Privacy Policy

Data controller: Datastera s.r.o., Hůrská 381, 190 14 Praha 9, Czech Republic. IČO: 08670790. Contact: albert@talkminutes.ai.

Audio files you upload or email to us. Email address you provide at checkout. Stripe customer ID generated when you pay. Hashed identifiers for rate-limiting (SHA-256 truncated; not reversible). Job metadata (timestamps, duration, language, processing status).

We do not collect: passwords, account credentials, cookies for tracking (only essential consent), behavioural profiles, IP addresses beyond what Vercel needs for routing (~30 day log retention per their policy), or any data we don't strictly need. We never train AI models on your content.

Audio: deleted from our servers within 60 seconds of preview processing. Transcripts, summaries, PDFs: deleted within 60 minutes of the delivery email being sent. Email + Stripe customer ID: retained 7 years (Czech accounting law). Payment records: 7 years (Czech accounting law). Rate-limit counters: 24-72 hours (auto-expire).

We use the following GDPR-compliant sub-processors, all hosted in the EU: Vercel (Frankfurt, application hosting & Blob storage). Supabase (Frankfurt, database). Deepgram (EU endpoint, speech-to-text; "model improvement opt-out" enabled). Google Vertex AI (europe-west4 Netherlands, summarization; EU enterprise terms, no training on input). Stripe (Ireland, payment processing). Resend (EU sending region, transactional email). Cloudflare (Frankfurt, DNS & Email Routing). Sentry (EU region, error monitoring).

You have the right to: access your data, request correction, request erasure, object to processing, data portability, and lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ, www.uoou.cz). To exercise any right: email albert@talkminutes.ai. We respond within 30 days.

Your audio and transcripts stay in EU regions throughout processing. The only US transfer is hashed email addresses to Stripe Ireland (which itself does business in the EU under the EU-US Data Privacy Framework).

All endpoints use HTTPS/TLS 1.3. Database is encrypted at rest. API keys are stored in encrypted environment variables. Cloudflare Worker uses HMAC-SHA256 for backend authentication. We follow industry best practices for incident response. In the event of a data breach affecting your data, we will notify you and ÚOOÚ within 72 hours.

We will post any changes here with an updated effective date. Material changes will be notified by email to all customers with active payment records.