← HomeBlog

Privacy & Security

Last updated: May 2026

What we store

  • Your email address (for authentication and notifications)
  • Account balance and transaction history (for billing)
  • Transcription text, summaries, and action points (until you delete them)
  • Job metadata: timestamps, costs, and status
  • Your WhatsApp phone number (only if you link one in Settings to use the WhatsApp endpoint)

Audio files

Your audio files are not storedon our servers beyond the brief window needed to hand them to AssemblyAI for transcription. Web uploads stage on Vercel Blob with private access and are deleted by our code once AssemblyAI confirms receipt; WhatsApp voice notes are downloaded from Meta's servers into memory, forwarded to AssemblyAI, and never written to our disk. AssemblyAI deletes audio data after processing in accordance with their data processing agreement.

WhatsApp integration

Linking a phone number to your account is optional and lets you send voice notes from WhatsApp to be transcribed against your account's balance. When you use the WhatsApp endpoint:

  • Meta's WhatsApp Business Platform receives your message and forwards it to our webhook. Meta retains messages per their own retention policy.
  • We read your sender phone number, message contents (text), and audio attachment ID, then download the audio for processing.
  • Onboarding uses a 6-digit one-time code sent to your email address. The code expires in 10 minutes and we only store its SHA-256 hash, not the code itself.
  • We do not send unsolicited WhatsApp messages and we do not use your WhatsApp number for marketing.
  • You can disconnect the link at any time from Settings.

Third-party processors

AssemblyAI (speech-to-text)

Processes your audio into text. Audio data is deleted after processing and is not used to train their models. See their Data Processing Addendum.

OpenAI via Vercel AI Gateway (summarisation)

Your transcript text (not audio) is sent to OpenAI's gpt-4o-mini model through the Vercel AI Gateway to generate summaries and action points. Data sent through the API is not used to train OpenAI's models per their API data usage policy.

Paystack (payments)

Handles payment processing. Card details are stored on Paystack's PCI DSS-compliant infrastructure. We only store transaction reference IDs and amounts — never card numbers or CVVs.

Neon (database hosting)

Your data is stored in a Neon Postgres database with encryption at rest and in transit (TLS).

Meta WhatsApp Business Platform (optional)

If you link a phone number in Settings or message our WhatsApp number directly, Meta is the platform that receives and forwards your messages. See Meta's WhatsApp Business Policy and WhatsApp Privacy Policy.

AWS Simple Email Service (transactional email)

Sends magic-link sign-in emails, transcript-ready notifications, and the WhatsApp verification code. Stores only the email envelope (recipient, subject, send timestamp) for delivery reliability.

Cookies

We use a single session cookie (better-auth.session_token) for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

Your rights

  • Delete transcriptions: You can delete any transcription from your job detail page. The transcript text, summary, and action points are permanently removed. Billing records (cost, timestamps) are retained for accounting purposes.
  • Delete your account: You can delete your entire account from the Settings page. This permanently removes all your data including transcriptions, transaction history, and your email address.
  • Data portability: Contact us to request an export of your data.

POPIA & GDPR

We process your personal data on the basis of contract performance — you initiate each transcription and top-up voluntarily. You may exercise your right to erasure at any time by deleting your transcriptions or your account.

Contact

For privacy-related questions, email privacy@transcribe-it.co.za.