Privacy Policy

Controller: Replace the placeholder imprint details with your real legal name, full business address, and a monitored legal contact email before launch.

ScribiAi processes account details, authentication data, billing records, support messages, lecture transcripts, uploaded files, generated study outputs, and essential session or preference storage needed to operate the service.

Processing purposes and legal bases typically include contract performance for account access, transcription, AI-assisted study generation, billing and support; legitimate interests for security, abuse prevention, logging, and service reliability; legal obligations for tax and accounting records; and consent where you send optional product emails or enable non-essential tracking.

Recipients or processors can include Supabase for authentication and database hosting, OpenAI for AI processing, Stripe for payments, your hosting provider, and operational email or logging providers where enabled.

If personal data is transferred outside the EU/EEA, the live privacy policy should identify the destination services and the transfer safeguard relied on, such as an adequacy decision or Standard Contractual Clauses.

Users should be informed about retention periods or retention criteria, their rights of access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority, plus how to withdraw any consent already given.

You are responsible for having a lawful basis to record, upload, transcribe, summarize, or otherwise process lectures, voices, slides, and course materials, including any third-party personal data contained in them.

This policy text is a stronger launch template, but it still requires final review with your real business facts and qualified legal advice before public commercial release.