Legal

Privacy Policy

Effective date: May 28, 2026  ·  Last updated: May 28, 2026

The short version: Dropscribe is built on a zero-retention architecture. Your audio files and transcripts are never stored on our servers — they flow from your cloud storage, through transcription, and back. What we do store is limited to what's necessary to run your account.

1. Introduction

Dropscribe ("we," "us," or "our") operates the Dropscribe service at dropscribe.ai. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over it.

This Policy applies to the Dropscribe website, service, and any related software. By using the Service, you agree to the practices described here. If you don't agree, please don't use the Service.

This Policy should be read alongside our Terms of Service.

2. The Zero-Retention Architecture

Dropscribe is designed so that your audio files and transcripts are never stored on Dropscribe-controlled servers. Here is precisely what happens when you drop an audio file into your designated folder:

  1. Dropscribe detects the new file in your cloud storage folder via the cloud provider's API.
  2. Dropscribe retrieves the audio file directly from your cloud storage and transmits it to our transcription partner, AssemblyAI, for processing.
  3. AssemblyAI returns the completed transcript to Dropscribe.
  4. Dropscribe writes the transcript as a document back into your cloud storage folder.
  5. Dropscribe does not retain a copy of your audio file or the resulting transcript.

What this means in practice: Dropscribe cannot produce your audio or transcripts in response to a subpoena, search warrant, or civil discovery request because we do not have them. Your content lives in your cloud storage, governed by your agreements with your cloud storage provider.

Important limitation: While Dropscribe does not store your audio or transcripts, your audio is transmitted to AssemblyAI for processing. AssemblyAI's own data practices govern what they do with audio during and after processing. See Section 6 for details.

3. Information We Collect

3.1 Information You Provide Directly

  • Account information: When you create an account, we collect your first name and email address.
  • Communications: If you contact us for support or other reasons, we retain the content of those communications.
  • Payment information (future): When paid tiers are available, payment processing will be handled by Stripe. We will not have access to your full payment card number. We will receive and store billing address information and transaction records for accounting purposes.

3.2 Information We Collect Automatically

  • Log data: When you use the Service, our servers automatically record information such as your IP address, browser type, referring URLs, pages visited, and timestamps.
  • Usage data: We collect anonymized information about how you use the Service, such as features accessed, processing jobs initiated (without content), error rates, and session duration.
  • Device information: Browser type, operating system, and device identifiers.
  • Cookies and similar technologies: We use cookies and similar tracking technologies to maintain your session and improve the Service. See Section 9 for details.

3.3 Information from Third-Party Integrations

  • OAuth authorization: When you authorize access to Google Drive, OneDrive, or Dropbox, we receive an OAuth access token and refresh token from the provider. These tokens allow us to access only the folder(s) you designate. We do not receive or store your cloud storage account password.
  • Cloud provider profile: Depending on the provider, we may receive your name and email address as part of the OAuth flow to associate the connection with your account.

4. Information We Do Not Collect or Store

To be explicit about what our zero-retention architecture means:

  • Audio files: We do not store copies of your audio files on our servers. Audio is transmitted in transit to our transcription partner and discarded.
  • Transcripts: We do not store the transcripts generated from your audio. Transcripts are written directly to your cloud storage and not retained by us.
  • Folder contents: We access your designated folder only to detect new audio files and deposit transcripts. We do not index, scan, or analyze other contents of your cloud storage.
  • Biometric data: Although audio transcription involves voice, we do not create, store, or use voiceprints or other biometric identifiers.

5. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service;
  • Authenticate your identity and manage your account;
  • Process and monitor transcription jobs;
  • Send transactional communications (account confirmations, receipts, security alerts);
  • Send service updates and product announcements (you may opt out of non-transactional emails);
  • Respond to your support requests and communications;
  • Detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service;
  • Comply with legal obligations; and
  • Analyze aggregate, anonymized usage patterns to improve the Service.

We do not sell your personal information to third parties. We do not use your personal information for behavioral advertising by third parties.

6. Third-Party Service Providers

We share information with the following categories of third-party service providers only to the extent necessary to provide the Service:

6.1 AssemblyAI (Transcription)

AssemblyAI receives your audio files for the purpose of generating transcripts. This is the most significant third-party data sharing involved in the Service. Key points:

  • Audio is transmitted to AssemblyAI under their API terms of service.
  • AssemblyAI's data handling, retention, and security practices are governed by AssemblyAI's own Privacy Policy, available at assemblyai.com/privacy.
  • As of the date of this Policy, AssemblyAI states that submitted audio is not used to train AI models and is deleted after a short retention period. However, Dropscribe cannot guarantee AssemblyAI's practices and recommends you review their current policy.
  • If AssemblyAI's practices change in a material way, we will update this Policy and notify you.

6.2 Cloud Storage Providers

Google (Google Drive), Microsoft (OneDrive), and Dropbox receive API requests from Dropscribe in connection with accessing your designated folder. Your data within those services is governed by your agreements with those providers.

6.3 Hosting and Infrastructure

Dropscribe's application servers and databases are hosted on third-party cloud infrastructure providers. These providers may have incidental access to data stored on their infrastructure pursuant to their own terms.

6.4 Payment Processing (Future)

When paid tiers are available, Stripe will process payment transactions. Stripe's Privacy Policy governs their handling of payment information. Dropscribe will receive transaction metadata (amount, date, plan) but not full payment card numbers.

6.5 Analytics

We may use privacy-respecting analytics tools to understand aggregate usage patterns. Any analytics tools we use will be configured to avoid collecting personally identifiable audio or transcript content.

7. OAuth Tokens and Cloud Storage Security

OAuth refresh tokens, which allow Dropscribe to access your designated cloud storage folder, are stored in encrypted form in our database. Access to this data is restricted to authorized Dropscribe systems and personnel on a need-to-know basis.

You can revoke Dropscribe's access to your cloud storage at any time by:

  • Visiting your cloud storage provider's connected apps or security settings and removing Dropscribe's access; or
  • Contacting us at privacy@dropscribe.ai to request token deletion.

Upon revocation, we will delete your stored tokens promptly. Revoking access will prevent the Service from functioning for the associated account.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data (name, email): Retained for the life of your account, plus up to 90 days following account deletion to allow for dispute resolution, then deleted or anonymized.
  • OAuth tokens: Retained until you revoke access or delete your account, then deleted promptly.
  • Log data: Retained for up to 90 days for security and debugging purposes, then deleted.
  • Payment records: Retained for up to 7 years as required by applicable accounting and tax laws.
  • Audio files and transcripts: Not retained by Dropscribe. Not applicable.

To request deletion of your account and associated data, email privacy@dropscribe.ai.

9. Cookies and Tracking Technologies

We use the following types of cookies:

  • Strictly necessary cookies: Required for the Service to function (e.g., session authentication). These cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., folder selections, account settings).
  • Analytics cookies: Help us understand aggregate usage patterns. We configure these to minimize personal data collection.

We do not use advertising or behavioral tracking cookies. You can control cookies through your browser settings. Disabling certain cookies may impact the functionality of the Service.

10. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention obligations.
  • Portability: Request your data in a machine-readable format.
  • Opt-out of marketing: Unsubscribe from non-transactional emails at any time using the link in any such email or by contacting us.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@dropscribe.ai. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

11. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA") grants you the following rights:

  • Right to Know: The right to know what personal information we collect, use, disclose, and sell.
  • Right to Delete: The right to request deletion of personal information we have collected about you, subject to certain exceptions.
  • Right to Correct: The right to request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: Dropscribe does not sell or share personal information for cross-context behavioral advertising. This right is not applicable.
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@dropscribe.ai with the subject line "California Privacy Request." We will verify your identity and respond within 45 days, with an extension of an additional 45 days where reasonably necessary.

In the preceding 12 months, Dropscribe has not sold personal information. The categories of personal information we collect are described in Section 3. We collect this information for the business purposes described in Section 5.

12. Children's Privacy

The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 13 (or under 16 where required by applicable law). If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.

If you believe we may have inadvertently collected information from a minor, please contact us at privacy@dropscribe.ai.

13. Security

We implement technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of OAuth tokens and sensitive credentials at rest;
  • Encrypted transmission of data in transit (TLS/HTTPS);
  • Access controls restricting database access to authorized systems and personnel;
  • Regular review of our security practices.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights or freedoms, we will notify you as required by applicable law.

Audio security note: Audio transmitted to AssemblyAI travels over encrypted connections. However, once audio is outside Dropscribe's systems and in AssemblyAI's custody, its security is subject to AssemblyAI's practices. If the sensitivity of your recordings is a concern, please review AssemblyAI's security documentation.

14. International Users

The Service is currently operated from the United States and is intended for U.S.-based users. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those of your country.

We do not actively solicit users from the European Union or European Economic Area. If you are an EU/EEA resident and choose to use the Service, you acknowledge that your data will be processed in the United States. We do not currently provide the additional protections required by the EU General Data Protection Regulation (GDPR) for EU residents.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last Updated" date at the top of this page. Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated Policy.

We will not reduce your rights under this Policy without your explicit consent.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

Dropscribe — Privacy Team
Email: privacy@dropscribe.ai
Website: dropscribe.ai

We will respond to all legitimate privacy inquiries within 30 days.

This Privacy Policy describes Dropscribe's current data practices. It does not constitute legal advice. If you have specific questions about privacy law and your obligations as a user — particularly regarding recording consent or HIPAA — please consult a qualified attorney.