streamed in real time through our server to Soniox for speech recognition and optional translation. The audio is relayed only — it is not stored by us. The resulting transcript is saved to your history when the session ends. If you explicitly enable the live viewing link during a session, the live transcript (text only, never audio) is visible in real time to anyone who has that link; the link is off by default and can be disabled at any moment. If the link is still enabled when the session ends, it keeps serving the saved transcript as a regular share link until you revoke it from your dashboard or delete the transcription.
- Payment data: all payment processing is handled by Paddle as our Merchant of Record. We store only the order ID and the amount of credits added. We never see, store, or process your card details.
- Usage data: IP address (used for rate limiting only, not retained long-term), request timestamps.
- Analytics data: aggregated, anonymous traffic data (page views, country, device type) collected by Cloudflare Web Analytics, and cookieless product analytics (page views, feature-usage events) collected by PostHog and processed in the EU. Neither sets cookies or persistent identifiers; no personal identification.
2. How We Use Your Data
- To provide and operate the transcription service.
- To send transactional emails (payment receipts, transcription results, account-related notifications). We use Resend for email delivery.
- To prevent abuse via rate limiting.
- To monitor errors and improve service stability via Sentry (only error context, no user content).
- To understand aggregate traffic patterns via Cloudflare Web Analytics and feature usage via PostHog (cookieless, processed in the EU).
- To enable optional public sharing of individual transcriptions when you explicitly request it. Sharing is per-transcription, opt-in, and revocable from your dashboard at any time.
3. Data Retention
- Transcription history (file name, text, metadata): automatically deleted after 30 days.
- Account data: retained until you delete your account.
- Guest data: stored on our servers and linked to a token in your browser. Empty guest sessions (no balance, no transcriptions) are automatically deleted after 24 hours. Guest sessions with a balance or transcription history are retained until you delete the session yourself; associated transcriptions still expire under the 30-day rule above.
- Caption renders (subtitled videos): deleted within 24 hours of completion.
- Payment records: retained for 7 years for tax and accounting compliance.
- Share links: when you opt to share a transcription, a random token is stored alongside it and remains valid until you disable sharing from your dashboard or until the parent transcription is deleted (under the 30-day rule above). Disabling sharing immediately invalidates the link for all visitors.
4. Third-Party Services
- OpenAI — performs AI inference for audio transcription (Whisper model), handwriting recognition on scanned images, and serves as fallback for text tasks (summaries, notes, chapters, chat, translations). Inputs are processed for inference only and are not used to train models by default for API usage, per OpenAI's data policy. Subject to OpenAI's Privacy Policy.
- Groq — alternative provider for audio transcription (Whisper Large v3) and the primary provider for text tasks: AI summaries, notes, chapters, transcript chat and translation (Llama 3.3). Inputs are processed for inference only and are not used to train models, per Groq's data policy. Subject to Groq's Privacy Policy.
- Replicate — runs the speaker identification model when you enable it before upload. Audio is processed for inference only. Subject to Replicate's Privacy Policy.
- Soniox — performs real-time speech recognition and translation for live subtitles. Microphone audio is streamed for inference only; Soniox is SOC 2 Type 2 and ISO/IEC 27001 certified and GDPR compliant. Subject to Soniox's Privacy Policy.
- Paddle — handles payments as Merchant of Record, including tax compliance. Subject to Paddle's Privacy Policy.
- Resend — delivers transactional emails (receipts, transcription results, password reset). Subject to Resend's Privacy Policy.
- Neon — hosts our PostgreSQL database.
- Railway — hosts our backend application.
- Cloudflare — hosts our landing pages and frontend app, and provides DNS, CDN, and Web Analytics.
- PostHog — cookieless product analytics (page views, feature-usage events), configured without cookies or persistent identifiers. Data is processed in the EU (PostHog EU cloud). Subject to PostHog's Privacy Policy.
- Sentry — error tracking and session replay (replays only triggered on errors; input fields are masked by default).
5. Cookies and Tracking
We do not use advertising or tracking cookies. Our PostHog analytics runs entirely without cookies or persistent browser identifiers. Authentication tokens are stored in your browser's localStorage for keeping you signed in. Cloudflare may set technical cookies necessary for security and basic functioning of the website.
6. International Data Transfers
Your data may be processed in the United States, the European Union, or Ukraine (where our team is based). We use providers that comply with GDPR and standard contractual clauses for cross-border transfers.
7. Your Rights
Under GDPR, CCPA, and similar laws, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Export your data in a portable format
- Object to specific processing activities
To exercise any of these rights, email us at privacy@speecho.app. We respond within 30 days.
8. Children's Privacy
The Service is not intended for users under 16 years old. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us immediately.
9. Changes
We may update this policy from time to time. The date at the top reflects the latest revision. Material changes will be communicated to registered users via email.
10. Contact
Questions? Email us at privacy@speecho.app.