Privacy Policy
We collect what we need to run TransNova for you: the account you set up, the recordings and transcripts you bring, and the usage signals our systems generate. We use that information to deliver the service, keep it secure, and improve it. We don't sell your data. We don't use your transcripts to train anyone's AI. You can access, correct, export or delete your data at any time, and you have additional rights depending on where you live.
This Privacy Policy explains how TransNova ("TransNova", "we", "us", "our") collects, uses, shares and protects personal information when you access or use our websites, applications and related services (the "Service"). It applies to everyone who interacts with the Service — clients, end users, administrators, editors, reviewers, prospective customers and visitors to our public pages.
1. Scope and roles
When you use the Service to manage your own transcription workflow, you are the "controller" of any personal information contained in the recordings, transcripts and other content you bring, and we act as your processor with respect to that content. With respect to information we collect directly about you (e.g. your account details and usage of the Service), we are the controller. Where applicable law uses different terms (such as "business" and "service provider"), we follow the role equivalent to the one described here.
2. Definitions
- Personal information means any information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual or household.
- Your Content means the recordings, transcripts, glossaries, style guides, sample documents, messages and other material you upload, generate or store through the Service.
- Sensitive information includes special- category data under the EU/UK GDPR (e.g. health, biometric, criminal-record data), legally privileged content (e.g. attorney-client material), and information that is otherwise recognised as sensitive under the law of your jurisdiction.
- Service providers means the third parties we engage to perform functions on our behalf under a written data-processing agreement.
3. Information we collect
We collect information in three ways: from you directly, from your use of the Service automatically, and occasionally from third parties on your behalf.
3.1 Information you give us
- Account information — name, email address, password (stored as a one-way cryptographic hash, never in plaintext), display name, organisation, role and timezone.
- Identity information — for some account types we may verify identity using government-issued ID or a tax identifier; that documentation is retained only as long as required by law.
- Your Content — audio, video, transcripts, glossaries, style guides, sample documents, comments, chat messages with our AI assistant, and any other material you upload, edit or generate.
- Payment information — billing name, billing address, tax identifiers and a tokenised reference to the payment instrument used. Full card or bank details are handled by a regulated payment processor and never stored on our systems.
- Communications — when you contact support, sales or legal, we keep the message and any attachments so we can respond and so we have a record.
3.2 Information collected automatically
- Device and browser data — IP address, user-agent string, operating system, browser, language, time zone and approximate location (derived from IP, city level).
- Usage data — pages and features used, actions taken, timing of those actions, search queries, error messages and performance metrics.
- Server logs — request URL, status code, response size, referrer, timestamps and identifiers (account, session, request) for security investigation and debugging.
- Cookies and similar technologies — see Section 9 for a full inventory.
3.3 Information from third parties
- Identity providers — if you sign in using a third-party identity provider, we receive the profile information you authorised that provider to share (typically name, email, profile picture and a stable identifier).
- Referrals and invitations — when someone invites you to join an organisation on the Service, we receive your email address and the role they want to grant you.
- Public sources — limited business information from public registers (e.g. corporate name, registered address) for know-your-customer checks where required.
4. How we use information
We use the information described above to:
- Provide the Service — create and maintain your account, process recordings into transcripts, route work between editors and reviewers, enforce style guides, generate and deliver invoices, calculate and pay out worker compensation, and operate every other feature you use.
- Secure the Service — detect and prevent fraud, abuse, unauthorised access, malware, account takeover, denial-of-service attacks and other harm to you, us or third parties.
- Communicate with you — send transactional messages (sign-in links, confirmations, receipts, security alerts, service-incident notifications) and, where permitted, marketing about features that might interest you.
- Support you — respond to questions, fix bugs you report and improve documentation based on the problems users hit.
- Improve the Service — analyse usage trends (in aggregate, where possible) to inform product decisions, test new features and measure quality.
- Comply with legal obligations — meet our tax, accounting, record-retention, anti-money-laundering and other statutory obligations.
- Enforce our agreements — investigate and respond to violations of our Terms of Service, our acceptable-use rules or applicable law.
- Defend our interests — establish, exercise or defend legal claims and respond to lawful requests from authorities.
We do not sell personal information and we do not use Your Content to train artificial-intelligence models, whether ours or anyone else's.
5. Legal bases for processing (EEA / UK)
If you are in the European Economic Area, the United Kingdom or Switzerland, we process your personal information on one or more of the following legal bases:
- Contract — processing necessary to perform our agreement with you (operate your account, deliver the Service, bill you, pay you).
- Legitimate interests — processing necessary for our legitimate interests, balanced against your rights: preventing fraud and abuse, securing systems, understanding product usage, improving and marketing the Service in a non-intrusive way.
- Legal obligation — processing required to comply with law, court order or regulator request.
- Consent — where we ask for and you give consent for a specific purpose (e.g. optional marketing communications). You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Vital interests — in rare cases, to protect someone's life.
6. How we share information
We do not sell personal information. We disclose it only in the limited circumstances described here.
6.1 Service providers
We engage service providers to perform functions on our behalf. These providers fall into the following categories:
- cloud infrastructure and storage
- audio and video transcription, summarisation and AI assistance
- transactional email and notification delivery
- identity and authentication
- payment processing, billing and tax calculation
- product analytics and crash reporting
- customer support tooling
- security, fraud prevention and abuse detection
- document scanning, virus checks and content moderation
Each provider is bound by a written data-processing agreement that limits their use of personal information to the function we hire them for, requires them to maintain confidentiality and appropriate security safeguards, and prohibits them from using your information for their own purposes (including model training). We review providers periodically.
6.2 Within your organisation
Information you generate or upload within an organisation account is visible to other members of that organisation in accordance with their roles. Owners and administrators can see team activity, manage roles and access content within the organisation's scope; editors and reviewers see only the work assigned to them; clients see their own jobs, billing and team.
6.3 Legal and safety
We may disclose personal information to law enforcement, regulators, courts and other authorities, or to third parties, where we have a good-faith belief that disclosure is:
- required by law, court order, subpoena or similar legal process;
- necessary to investigate, prevent or respond to suspected illegal activity, fraud, security or technical issues;
- necessary to enforce our Terms of Service, including investigation of potential violations;
- necessary to protect the rights, property or safety of TransNova, our users, or the public, as required or permitted by law.
Where the law permits, we will tell you about a legal request for your information and give you a reasonable opportunity to object.
6.4 Business transfers
If TransNova is involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will require the recipient to honour the commitments in this Privacy Policy or we will notify you of any material changes.
6.5 Aggregated or de-identified information
We may share information that has been aggregated or de- identified so that it cannot reasonably be linked back to an individual, for any business purpose.
6.6 With your direction
We may share information with third parties when you ask us to or otherwise consent (for example, by connecting a third-party integration).
7. AI processing
The Service uses artificial intelligence for tasks including automatic transcription, summary generation, glossary suggestions, style-guide enforcement and conversational assistance. AI processing involves sending the necessary input (audio, transcript text, glossary terms, a specific question) to one or more AI processing providers.
We choose AI providers that contractually commit to:
- process the input only to return a result to us in real time;
- retain the input no longer than necessary to deliver the result (typically not at all, beyond ephemeral processing buffers);
- not use the input or any output to train, fine-tune or improve their models or any other product;
- apply confidentiality and security controls at least as strict as ours;
- promptly notify us in the event of an incident affecting our data.
AI output is best-effort and may be inaccurate. We do not use AI to make legal, medical, financial or other regulated decisions about you. See Section 18 for our position on automated decision-making.
8. Confidential and sensitive content
Transcripts frequently contain sensitive information — legal proceedings, healthcare conversations, attorney-client privileged exchanges, government investigations, internal corporate matters, intimate personal disclosures and so on. We treat all Your Content as confidential and access within TransNova is limited to personnel and contractors who need it to operate the Service and who are bound by written confidentiality obligations.
You remain responsible for ensuring you have any consents, warrants, court orders or professional clearances required to upload sensitive content. Where Your Content falls within the scope of additional regulatory regimes (for example, HIPAA for protected health information in the United States), you should review whether the Service in its current configuration is appropriate for that use, and contact us about a separate agreement (a Business Associate Agreement or equivalent) if one is required.
9. Cookies and similar technologies
We use cookies, local storage and similar technologies to operate the Service, remember your preferences, and measure performance. We do not use third-party advertising cookies on our authenticated surfaces.
| Category | Purpose | Can you turn it off? |
|---|---|---|
| Strictly necessary | Sign-in sessions, security tokens, fraud prevention, load balancing. | No — the Service won't work without these. |
| Functional | Remembering preferences (theme, sidebar state, language) and reducing friction (e.g. trusted-device hints). | Yes, via your browser. Some features will degrade. |
| Performance / analytics | Counting page loads, measuring response times, finding error patterns in aggregate. We don't use third-party advertising trackers. | Yes, via your browser. Tracking is anonymised where feasible. |
| Security | Detecting bots, suspicious access patterns, account takeover attempts. | No — disabling these would expose your account to risk. |
10. Data security
We use administrative, technical and physical safeguards designed to protect personal information against unauthorised access, disclosure, alteration, loss or destruction. These include encryption in transit and at rest, access controls and authentication, network segmentation, vulnerability monitoring, incident-response procedures, employee training, and contractual obligations on service providers.
No system is perfectly secure. We cannot guarantee absolute security, and security depends in part on you safeguarding your credentials and reporting suspicious activity to security@transnova.io.
11. Data retention
We retain personal information for as long as your account is active and as long as needed to provide the Service. After your account closes or you delete specific content, we retain information for the periods described below to fulfil legal, regulatory, accounting, security and dispute-resolution purposes, after which it is deleted, anonymised or aggregated.
| Category | Default retention |
|---|---|
| Your Content (recordings, transcripts) | Until you delete it, plus a 30-day export window after account closure. |
| Account profile (name, email, role) | For the life of the account, then 90 days after closure. |
| Billing and tax records | 7 years from the date of the transaction, as required by tax and accounting law. |
| Server logs | Up to 12 months for security investigation purposes, then anonymised or deleted. |
| Backups | Rotated and overwritten over time; deleted content may persist in backups for up to 90 days before purge. |
| Support and legal correspondence | Up to 7 years from the last interaction, longer where a dispute is open or anticipated. |
We may retain information longer where required by law, regulator order, or to defend or pursue a legal claim.
12. International data transfers
Our infrastructure and our service providers operate in several jurisdictions. Your information may be transferred to — and processed in — countries other than where you reside, including countries that may have data-protection laws different from yours.
Where required, we rely on appropriate transfer mechanisms, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum or recognised adequacy decisions. We supplement these with contractual and technical safeguards (e.g. encryption, access controls, audit logs) designed to protect your information in transit and on receipt.
13. Your rights
Subject to applicable law, you have rights over your personal information. These rights vary by jurisdiction; the sub- sections below explain what applies to you.
13.1 Rights available to everyone
- Access — request a copy of the personal information we hold about you.
- Correction — ask us to correct information that is inaccurate or incomplete.
- Deletion — ask us to delete personal information, subject to our retention obligations.
- Portability — receive Your Content in a structured, machine-readable format.
- Withdraw consent — where we relied on your consent, withdraw it at any time without affecting prior processing.
- Object — object to specific processing (such as direct marketing).
- Restrict — ask us to limit processing while an objection or correction is being resolved.
Exercise any of these by emailing privacy@transnova.io from the email address on your account. We may ask for verification before acting. We will respond within the time limits required by applicable law — typically 30 days.
13.2 European Economic Area, United Kingdom, Switzerland
If you are in the EEA, UK or Switzerland, you have the rights set out under the EU GDPR, UK GDPR or Swiss FADP, including the right to lodge a complaint with a supervisory authority (such as your national data-protection regulator) if you believe we have not handled your information lawfully. Please consider contacting us first so we can try to resolve the issue.
13.3 California
If you are a California resident, you have the rights set out under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), including the right to know the categories of personal information we have collected, disclosed and sold or shared (we do not sell or share for cross-context behavioural advertising), the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising any of these rights. You may exercise these rights using the contact details below or, where we offer one, an automated request mechanism on our site.
13.4 Kenya
If you are in Kenya, you have the rights set out under the Data Protection Act, 2019, including the right to be informed of the use to which your personal data is to be put, access, correction, objection, and the right to lodge a complaint with the Office of the Data Protection Commissioner.
13.5 Brazil
If you are in Brazil, you have the rights set out under the Lei Geral de Proteção de Dados (LGPD), including the rights to confirm processing, access, correction, anonymisation or deletion, portability, information about sharing and the consequences of denying consent.
13.6 Other jurisdictions
Many other jurisdictions provide similar rights. If you believe a right applies to you, contact us and we will honour it where applicable law requires.
14. Children
The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18 as account holders. If you are a parent or guardian and believe a child has provided us personal information, contact privacy@transnova.io and we will delete it.
Recordings legitimately uploaded by adults may, in some contexts, contain the voices or images of minors (e.g. a recorded school hearing, a custody interview). You are responsible for ensuring you have the consents required to upload such material; we treat it as Your Content and apply the same confidentiality and security controls.
15. Marketing communications
We may send you marketing emails about features or offers we think will interest you, where permitted by law. You can opt out at any time using the unsubscribe link in any marketing email or by emailing privacy@transnova.io. Opting out of marketing does not affect transactional communications you need to receive while using the Service (sign-in links, security alerts, billing notices, service incidents).
16. Do Not Track
We currently do not respond to Do Not Track browser signals, because there is no consensus on how to interpret them. We do honour applicable Global Privacy Control signals where required by law.
17. Security incidents and breach notification
If a security incident affects your personal information and applicable law requires notification, we will notify you and the relevant authorities within the required timeframe. We will share what we know, what we are doing about it, and what you can do to protect yourself.
18. Automated decision-making
We do not use automated decision-making, including profiling, that produces legal effects concerning you or significantly affects you in a similar way. AI-assisted features in the Service are productivity tools — humans remain accountable for substantive outcomes (which transcripts are accepted, which workers are hired, which clients are billed). If we ever introduce features that would qualify as automated decision-making under applicable law, we will update this policy and obtain any consents required before doing so.
19. Public information you choose to share
Some parts of the Service let you share information publicly (for example, posting to a public help forum or sample gallery, if we offer one). Anything you mark as public is accessible to anyone with the link. Think carefully before including personal or confidential information in those contexts.
20. Third-party links and embedded content
The Service may link to third-party sites or embed third-party content (e.g. an embedded video). Those third parties have their own privacy practices, which we do not control. We encourage you to read the privacy policies of any site you visit through one of our links.
21. Changes to this policy
We may update this Privacy Policy from time to time. If a change is material, we will notify you in-app and by email to the address on your account at least fourteen (14) days before it takes effect, where reasonably possible. The "Last updated" date at the top of this page always reflects the current version. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
22. How to contact us
For privacy questions, requests or complaints, email privacy@transnova.io or write to us at the registered address listed in our Terms of Service.
If you are in the EEA or UK and we have not adequately addressed your concern, you may also lodge a complaint with your local data-protection supervisory authority. If you are in Kenya, you may contact the Office of the Data Protection Commissioner.
See also our Terms of Service and our contact page for non-privacy enquiries.