🌐 English
English Türkçe Deutsch Français Español Português العربية 中文 日本語 한국어

Privacy Policy

Plain-language summary: We process your audio in server memory to create a transcript, then delete it immediately. We don't store audio on disk, don't use it for AI training, and don't share it with anyone. Your transcripts are encrypted on your device and under your control. We keep only pseudonymous billing records.

Last updated: March 2026

What We Never Do

Data We Don’t Collect or Store

  • Store audio on disk — ever
  • Store your email address or name
  • Log or store IP addresses
  • Use recordings to train AI models
  • Share data with advertisers or brokers
  • Track behaviour across apps or sessions
  • Collect contacts, location, or biometric data
  • Retain data after account deletion

What We Do Store

Data We Collect

Server-side (persistent until account deletion)

Data Purpose
Pseudonymous user ID (SHA-256 hash of your account ID) Account identity — cannot be reversed
Pseudonymous device identifier (SHA-256 hash of device properties) Abuse prevention — cannot be reversed
Account balance (USD) Credit management
Free transcription minutes remaining Welcome bonus tracking
Account creation and last update timestamps Account management

Per-job records (stored for each completed transcription):

Data Purpose
Audio duration (seconds) Service analytics
File size (bytes) Service analytics
Word count Service analytics
Cost charged (USD) Billing record
Processing timestamps Service analytics
No audio content or transcript text is ever included in per-job records. These records contain only metadata (numbers and timestamps) — never the words you said.

Server-side (transient — deleted after processing)

Data When Deleted
Audio file Immediately after transcription completes
Transcript text After you confirm receipt (acknowledgment)

On your device (encrypted)

Data Retention
Transcripts (text, segments, metadata) Until you delete them
Offline upload queue Removed after successful upload
App settings and consent records Until sign-out or account deletion
Encryption key In iOS Keychain / Android Keystore — deleted with the app

Optional (opt-in only)

Data Purpose
Crash reports App stability via SafeScribe’s own crash reporting endpoint — all PII stripped before sending
The server never stores your name, email address, IP address, audio content, or transcript text. The only persistent records linked to your account are a non-reversible user hash, a pseudonymous device identifier, a credit balance, and usage statistics (numbers only — no content, no identity).

Complete Deletion

Deleting the App vs. Deleting Your Account

These are two distinct actions with different outcomes:

Action What happens Your balance
Delete the app Local transcripts and encryption key removed from your device Preserved on the server — reinstalling and signing in with the same account fully restores it
Delete your account Every server-side record permanently erased — cannot be undone Gone
Reinstall anytime. If you delete the app without deleting your account, reinstalling and signing in with the same Google or Apple account restores your full balance and access — no action required.

Account Deletion — Zero Data Remaining

Deleting your account from Privacy Settings permanently removes every server-side record:

  • Pseudonymous user IDpermanently deleted
  • Pseudonymous device identifierpermanently deleted
  • Credit balancepermanently deleted
  • Free minutes remainingpermanently deleted
  • All per-job statisticspermanently deleted
  • Daily backupoverwritten within 24 hours — no copy remains anywhere

This is not anonymisation. Your records do not persist in aggregated or modified form — they are gone. The single daily backup is overwritten within 24 hours of deletion, after which no copy of your data exists in any system.

Using the in-app deletion constitutes your formal exercise of the right to erasure under GDPR Art. 17 and KVKK Art. 11(e). If you cannot access your account, contact privacy@safescribe.dev to submit a deletion request by email.

Audio Processing

Zero Disk Policy

Your audio: Upload --> RAM --> AI transcription --> Deliver --> DELETE (immediate) Our disk: Balance records only — no audio, no transcript, no email
  • RAM-onlyaudio processed in volatile memory only
  • Never written to disknot even temporarily
  • No AI trainingyour audio is never used to improve models
  • Self-hosted AIno third-party AI service receives your audio
  • TTL failsafedata self-destructs even if deletion code fails

Authentication

Sign-In via Google or Apple

We use OpenID Connect (OIDC) via Google Sign-In and Sign in with Apple.

What the provider sends us What we do with it
Account ID Hashed (SHA-256 + salt) — original discarded
Email address Used for authentication only — not stored
Display name Not stored

We do not access your contacts, calendar, or any other account data.

Payments

Billing via App Stores

Payments are processed entirely by Apple App Store or Google Play Store. SafeScribe never receives, stores, or processes credit card numbers or payment details. We receive only a purchase receipt for balance verification.

Payment records held by Apple or Google are outside SafeScribe's control and are not covered by SafeScribe's account deletion process. To manage those records, contact Apple Support or Google Play Support directly.

Error Tracking

Crash Reports (Optional)

We send optional crash reports to SafeScribe’s own crash reporting endpoint. This is off by default and can be toggled from Privacy Settings at any time.

Before any report is transmitted, the following are automatically removed:

Redacted: email addresses · phone numbers · IP addresses · file paths · authentication tokens

Retained: error type and stack trace · device model · OS version · app version

Third Parties

Third-Party Services

We use the following services. No audio, transcript content, or personal information beyond what is noted is shared with any third party.

Service Purpose Data shared Privacy Policy
Google Sign-In Authentication OIDC token only policies.google.com/privacy
Apple Sign-In Authentication OIDC token only apple.com/legal/privacy
Apple App Store In-app purchases Purchase receipt only apple.com/legal/privacy
Google Play Store In-app purchases Purchase receipt only policies.google.com/privacy
SafeScribe crash endpoint Crash reporting (opt-in) Anonymised error report — PII stripped SafeScribe-operated, no third party

Legal Basis

Processing activity GDPR Basis KVKK Basis (Turkey) Required?
Audio transcription Art. 6(1)(b) — Contract Explicit consent Required to use the service
Account & billing Art. 6(1)(b) — Contract Contract performance Required to use the service
Authentication (OIDC) Art. 6(1)(b) — Contract Contract performance Required to use the service
In-app purchases Art. 6(1)(b) — Contract Contract performance Required to make purchases
Crash reporting Art. 6(1)(a) — Consent Explicit consent Optional

Providing data for transcription, authentication, and billing is required to use SafeScribe. Crash reporting is optional — the service operates fully without it.

Your Rights

What You Can Do

  • Accessview all your transcripts in the app at any time
  • Deleteremove individual transcripts or delete your entire account from Privacy Settings; account deletion leaves zero rows in any database
  • Exportshare or export transcripts, or request a full data export from Privacy Settings
  • Opt out of diagnosticsturn off crash reporting in Privacy Settings
  • Withdraw consentsign out and delete your account at any time
  • CCPA opt-outtoggle "Do Not Sell or Share" in Privacy Settings
  • No automated decisionswe never make automated decisions about you, including profiling with legal or similarly significant effects (GDPR Art. 22)
  • Lodge a complaintEU/EEA residents may contact their national supervisory authority (edpb.europa.eu); Turkey residents may contact KVKK (kvkk.gov.tr)

For any request you can’t complete in-app, contact privacy@safescribe.dev.

Legal

Additional Information

Data controller. SafeScribe is operated by an independent developer based in Turkey. Contact: privacy@safescribe.dev. No Data Protection Officer (DPO) has been appointed — processing is not carried out at large scale and no special-category data is systematically retained (audio is processed ephemerally in RAM only, never persisted to disk).

Backups. A single daily backup of account records (pseudonymous ID, balance, usage statistics) is maintained for service continuity. Each backup overwrites the previous one. Data deleted by account deletion is removed from live systems immediately and from the backup within 24 hours.

International transfers. If you use SafeScribe from the EU/EEA, your audio and account data are processed on servers in Turkey. Turkey does not currently hold an EU adequacy decision; transfers are covered by your explicit informed consent at first launch (GDPR Art. 49(1)(a)). For Turkey (KVKK — Turkey’s Personal Data Protection Law) users, cross-border transfer is authorised by explicit consent at first launch under KVKK Art. 9.

Children. SafeScribe is rated 17+ on the App Store and Google Play and is not intended for users under 17. We do not knowingly collect data from anyone under 17. In jurisdictions where 18 is the age of full legal capacity (including Turkey), users aged 17 require parental or guardian consent before using the app.

Policy changes. We will update this page when our practices change. The “Last updated” date above reflects the most recent revision.

Contact

Get in Touch

Topic Contact
Privacy requests, data deletion, rights privacy@safescribe.dev
Security vulnerabilities security@safescribe.dev
General support support@safescribe.dev