Privacy Policy

What we collect

When you create an account, we collect your email address, your name (if provided), and an encrypted hash of your password. We never store your password in plain text.

When you upload a file, we temporarily store the audio or video on secure processing servers. The file is deleted after transcription completes, typically within one hour.

We store your transcripts in an encrypted database so you can access them later. You can delete any transcript at any time.

When you subscribe to a paid plan, payment information (card details, billing address) is collected and processed directly by Stripe. We never see or store your full card number.

We collect basic usage analytics (pages visited, features used, error logs) to improve the product. We do not use third-party advertising trackers.

How we use your data

Your audio files are used solely to generate transcripts. We do not listen to your recordings. We do not use your audio or transcripts to train AI models. Your content is processed, returned to you, and deleted from processing servers.

We use your email address to send account-related messages: verification, password resets, payment receipts, and transcript notifications. You can control notification preferences in your settings.

How we store your data

Audio files are stored in Cloudflare R2 during processing. User data (accounts, transcripts, settings) is stored in PostgreSQL. Payment data is stored by Stripe. All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database backups are encrypted. Access to production infrastructure requires multi-factor authentication and is restricted to authorized personnel.

When we delete your data

Audio files are automatically deleted from processing servers after transcription completes. The retention schedule for stored audio depends on your plan tier. You can delete any transcript from your dashboard at any time. Transcripts are kept according to your plan's retention policy unless you delete them sooner. You can enable auto-delete to remove transcripts after 7, 30, or 90 days. If you delete your account, all data (transcripts, audio, personal information) is permanently removed within 30 days. Account data is retained until you request deletion.

Third-party services

Stripe processes payments. We never see or store your card number. Stripe is PCI DSS Level 1 certified.

RunPod provides GPU servers for AI transcription. Audio files are transmitted securely, processed in isolated containers, and deleted after processing.

Resend delivers transactional emails (verification, password resets, notifications). Your email address is shared with Resend solely for delivery purposes.

We do not sell your data to any third party. We do not use advertising trackers.

Your rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access all personal data we hold about you
• Export your data in a portable format
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing of your data
• Withdraw consent at any time

To exercise any of these rights, email privacy@yanascript.com. We respond within 30 days.

Regional Data Protection

YanaScript complies with applicable data protection laws in the jurisdictions where we operate, including the GDPR (EU/EEA), CCPA (California), and other regional frameworks. We process personal data lawfully, fairly, and transparently. We collect only the data necessary to provide our services. You have the right to access, correct, and request deletion of your personal data. For data protection inquiries, contact privacy@yanascript.com.

HIPAA readiness

For healthcare organizations that handle protected health information (PHI), we offer a Business Associate Agreement (BAA) on the Business plan. The BAA covers data handling, breach notification, and compliance obligations. Contact support@yanascript.com to request a BAA.

Cookies

We use only functional cookies necessary for the application to work: authentication tokens (httpOnly, secure, same-site) and session preferences. We do not use tracking cookies, advertising cookies, or analytics cookies. No cookie banner is needed because we only use strictly necessary cookies.

Contact

For privacy questions or data requests, email privacy@yanascript.com. We aim to respond within 2 business days.