Back to Home

Privacy Policy

Last updated: December 31, 2024
Effective date: December 31, 2024

Introduction

Welcome to VerbScribe ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our:

  • Web Application at verbscribe.com
  • Chrome Browser Extension ("VerbScribe - Voice to Text")
  • Mobile Application (Android)
  • Related services and APIs

By using VerbScribe, you agree to the collection and use of information in accordance with this policy.

Chrome Extension Privacy

The VerbScribe Chrome Extension requires specific permissions to function. Here is exactly what each permission is used for:

Storage Permission

Stores your authentication tokens, selected writing style preferences, language settings, and widget position. No personal content is stored locally - only encrypted session tokens and UI preferences.

Alarms Permission

Used exclusively for JWT token refresh scheduling. This keeps you logged in securely without requiring manual re-authentication. No tracking or background data collection occurs.

Tabs Permission

Required to identify the active tab when inserting transcribed text into text fields. Also used to open the main VerbScribe app when requested. We do not track or record your browsing history.

Host Permissions (All URLs)

The extension's core purpose is voice-to-text on ANY webpage. This permission allows the floating widget to appear on any site so you can dictate into any text field. The extension only activates when you explicitly click it - no automatic data collection occurs on any website.

What the Extension Does NOT Do:

  • Does NOT track your browsing history or web activity
  • Does NOT read website content unless you explicitly dictate text
  • Does NOT collect data in the background
  • Does NOT sell or share data with third parties
  • Does NOT use remote code - all code is bundled in the extension

Information We Collect

Information You Provide

  • Account Information: Name, email address, and password (hashed) when you create an account
  • Voice/Audio Data: Audio recordings captured during transcription sessions (processed in real-time, not permanently stored unless you save the transcription)
  • Transcription Content: Text generated from your voice recordings
  • Documents: Files you upload for RAG (document retrieval) features including PDFs, DOCX, TXT files, and YouTube URLs
  • Custom Styles: Writing style prompts you create
  • API Keys: Third-party API keys you provide (BYOK) - encrypted before storage

Information Collected Automatically

  • Usage Data: Feature usage, transcription counts, and API call metrics for billing and service improvement
  • Device Information: Browser type, operating system, and device type
  • IP Address: For security, fraud prevention, and approximate geographic location
  • Cookies: Session management and preference storage (see Cookies section below)

Voice and Audio Data Handling

Your voice data is handled with special care:

  • Real-Time Processing: Audio is streamed directly to our speech recognition providers (Deepgram, AssemblyAI) and processed in real-time
  • No Permanent Audio Storage: Raw audio recordings are NOT permanently stored on our servers. Audio is transcribed and discarded.
  • Transcription Storage: Only the resulting text transcription is saved if you choose to save it
  • Browser-Based Option: Free tier uses browser-based speech recognition where audio never leaves your device
  • Deletion: You can delete any saved transcription at any time from your dashboard

How We Use Your Information

We use your personal data to:

  • Provide Services: Transcribe audio, transform text with AI, and manage documents
  • Account Management: Authenticate you, manage subscriptions, and process payments
  • Service Improvement: Analyze usage patterns to improve features and fix bugs
  • Communication: Send essential service updates, security alerts, and billing notifications
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal Compliance: Meet legal obligations and respond to lawful requests

We do NOT:

  • Sell your personal data to third parties
  • Use your data for advertising or marketing profiling
  • Train AI models on your personal content without consent
  • Share your transcriptions or documents with other users

Data Security

We implement industry-standard security measures to protect your data:

  • Password Hashing: bcrypt with 12 salt rounds
  • API Key Encryption: AES-256-GCM with PBKDF2 key derivation (100,000 iterations)
  • Data in Transit: TLS 1.3 encryption (HTTPS) for all communications
  • Authentication: JWT tokens with secure refresh token rotation
  • Two-Factor Authentication: Optional TOTP-based 2FA for account protection
  • Security Headers: HSTS, X-Content-Type-Options, X-Frame-Options
  • Rate Limiting: Protection against brute force and DDoS attacks

Third-Party Services

We integrate with the following services to provide functionality. Each has its own privacy policy:

CategoryProvidersPurpose
Speech RecognitionDeepgram, AssemblyAIReal-time audio transcription
AI ProcessingGoogle Gemini, OpenAI, Anthropic, OpenRouterText transformation and AI features
Text-to-SpeechElevenLabsVoice synthesis and voice agents
PaymentsStripeSubscription billing (we never store card details)
EmailResendTransactional emails
File StorageAWS S3 / Cloudflare R2Document and file storage
Web SearchTavilyReal-time web search for AI context
AuthenticationGoogle OAuthSocial login option

BYOK (Bring Your Own Keys): When you provide your own API keys, your data is processed directly through your personal accounts with these providers, giving you full control over data handling.

Cookies

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, session management, and security (required for the service to function)
  • Preference Cookies: Remembering your settings like dark mode and language preferences
  • Analytics Cookies: Understanding how users interact with our service to improve it

You can control cookie preferences through our cookie consent banner or your browser settings. Disabling essential cookies may prevent the service from functioning properly.

Data Retention

  • Account Data: Retained while your account is active
  • Transcriptions: Retained until you delete them or your account
  • Documents: Retained until you delete them or your account
  • Audio Recordings: NOT retained - processed in real-time and discarded
  • Usage Logs: Retained for 90 days for security and debugging
  • After Account Deletion: All personal data is permanently deleted within 30 days, except where retention is required by law

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain types of processing
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@verbscribe.com or use the account settings in your dashboard.

International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States where our servers and third-party providers are located. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Data processing agreements with all third-party providers
  • Encryption of data in transit and at rest

Children's Privacy

VerbScribe is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@verbscribe.com and we will promptly delete the information.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page with an updated date
  • Sending an email notification for material changes
  • Displaying a notice in the application

We encourage you to review this policy periodically. Continued use after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights:

Email: privacy@verbscribe.com

General Support: support@verbscribe.com

We aim to respond to all privacy-related inquiries within 30 days.