v2.2, 5 mrt 2026

Data Processing Agreement

This document forms an integral part of the agreement between Scribeer and the User. Scribeer offers two processing modes, each with its own privacy architecture.

Definitions

  • Cloud Mode: The standard processing mode where audio files are sent to Scribeer's servers and transcribed via Deepgram AI. The transcription is stored in Scribeer's secure database.
  • Private Mode: A local processing mode where all processing takes place on the User's device via WebGPU technology. Audio files and transcriptions do not leave the browser unless the User explicitly chooses to sync to their account.
  • Synchronization: The optional action in Private Mode where the User chooses to save a transcription (without audio file) to their Scribeer account.
  • Cloud Business / Cloud Enterprise: Team subscriptions combining cloud transcription minutes with team features. Audio processing is identical to Cloud Mode. Shared transcriptions are visible only to team members with whom they have been explicitly shared by the owner.

1. Subject and Role Distribution

The role distribution differs per processing mode:

Cloud Mode

  • Data Controller: The User determines which audio is uploaded and for what purpose.
  • Data Processor: Scribeer performs the transcription on behalf of the User and is the 'Processor' within the meaning of GDPR.

Private Mode (without synchronization)

  • No Processing by Scribeer: Since all data remains locally on the User's device, no processing by Scribeer takes place. Scribeer is not a 'Processor' in this case.
  • User Responsibility: The User is responsible for securing locally stored transcriptions.

Private Mode (with synchronization)

  • Limited Processing: Only the transcription text and metadata are sent to Scribeer. The original audio file is never sent.
  • Processor: Scribeer is only a Processor for the synchronized transcription text.

Privacy Gateway AI Assistant (optional)

  • Anonymized Input: Only anonymized transcript text (placeholders) is sent, after review and confirmation by the User.
  • Own API Key: This feature only works when the User's team configures its own OpenAI API key.
  • Role Distribution: Scribeer acts as Processor for forwarding anonymized text; OpenAI acts as a (sub-)processor for generating AI responses under API terms accepted by the User.

Cloud Business / Cloud Enterprise (Team Subscriptions)

  • Processing: Identical to Cloud Mode. Audio is transcribed via Deepgram; the transcription text is stored in Scribeer's secure database.
  • Team Sharing: The team owner can share individual transcriptions with team members. Only explicitly shared transcriptions are visible to other members; remaining transcriptions stay private.
  • Data Processor: Scribeer acts as Data Processor for all cloud transcriptions within the team subscription under GDPR.

Purpose: Processing takes place exclusively for converting audio to text and the associated functional display (such as speaker separation and export).

2. Security Measures

Scribeer has taken appropriate technical and organizational measures to protect personal data against loss or unlawful processing.

Cloud Mode

  • Encryption: Data storage is done using AES-256 encryption.
  • Isolation: Use of Row Level Security (RLS) within Supabase to make data leaks between users technically impossible.
  • Access: Access to data by Scribeer employees is strictly limited to necessary support activities after explicit consent.
  • Transport: All data is transmitted encrypted via HTTPS/TLS 1.3.

Private Mode

  • Local Processing: All AI processing takes place in the User's browser via WebGPU. Audio files never leave the device.
  • Browser Sandbox: Processing takes place within the browser's secure sandbox environment.
  • IndexedDB Storage: Transcriptions are stored locally in the browser's IndexedDB, isolated from other websites and applications.
  • No Server Access: Scribeer has no access to locally stored data unless the User explicitly synchronizes.

3. Sub-processors and Data Flow

Cloud Mode

The User authorizes Scribeer to engage the following sub-processors:

  • Supabase (Database & Storage) Location: EU (Frankfurt)
  • Deepgram (AI Transcription) Location: EU (Frankfurt/EEA)
  • Render (Application Hosting) Location: EU (Frankfurt)
  • Stripe (Billing) Location: Global (GDPR compliant)

When using the optional Privacy Gateway AI Assistant, anonymized text may be processed by OpenAI. This only applies when the User's team configures its own OpenAI API key. Processing location depends on provider configuration and may be (partly) outside the EEA.

Private Mode (without synchronization)

No Sub-processors: When using Private Mode without synchronization, no sub-processors are engaged. All processing takes place locally in the browser.

Private Mode (with synchronization)

When synchronizing, only the transcription text is stored. The following sub-processor applies:

  • Supabase (Database & Storage) Location: EU (Frankfurt)

Deepgram is not engaged in Private Mode, as transcription takes place locally.

Scribeer guarantees that in Cloud Mode, audio files and transcriptions are processed exclusively within the European Economic Area (EEA), except for the optional Privacy Gateway AI Assistant where only anonymized text may be processed by OpenAI according to provider configuration.

4. Private Mode: Local Processing

When using Private Mode, all processing takes place locally on the User's device. This offers the highest level of privacy.

Local AI Processing

The following AI capabilities are executed locally in the browser via WebGPU:

  • Speech Recognition Speech-to-text transcription
  • Speaker Separation Automatic speaker identification
  • Text Analysis Summary generation

The AI models are downloaded once and cached in the browser. After download, no internet connection is required for processing.

Data That Never Leaves the Browser

  • Audio Files: The original audio file is never sent to external servers.
  • Decoded Audio: The audio data for AI processing remains in browser memory.
  • Speaker Embeddings: Vector representations for speaker separation are calculated locally and immediately deleted.
  • Intermediate Results: All AI model outputs remain local.

Optional Synchronization

If the User chooses to synchronize to their account, only the following is sent:

  • Filename (no file content)
  • Transcription text
  • Summary (if generated)
  • Language and duration metadata

Important: The audio file is never synchronized, even when explicitly choosing synchronization.

5. Confidentiality and Use

Scribeer commits to confidentiality of all personal data it processes as part of the assignment.

No AI Training: Scribeer never uses User-provided data (audio and text) to train its own machine learning models. For external AI services, data is not used for model training according to their API policy. When the User enables a service with their own API key, the policy and configuration of that provider account apply. Only anonymized text is sent by default.

6. Data Breaches

Scribeer will inform the User without delay, but in any case within 72 hours, after discovering a relevant security incident or data breach affecting the User's data.

Note: In Private Mode without synchronization, the User manages their own data locally. Scribeer cannot inform about incidents with data that is exclusively on the User's device.

7. Data Deletion

Cloud Mode

After termination of the service or upon deletion by the User via the dashboard:

  • Audio Files: Immediately deleted from active storage after transcription.
  • Transcriptions: Deleted from database upon user request or after 90 days of inactivity.
  • Backups: Permanently deleted within 30 days after deletion from database.

Private Mode (without synchronization)

The User manages their own data:

  • Local Control: Transcriptions can be deleted at any time by the User via the app or by clearing browser data.
  • No Server Copy: Scribeer has no copy of non-synchronized transcriptions.

Private Mode (with synchronization)

For synchronized transcriptions, the same conditions apply as for Cloud Mode transcriptions.

8. Audits

Scribeer makes all information available that is necessary to demonstrate compliance with the obligations under this agreement and will cooperate with inspections or audits by the User or an independent third party designated by the User.