Spoke

Privacy Policy

Effective May 19, 2026

1. Introduction

This Privacy Policy explains how Spoke (“Spoke”, “we”, “us”) collects, uses, shares, and protects information when you use our voice memo transcription service (the “Service”). By using the Service, you agree to the practices described here.

[PLACEHOLDER: replace with the legal entity name, registered address, and contact email of the data controller.]

2. Information we collect

  • Account information. Email address, password hash, and any name or avatar you choose to provide.
  • Audio uploads. The audio files you upload for transcription.
  • Transcripts and summaries. The text we generate from your audio.
  • Usage data. Number of memos created, minutes transcribed, folder organisation, and the plan you are on.
  • Technical data. Basic request metadata (IP address, browser/user-agent, timestamps) used for security and abuse prevention.
  • Cookies. Essential cookies are used for authentication. We do not use advertising cookies.

3. How we use your information

  • To provide, operate, and improve the Service.
  • To transcribe and summarise the audio you upload.
  • To send transactional emails about your account (welcome, transcription complete, usage warnings, payment receipts).
  • To enforce plan limits and prevent abuse.
  • To comply with legal obligations and respond to lawful requests.

4. Sub-processors we share data with

We rely on the following third-party services to operate Spoke. They only receive the data necessary to perform their function and are contractually bound to keep it confidential.

  • OpenAI — receives your audio for transcription (Whisper) and transcript text for summarisation (GPT-4o-mini).
  • AssemblyAI — receives your audio for speaker detection (used only when speaker labels are available).
  • Supabase — hosts our database and audio storage.
  • Resend — delivers transactional email.
  • Stripe — processes payments (collects billing details directly; we never store your card).
  • Vercel — hosts the web application.

[PLACEHOLDER: confirm this list matches the sub-processors you actually use at launch. Remove any service that you have not enabled.]

5. Data retention

Account data, audio files, and transcripts are retained for as long as your account is active. Deleted memos are kept in the trash for 30 days before being permanently removed. If you delete your account, your data is removed within 30 days, subject to any legal obligation to retain it longer.

6. Your rights

Depending on where you live you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise most of these rights directly in the app (export and delete your memos, download your account data, delete your account). For anything else, contact us using the address in section 11.

7. Security

We use industry-standard safeguards including encrypted transport (HTTPS), encrypted-at-rest storage, role-based access controls, and short-lived signed URLs for audio playback. No system is perfectly secure, and we cannot guarantee absolute security of any information you transmit to us.

8. International transfers

Spoke and its sub-processors may store and process your data in the United States and other countries. Where required, we rely on standard contractual clauses or equivalent transfer mechanisms.

9. Children

Spoke is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect their information.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify you by email or via the Service. The effective date at the top of this page reflects the most recent revision.

11. Contact

Questions or requests related to this Privacy Policy can be sent to [PLACEHOLDER: privacy@yourdomain.com].