Privacy Policy for Supatype

Effective Date: October 22, 2025
Last Updated: October 22, 2025

TL;DR

  • What we collect:
  • Account: Only your name and email from Google when you sign in.
  • Audio: Processed in memory to generate a transcript; never written to disk or stored by us or our providers; not used for AI training.
  • Usage: User ID, app version, and API latency. We do not collect or track your IP address.
  • How we use data: To provide transcription, authenticate your account, communicate important updates, ensure performance/security, and comply with law. We do not use your audio or transcripts to train AI models.
  • Sharing: We don't sell data. We share only with essential processors (e.g., cloud hosting, database/auth, AI transcription) under strict contracts; Google is used for sign‑in.
  • International transfers: Protected using EU Standard Contractual Clauses or equivalent safeguards. You can request details of these safeguards.
  • Retention: We store transcripts and related metadata as needed to provide the service; data may be automatically deleted for maintenance purposes. Raw audio is never stored.
  • Your rights (EU/EEA): Access, rectification, deletion.
  • Security: TLS encryption, PKCE for OAuth, encrypted tokens, and processor agreements.
  • Automated decisions: We do not make automated decisions that produce legal or similarly significant effects.

Introduction

Welcome to Supatype. We are based in the European Union and committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR). This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of your personal information when you access or use Supatype's website, desktop applications, and related services (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

We collect personal data necessary to provide and improve our Services. This information includes:

  • Account Information: When you register for Supatype using Google, we receive only your name and email address from your Google account. We use this information to create and manage your account.
  • Audio and Transcription Data: We collect the audio you record using the application's hotkey. This audio is sent to our backend and processed by third-party AI models for the sole purpose of generating a transcript. We store the resulting text transcript and associated metadata (like word count and duration) in our database linked to your user ID.
  • Technical and Usage Information: We collect metadata to ensure our service functions correctly. This includes your User ID, the app version you are using (sent via the User-Agent), and API latency for performance monitoring. We do not collect or track your IP address.

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds under GDPR:

  • Contract Necessity (Article 6(1)(b) GDPR): We process your Account Information, Audio Data, and Transcription Data because it is necessary to perform the contract we have with you – specifically, to provide the transcription service you requested.
  • Legitimate Interest (Article 6(1)(f) GDPR): We process Technical and Usage Information based on our legitimate interest in monitoring service performance, ensuring security, improving the application, and understanding which app versions are in use. This processing is necessary for our operational needs and does not override your fundamental rights.

How We Use Your Information

We utilize the personal data we collect for purposes including but not limited to:

  • Delivering and maintaining our Services, primarily processing your audio to provide you with a text transcription.
  • Authenticating you and managing your account and session.
  • Communicating with you regarding your account, service updates, or security alerts. In addition, we may send occasional, limited emails about important product updates or new releases. You can unsubscribe from these communications at any time using the unsubscribe link in the email or by contacting us.
  • Improving our Service by monitoring performance metrics (like latency and transcription model usage) to ensure the application is fast and reliable. We do not use your audio or transcription content to train AI models.
  • Preventing, detecting, and addressing security incidents or fraud.
  • Complying with applicable laws and enforcing our terms.

How We Share Your Information

We do not sell your personal data. We share your information only with essential third-party service providers ("data processors") under the following conditions:

  • Service Providers: We engage third-party providers to support our operations. These include:
    • Google: For processing your authentication when you sign in.
    • Cloud database and authentication providers: For securely storing your account information and transcription logs.
    • AI transcription service providers: To process your audio data and generate text transcriptions using AI models.
    • Cloud hosting providers: To host and maintain our backend infrastructure and services.

    These providers process your information solely in accordance with our instructions and maintain strict confidentiality and security measures. We ensure that all processors comply with GDPR requirements and have appropriate data processing agreements in place.

  • Legal Compliance and Protection: We may disclose your data if legally required (e.g., by court order) or to protect the rights, property, or safety of Supatype, our users, or others.
  • Consent-Based Sharing: Beyond these scenarios, we will only share your information with third parties if we obtain your explicit consent.

Data Security

We implement robust technical and administrative safeguards to protect your personal information:

  • Client-Side Token Encryption: Your authentication token is never stored in plaintext on your device. It is encrypted using strong AES encryption (Fernet), and the decryption key is securely stored in your native OS credential manager (e.g., Windows Credential Manager).
  • Secure Authentication: We use the industry-standard PKCE (Proof Key for Code Exchange) flow for Google OAuth to protect your login process.
  • Encryption in Transit: All communication between the Supatype application, our backend, and our service providers is encrypted using HTTPS/TLS.
  • Database Security: Access to transcription logs and user data in our Supabase database is protected by Supabase's security infrastructure and specific database policies.

Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

  • Account Information: Retained for as long as your account remains active.
  • Transcription Logs (Text & Metadata): We store transcription text and associated metadata to provide and improve the service. These records are deleted upon account deletion.
  • Raw Audio Data: Audio recordings are used solely to generate a transcript and are never written to any type of storage or otherwise persisted by us or our service providers. Neither we nor our providers retain audio after processing, and our providers contractually commit that they do not use or train on your data.

International Data Transfers

Your personal data may be processed by our service providers on servers located outside the European Economic Area (EEA), primarily in the United States. We ensure such transfers are conducted securely and in compliance with GDPR by relying on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or ensuring the provider adheres to an equivalent data protection framework. You have the right to request information about the specific safeguards we use for international data transfers.

Your Rights under GDPR

As a user based in the EU/EEA, you have specific rights concerning your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten'): You can request the deletion of your personal data under certain conditions.
  • Right to Restrict Processing: You can ask us to limit the processing of your data under certain conditions.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your data based on our legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise these rights (except lodging a complaint), please contact us using the details provided below. We will respond to your request within the timeframes mandated by GDPR.

Children's Privacy

Our Services are not intended for use by individuals under the age of 14 (or the applicable age of digital consent in your country). We do not knowingly collect personal information from children.

Changes to This Privacy Policy

We reserve the right to periodically update this Privacy Policy. Any revisions will be posted on our website (https://supatype.ai/), with the updated effective date clearly indicated.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:

Supatype.ai

[email protected]