Privacy Policy

Effective May 31, 2026 · Last updated May 31, 2026

This policy describes Scribe's practices honestly and plainly. It is not a substitute for legal advice. If you have specific compliance requirements (HIPAA, GDPR enterprise, etc.), please contact us before storing regulated data in Scribe.

Scribe ("we", "us", "our") is operated by Christian Sosa-Lynch. We provide AI-powered meeting transcription and analysis through the web application at christiansosalynch.com/projects/scribe ("Service"). This policy explains what information we collect, how we use it, and the rights you have over it.

1. Information We Collect

Account Information

When you create an account, we collect your email address and a hashed copy of your password (we never store plaintext passwords). If you upgrade to a paid plan, we receive a customer ID from Stripe; we do not store credit card numbers.

Meeting Content

When you record a meeting, we collect and store:

Audio recordings — stored in an encrypted Amazon S3 bucket scoped to your account
Transcripts — generated by AWS Transcribe (a service provided by Amazon Web Services)
Speaker labels — produced by AWS Transcribe's diarization feature
AI-generated artifacts — summaries, action items, entity graphs, architecture diagrams, and Jira ticket text generated by Anthropic's Claude model accessed through Amazon Bedrock
Metadata — meeting duration, creation date, manually added titles and tags

Usage Data

We log standard application usage: API requests, feature counters used for plan-tier enforcement (e.g. how many Entity Graphs you've generated this month), and error reports. Browser and IP information is recorded only as transient data in AWS service logs for security purposes.

2. How We Use Your Information

To provide the Service: transcribe your meetings, generate summaries, store and display your recordings to you
To enforce plan limits: track monthly usage counters on Free accounts
To bill paying customers: communicate with Stripe to process subscriptions
To improve reliability: aggregated error and performance metrics
To send essential service emails: account verification, password resets, billing receipts

We do not train AI models on your meeting content. We do not sell, rent, or share your meeting data with advertisers, data brokers, or third parties for marketing.

3. How AI Processing Works

When you generate an AI artifact (summary, entity graph, Jira ticket, etc.), your transcript is sent to Amazon Bedrock for processing by Anthropic's Claude model. Per AWS Bedrock's data handling policy, prompts and outputs are not stored by AWS or used to train Anthropic's models. Processing occurs in the AWS us-east-1 region.

4. Data Storage and Retention

All meeting data is stored on AWS infrastructure in the United States, encrypted at rest. Specifically:

Audio files: Amazon S3 with server-side encryption (SSE-S3)
Transcripts and metadata: Amazon DynamoDB with encryption-at-rest enabled

Retention windows by plan:

Free plan: 7 days from creation, then automatically deleted
Pro plan: 1 year from creation
Team plan: 1 year (custom retention available)

You can delete any meeting at any time from your dashboard. When you delete a meeting, the associated audio file and DynamoDB record are removed within 24 hours.

5. Your Rights

Access and Export

You can view, export, or download any meeting content directly from your dashboard at any time. We are working on a one-click "export everything" feature; until then, contact us if you need a full archive.

Deletion

You can delete individual meetings from your dashboard. To delete your entire account and all associated data, email hi@usescribe.io with the subject "Delete my account." We will permanently delete all your data within 30 days and confirm by email.

GDPR and California Privacy Rights

If you are in the European Economic Area, United Kingdom, or California, you have additional rights including the right to access, correct, or object to processing of your personal data. To exercise any of these rights, email hi@usescribe.io.

6. Recording Consent (Important)

Scribe captures audio. You are responsible for obtaining consent from all parties before recording a conversation. Many jurisdictions require all-party consent for audio recording. We display a consent reminder before each recording session, but the legal responsibility for obtaining consent is yours.

If you are unsure of the recording laws that apply to you, consult an attorney or refer to authoritative resources such as the Reporters Committee for Freedom of the Press.

7. Cookies and Tracking

Scribe uses browser localStorage to store your session token and UI preferences. We do not use third-party analytics trackers, advertising cookies, or fingerprinting. We do not embed Google Analytics, Meta Pixel, or similar tools.

8. Children's Privacy

Scribe is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, please contact us and we will delete the account.

9. Security

We use encryption-at-rest and HTTPS-in-transit for all data. Authentication is provided by AWS Cognito. Audio files are accessible only via short-lived presigned URLs issued to authenticated requests. No system is 100% secure, but we follow current AWS security best practices.

If you discover a security vulnerability, please report it to hi@usescribe.io — we appreciate responsible disclosure.

10. Changes to This Policy

We will post any changes to this policy on this page with an updated "Effective" date. For material changes, we will also notify users by email.

Contact Us

Questions about this policy or your data:

hi@usescribe.io
Christian Sosa-Lynch · Omaha, Nebraska, USA