Privacy Policy

Introduction

Envixo Products Studio LLC ("Company", "we", "us", or "our") operates SoundScript.AI (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

We collect information in the following ways:

Personal Information

When you create an account, we collect your email address and password (encrypted). If you subscribe to a paid plan, our payment processor Stripe collects your payment information directly - we do not store your full credit card details.

Audio Content

When you use our transcription service, we process and store the audio files you upload and the resulting transcriptions. Uploads made before you sign up that are never linked to an account are deleted automatically about an hour after they pass 24 hours old. Once an upload is linked to your account, we keep it until you delete your account so the service can reprocess it.

Automatically Collected Information

When you access the Service, we automatically collect:

• IP address (for security, rate limiting, and fraud prevention)
• Browser type and version
• Device type and operating system
• Pages visited and time spent on the Service
• Referring website addresses

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Processing for security, fraud prevention, and service improvement
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligations: Processing required to comply with applicable laws

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the transcription Service
• Process your transactions and manage your subscription
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues, fraud, and abuse
• Comply with legal obligations and enforce our terms

4. Third-Party Services

We share your information with the following third-party service providers who assist us in operating the Service:

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service:

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

6. Data Retention

• Audio Files and Transcriptions: Uploads that are never linked to an account are deleted automatically about an hour after they pass 24 hours old. Once an upload is linked to your account, we keep it until you delete your account. After account deletion, the audio files stored on our object-storage provider and the Stripe customer record are not removed automatically today; contact [email protected] to complete erasure of those.
• Account Information: Retained as long as your account is active. When you delete your account, your account record and the transcriptions, subscription, hour packages, usage records, and chat messages owned by it are removed; the stored audio files and the Stripe customer record can survive deletion, and you can contact [email protected] to have them removed.
• Payment Records: Retention of payment records is set by our payment provider and is not visible in our own systems; the applicable period remains under review.
• Server Logs: Log and error-report retention is set by our providers and is not visible in our own systems; the applicable period remains under review.

7. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence. For transfers from the EEA, we rely on Standard Contractual Clauses approved by the European Commission and other appropriate safeguards to ensure your data is protected.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Secure data centers with physical security measures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Children's Privacy

The Service is intended for users aged 18 and over and is not directed to children, and we do not knowingly collect personal information from anyone under 18. This 18+ requirement is a contractual representation and is not enforced by an age-verification gate in our code; there is no date-of-birth field or signup age check. If you believe a child has provided us with personal information, please contact us at [email protected].

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data. Self-service account deletion removes your database records, but your Stripe customer record, stored audio files, and analytics profiles can survive deletion; contact us to complete erasure of those.
• Opt-out: There is no in-product analytics opt-out or marketing unsubscribe today; we handle objections manually, so email us to opt out.

Residents of Brazil have broadly equivalent rights under the LGPD. These requests are routed the same way, to [email protected], and the same manual-handling and surviving-data gaps described above apply.

13. Do Not Track Signals

Some browsers include a "Do Not Track" feature. Our Service does not currently respond to Do Not Track signals. However, you can opt out of analytics tracking by using browser extensions or the opt-out tools provided by our analytics partners.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law. Notification will be provided within 72 hours of becoming aware of the breach when feasible.

15. Trademark Notice

SoundScript.AI™ is a trademark of Envixo Products Studio LLC. For full trademark information, see our Terms of Service.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

18. Scope

We offer the Service globally and intentionally make it available to residents of the EU/EEA, the UK, Brazil, and California, so four privacy regimes apply: the EU GDPR, the UK GDPR (retained EU law together with the Data Protection Act 2018, treated as having the same effect as the EU GDPR), the Brazilian LGPD, and the California CCPA/CPRA. We use the GDPR as the spine of this policy and note material differences per regime where they arise. Whether the CCPA's quantitative thresholds apply to us is a business fact that remains under review.

19. Automated and AI Processing

To provide the Service we transmit raw user content to AI providers: your audio is sent for speech-to-text transcription (OpenAI Whisper, or the Azure Speech path when selected), and your transcript and chat messages are sent to an AI model (gpt-4o-mini) for summaries and transcript chat. Our systems can confirm only that this content is transmitted, not how each provider handles it afterward. We therefore make no claim that your content is excluded from model training; you should assume a provider may use submitted content to train models and may retain it, until a data-processing agreement establishes otherwise.