Recaply ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice memo transcription service.

1. Information We Collect

We collect information you provide directly to us when you create an account, upload files, or use our services:

• Account Information: Name, email address, and profile picture from authentication providers (Google OAuth, GitHub OAuth)
• Google User Data: When you sign in with Google, we access your basic profile information (name, email, profile picture) solely for authentication purposes. We do not access your Google Drive, Gmail, Calendar, or any other Google services.
• Audio/Video Files: Voice memos and recordings you upload for transcription
• Transcriptions: Text generated from your audio files using Deepgram API
• Meeting Notes: AI-generated notes and summaries created using Anthropic Claude API
• Usage Data: Information about how you use our service, including transcription minutes, API usage, and feature interactions
• Payment Information: Billing details processed securely through Stripe (we do not store credit card information)

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our transcription services
• Process your audio/video files and generate transcriptions via Deepgram
• Generate AI-powered meeting notes and summaries using Anthropic Claude Haiku 4.5
• Authenticate your account and maintain security
• Process payments and manage subscriptions
• Send you service updates, usage warnings, and administrative messages
• Monitor usage quotas and enforce plan limits
• Comply with legal obligations and audit requirements
• Prevent fraud and abuse

3. Data Sharing and Third-Party Services

We use the following third-party services to provide our features. Your data is shared with these services ONLY to deliver the functionality you request:

• Deepgram (Speech-to-Text): Your audio files are sent to Deepgram's API for transcription with speaker diarization. Deepgram processes audio in real-time and does not retain recordings. Privacy Policy
• Anthropic Claude (AI Note Generation): Transcriptions are sent to Claude API to generate structured notes. Anthropic does not train models on your data. Privacy Policy
• AWS S3 (File Storage): Audio files and transcriptions are stored encrypted on AWS infrastructure. Privacy Policy
• Vercel (Hosting): Application hosting and deployment. Privacy Policy
• Stripe (Payment Processing): Secure payment and subscription management. We do not store credit card information. Privacy Policy
• Google OAuth (Authentication): Used only for account authentication. We access only your basic profile (name, email, photo). No other Google services are accessed.
• GitHub OAuth (Authentication): Used only for account authentication.

4. Data Retention

We retain your data as follows:

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 (HTTPS)
• Encryption at Rest: Files stored on AWS S3 and database records on AWS RDS are encrypted using AES-256
• Secure Authentication: OAuth 2.0 with industry-standard providers (Google, GitHub)
• Access Controls: Role-based access control (RBAC) for organization members
• Audit Logging: All critical actions are logged with timestamps and user attribution
• Regular Security Audits: Ongoing monitoring and security reviews

6. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Right to Access: Download all your data in JSON format at /api/user/export
• Right to Erasure (Right to be Forgotten): Delete your account and all associated data via account settings. This will permanently remove your files, transcriptions, and notes.
• Right to Portability: Export your data in machine-readable JSON format
• Right to Rectification: Update your account information, name, and email anytime
• Right to Object: Object to data processing by contacting us at [email protected]
• Right to Restrict Processing: Request limitations on how we use your data
• Right to Withdraw Consent: Revoke consent for data processing at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

7. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure GDPR compliance for data transfers from the EU to the United States.

All third-party providers we use (AWS, Deepgram, Anthropic, Stripe) maintain GDPR and SOC 2 compliance certifications.

8. Children's Privacy

Our service is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected].

9. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. You can control cookie preferences in your browser settings.

• Authentication Cookies: Maintain your login session (required)
• Analytics (Optional): PostHog for anonymous usage analytics (can be disabled)

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified via email at least 30 days before taking effect. Continued use of the service after changes constitutes acceptance of the updated policy.

Previous versions of this policy are available upon request.

11. Contact Information

For privacy-related questions, data requests, or to exercise your rights, contact us at:

If you are located in the EU and have concerns about our data handling, you have the right to lodge a complaint with your local data protection authority.