DeepScript
Back to the Trust Center
Data processing

What we process – and what we don't

We process only what is necessary for transcription. No hidden analytics purposes, no training, no profiling. This page documents every data category, its purpose and its retention period.

Which data we process

  • Audio and video data from the recordings uploaded by the customer. Contains voices, spoken content, names, roles, organisations and any other information mentioned in the recording.
  • Transcription results – the generated text, optionally speaker labels and word-level timestamps.
  • Technical metadata such as IP address, user agent, system IDs, login timestamps, audit log entries and error logs.
  • Account data – email, name, password hash, 2FA status, language, theme.
  • Billing data – company name, billing address, VAT ID, payment method tokens (via Stripe), transaction history.

What we never do

  • We do not train AI models with customer data – neither our own nor third-party models. Contractually guaranteed, technically safeguarded by clearly separated inference pipelines.
  • We do not pass customer data to advertising, tracking or analytics services.
  • We do not analyse moods, emotions, personality traits or political views from recordings.
  • We do not run “voiceprint matching” – voice recordings are not used to identify natural persons.
  • We do not sell or rent customer data – ever.

Where data is stored

All application and transcription data is stored in the data centres of Hetzner Online GmbH in Nuremberg and Falkenstein. Both locations are in Germany and certified to ISO/IEC 27001. We do not use US cloud providers to process content data.

A transfer to third countries takes place exclusively for payment processing via Stripe (EU → USA, safeguarded by EU standard contractual clauses and DPF certification). For details, see Sub-processors.

Retention and deletion

Original audio
Deleted immediately after successful transcription – as soon as the engine confirms the result.
Audio proxy (optional)
For in-app playback, a small Opus mono proxy is optionally generated. It remains in the workspace until the transcription is deleted.
Transcripts
Default: 30-day auto-deletion. Configurable per workspace. With an active Pro plan: permanent storage possible.
Audit logs
12 months after account deletion, then automatic cleanup.
Invoice data
10 years pursuant to § 147 AO / § 257 HGB (statutory retention obligation).
Backups
Rolling 14 days; deleted records drop out of the backups automatically with the rotation.

On request, we delete all customer data within 30 days of the end of the contract. Written confirmation of the deletion is issued on request.

Data minimisation in practice

  • We store only what we need to deliver the service – no optional “nice-to-have” fields without a purpose.
  • We do not use newsletters, tracking pixels or advertising cookies.
  • Cookie banner: only essential functional cookies; no consent for tracking is needed, because we do not do any tracking.
  • The data stored in the browser (local storage, cookies) is limited to the session token, theme preference and language setting.

Configurable retention

In the workspace settings you can set the auto-deletion period for transcripts between 7 and 365 days or – with an active Pro plan – keep transcripts permanently. The setting applies retroactively to existing transcripts; deleted content is irretrievable.

Questions?

Send us an email at datenschutz@deepscript.com – we reply within one business day.

Data processing – DeepScript Trust Center