Conference Ink

European Privacy

GDPR Compliance

Information for users in the European Economic Area (EEA) and United Kingdom about your rights and how we comply with the General Data Protection Regulation.

Last updated: June 12, 2026

Privacy Policy Terms of Service Security

Data Controller

Under the GDPR, Conference Ink is the data controller for the personal data processed through the app and website.

Organization

Conference Ink

Contact

hello@conferenceink.com

Website

conferenceink.com

Role

Data Controller (GDPR Art. 4(7))

We do not currently have a Data Protection Officer (DPO) as we do not meet the thresholds requiring mandatory DPO appointment. Privacy inquiries should be directed to hello@conferenceink.com.

Legal Basis for Processing

We process personal data only where we have a valid legal basis under GDPR Article 6. Below is a breakdown of what we process and why:

Contract (Art. 6(1)(b))

Processing necessary to deliver the service you subscribed to.

  • Account management
  • Session storage and sync
  • Transcription processing
  • AI summary generation
  • Subscription management
Legitimate Interests (Art. 6(1)(f))

Processing for our legitimate business interests where your rights are not overridden.

  • Crash reporting and error analysis
  • Security monitoring and fraud prevention
  • Service improvement based on aggregated usage data
Legal Obligation (Art. 6(1)(c))

Processing required by applicable law.

  • Retaining billing records for tax compliance (7 years)
  • Responding to lawful authority requests
Consent (Art. 6(1)(a))

Optional processing you have explicitly agreed to.

  • Optional usage analytics (opt-in, can be withdrawn at any time)

Your Rights as a Data Subject

As an EEA/UK resident, you have the following rights under the GDPR. We will respond to all requests within 30 days (extensible to 90 days for complex requests, with notice).

Art. 15 Right of Access

You can request a full copy of the personal data we hold about you, including what data we have, how it is used, who it is shared with, and how long it is retained.

How to exercise: Use "Export my data" in the app settings (Data & privacy) for an instant JSON copy, or email hello@conferenceink.com with the subject "Data Access Request". We will respond within 30 days.

Art. 16 Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction.

How to exercise: Most data (name, email) can be updated directly in the app settings. For other corrections, contact us by email.

Art. 17 Right to Erasure

You can request deletion of your personal data. Individual sessions can be deleted in the app. Account deletion immediately removes all your data — recordings, transcripts, summaries, notes and photos — from active storage.

How to exercise: Use "Delete account" in the app settings (Data & privacy), or email us. Backups are purged within 30 days.

Art. 18 Right to Restriction

You can request that we restrict the processing of your data (e.g. while a dispute is being resolved) without requiring deletion.

How to exercise: Contact hello@conferenceink.com explaining why you would like processing restricted.

Art. 20 Right to Portability

You can receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV), and transmit that data to another controller.

How to exercise: Use "Export my data" in the app settings for an instant JSON file with your sessions, transcripts, notes, and bookmarks — or email us and we will provide it within 30 days.

Art. 21 Right to Object

Where we process your data on the basis of legitimate interests, you have the right to object to that processing.

How to exercise: Contact hello@conferenceink.com. We will cease the processing unless we can demonstrate compelling legitimate grounds.

Art. 7 Right to Withdraw Consent

Where processing is based on your consent (e.g. optional analytics), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.

How to exercise: Adjust consent settings in the app, or contact us by email.

We will never charge a fee for handling data subject requests unless they are manifestly unfounded or excessive. In that case, we will notify you before proceeding.

Data Processing Agreements (DPAs)

All third-party processors that handle personal data on our behalf offer GDPR Article 28 data processing terms as part of their service agreements, which we rely on. These terms require each processor to:

  • Process data only on documented instructions
  • Implement appropriate technical and organizational security measures
  • Assist in responding to data subject rights requests
  • Delete or return data upon termination of the agreement
  • Make available the information necessary to demonstrate compliance

Questions about our processors and their data processing terms? Email hello@conferenceink.com with the subject "DPA Request".

Data Location and Cross-Border Transfers

Our primary database and file storage is hosted by Supabase on AWS in the EU (eu-west-1, Ireland). This means your data primarily stays within the EU.

However, some processing activities involve transfers to the United States:

Processor Location Transfer Mechanism
Supabase EU (Ireland) No transfer (EU-based)
Deepgram USA Standard Contractual Clauses (SCCs)
Anthropic USA Standard Contractual Clauses (SCCs)
Stripe USA / Global Standard Contractual Clauses (SCCs)

Standard Contractual Clauses (SCCs) are the European Commission-approved legal mechanism for transferring personal data to third countries that do not have an adequacy decision. We rely on the 2021 SCCs adopted by the European Commission.

Data Retention

Account data Duration of account + 30 days after deletion
Audio recordings (raw) Auto-deleted after the re-transcription window: 7 days (Free), 30 days (Ink), 90 days (Ink Pro)
Transcripts, summaries, notes and photos Until deleted by you, or immediately on account deletion
Billing records 7 years (tax law requirement)
Crash and error logs 90 days, then automatically purged
Database backups Rolling 30-day window

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in your country of residence, place of work, or the country where the alleged infringement occurred.

We encourage you to contact us first at hello@conferenceink.com so we can try to resolve the issue directly. We take all privacy complaints seriously and aim to respond within 15 business days.

Lead Supervisory Authority (Denmark)

Datatilsynet (Danish Data Protection Agency)

www.datatilsynet.dk

Exercise your GDPR rights

We're committed to honoring your rights promptly and transparently. Reach out and we'll guide you through the process.

Submit a GDPR request