TigerScribeSign in

Privacy

Privacy Policy

This Policy explains what TigerScribe (operated by TigerScribe Labs LLC) collects, why we collect it, how we protect it, and the choices you have. We default to short retention and we never train models on your audio.

Last updated · May 4, 2026

1. The plain-language summary

  • We collect your account data, your audio uploads, transcripts produced from them, and (with consent) voiceprints you enroll.
  • We retain audio for 30 days by default, transcripts as configured by user; default 90 days, voiceprints until user deletion.
  • We do not use your data to train any model. Ever.
  • We do not sell your personal information.
  • You can export or delete your data at any time.

2. What we collect

Account data

When you sign up we collect your email, name, and (for paid plans) billing details processed by our merchant of record. We collect minimal usage analytics — pages viewed, features used — to operate and improve the Service.

Audio you upload

Audio files you upload, plus metadata about each upload (duration, format, source).

Transcripts and derivatives

Text transcripts produced from your audio, including speaker labels you assign or that our smart-labeling layer infers.

Voiceprints (only with consent)

A voiceprint is a numerical representation of a specific voice that lets us recognize that speaker across recordings. Voiceprints are biometric data under several state laws. We only create a voiceprint when the enrolling user provides explicit, informed consent via the enrollment UI.

Cookies

We use a small number of strictly-necessary cookies for sign-in and preferences, plus optional analytics cookies you can decline.

3. Why we collect it (lawful basis)

We process your data on the following bases under GDPR Article 6 and equivalent frameworks:

  • Performance of a contract — to provide the Service you signed up for.
  • Legitimate interests — to secure the Service, prevent abuse, and improve usability.
  • Consent — for voiceprint enrollment, optional analytics, and marketing communications.
  • Legal obligation — for tax, accounting, and law-enforcement compliance.

4. We do not train models on your data

We use third-party speech-recognition vendors as subprocessors. We have written commitments with those vendors that they will not train models on data we route to them. We re-verify these commitments annually.

5. Retention and deletion

  • Audio uploads — retained for 30 days by default, then permanently deleted from primary storage and from backups within 30 days.
  • Transcripts — as configured by user; default 90 days.
  • Voiceprints — until user deletion.
  • Account data — until account deletion + 30 days for backups.
  • Billing records — retained for the period required by law (typically 7 years), in a separate, restricted system.

You can request earlier deletion at any time from inside your account or by emailing dpo@tigerscribe.com. We complete deletion requests within 30 days, including from backups.

6. Subprocessors

We use the following subprocessors. Each operates under a written data-processing agreement that prohibits training on our data and requires breach notification within 24 hours of discovery.

  • Vercel, Inc.

    Web hosting & edge delivery

    US, EU

  • Neon, Inc.

    Postgres database hosting

    US (us-west-2)

  • Cloudflare, Inc.

    Object storage (R2), DNS, DDoS, WAF

    Global edge

  • Trigger.dev

    Background tasks (transcription, speaker matching)

    US

  • AssemblyAI / Gladia

    AI transcription engine

    US, EU

  • Anthropic

    LLM-assisted speaker name inference & anonymization

    US

  • Stripe / Lemon Squeezy

    Payments & merchant of record

    US, EU

  • Resend

    Transactional email

    US

We’ll notify Team customers at least 30 days before adding a new subprocessor with access to Customer Data, and provide an objection window.

7. Cross-border transfers

When we transfer personal data out of the EU/UK to the United States, we rely on the European Commission’s Standard Contractual Clauses with our subprocessors and on equivalent UK / Swiss addenda where applicable. EU customers can request a copy of the executed SCCs by emailing dpo@tigerscribe.com.

8. Your rights

Depending on your jurisdiction you have the right to access, rectify, port, restrict, object to, or delete your personal data, and to withdraw consent for processing that relies on it. To exercise any right, email dpo@tigerscribe.com. We respond within 30 days.

California residents have additional CCPA rights, including the right to know what information is collected, the right to delete it, the right to correct it, and the right not to be discriminated against for exercising these rights. We do not “sell” personal information as defined by CCPA.

9. Voiceprints and biometric data

Voiceprints are biometric data under BIPA (Illinois), CUBI (Texas), Washington H.B. 1493, and equivalent state laws. We only create a voiceprint with explicit consent at the enrollment step. We do not collect voiceprints silently from third-party speakers in uploaded audio.

  • Voiceprints are private to your account.
  • Voiceprints are never used to train any model.
  • You can delete any voiceprint from Settings → Voice IDs at any time.
  • On account deletion, all voiceprints are erased within 30 days, including from backups.
  • We retain voiceprints only as long as you maintain an account, unless you delete them earlier.

10. Security

We encrypt data at rest (AES-256) and in transit (TLS 1.3). Access is least-privilege, audited, and reviewed quarterly. Our SOC 2 Type II audit is in progress with target completion within the first 12 months of launch. See our Security overview for details.

11. Breach notification

We will notify affected users without undue delay and no later than 72 hours after we become aware of a personal-data breach that creates a risk to user rights.

12. Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have, contact us and we will delete it.

13. Changes to this Policy

For material changes we’ll give at least 30 days’ notice by email or in-product notice. The “Last updated” date at the top reflects the latest revision.

14. Contact the DPO

Privacy questions, GDPR / CCPA requests, and breach reports go to dpo@tigerscribe.com. For postal mail:

TigerScribe Labs LLC — Data Protection Officer
2054 S. Euclid St, Ste H PMB#3130, Anaheim, CA 92802