Privacy Policy

1. Who We Are

Conference Ink is a mobile application for recording, transcribing, and summarizing audio from conferences, lectures, sermons, and workshops. The app is operated by Conference Ink ("we", "us", "our"). Contact: hello@conferenceink.com Website: https://conferenceink.com

2. Data We Collect

3. How We Process Your Data

Your content is processed through the following pipeline: Audio Recordings: Recorded locally on your device using native audio APIs (AVAudioEngine on iOS). Audio segments are securely uploaded to Supabase Storage (bucket: cink-session-files) for the sole purpose of transcription, and are automatically deleted after the plan's re-transcription window (7 days on Free, 30 days on Ink, 90 days on Ink Pro). Raw audio is never downloadable or shareable from the app. Transcription: Audio is sent to Deepgram (Nova-3 model) for speech-to-text processing. This is a third-party service. Audio is transmitted over encrypted HTTPS / WSS connections. We do not retain audio at the transcription provider beyond what is necessary to complete the transcription. AI Summaries: Transcription text is sent to Anthropic's Claude API to generate structured summaries. Only text (never audio) is sent to Anthropic. Anthropic processes this data under their API terms of service and does not use API inputs to train their models. Photo OCR: Text is extracted from captured slide photos on your device using Apple's on-device Vision framework. The photo is not sent anywhere for text extraction. Only if on-device recognition is unavailable does the app fall back to Anthropic Claude Vision, in which case the image is sent for that single extraction. The extracted text is stored in your session record; the original photo is stored in your Supabase Storage so you can view it again. Database Storage: All structured data (transcripts, notes, bookmarks, metadata) is stored in Supabase Postgres. Row Level Security (RLS) ensures that your data is only accessible by your authenticated account.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data on the following legal bases: Contract performance (Article 6(1)(b)): Processing your account information and session data to provide the app service you have signed up for. Legitimate interests (Article 6(1)(f)): Crash reporting and error analysis to maintain app stability and security; fraud prevention. Consent (Article 6(1)(a)): Optional analytics features, where we ask for your consent separately in-app. Legal obligation (Article 6(1)(c)): Retaining billing records as required by applicable tax law.

5. Third-Party Service Providers

We share data with the following processors solely to provide the service:

We do not sell your data to any third party. We do not use your data for advertising. All third-party processors process personal data under their published data processing terms, which include confidentiality obligations.

6. Data Retention

• Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
• Audio recordings (raw): Automatically deleted after the re-transcription window — 7 days (Free), 30 days (Ink), 90 days (Ink Pro). This is a privacy measure (data minimisation): the audio exists only to produce your transcript.
• Transcripts, summaries, notes, bookmarks and photos: Retained until you delete them, or immediately removed on account deletion.
• Billing records: Retained for 7 years as required by applicable tax law (records contain only payment metadata, not card details).
• Crash logs: Retained for 90 days and then automatically purged.
• Deleted data: When you delete a session or your account, data is removed from our active database. Backups are purged on a rolling 30-day cycle.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access, portability and deletion can be exercised directly in the app (Settings → Data & privacy) with immediate effect. For all other rights, or if you prefer, email hello@conferenceink.com — we will respond within 30 days (GDPR standard). We may need to verify your identity before acting on a request.

8. Cookies and Local Storage

The Conference Ink mobile app does not use tracking cookies. Our website (conferenceink.com) uses minimal cookies: - Session cookies required for authentication (necessary, no consent required) - No analytics cookies, no advertising cookies, no fingerprinting We do not use Google Analytics, Facebook Pixel, or any third-party tracking services on our website.

9. Children's Privacy

Conference Ink is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately at hello@conferenceink.com and we will delete it promptly.

10. Data Security

We implement the following measures to protect your data: - All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. - Data at rest in Supabase is encrypted using AES-256. - Authentication is handled by Supabase Auth with industry-standard session token management. - Row Level Security (RLS) policies in our database ensure that every query is scoped to the authenticated user. No user can access another user's data. - API keys for third-party services are never embedded in the app binary. They are accessed via server-side Supabase Edge Functions. For more detail, see our Security page at conferenceink.com/security.

11. International Data Transfers

We are headquartered in the EU and use Supabase on EU-region infrastructure. Some third-party processors (Deepgram, Anthropic, Stripe) process data in the United States. For transfers from the EEA to the USA, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism, as incorporated into each provider's data processing terms.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email (to the address associated with your account) and update the "Last Updated" date at the top of this page. Continued use of the app after the effective date of changes constitutes acceptance of the updated policy.

13. Contact and Supervisory Authority

For privacy questions, requests, or complaints: Email: hello@conferenceink.com Website: https://conferenceink.com If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.