Privacy Policy

Last Updated: March 7, 2026

1. Introduction

This Privacy Policy explains how KoodiKraft processes personal data when you use AI Transkriptio and related customer support, billing, and account services.

This policy is intended to describe the service as it is currently implemented. If we materially change our processing practices, we will update this document.

2. Controller

Controller: KoodiKraft
Contact email: info@aitranskriptio.fi

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at the address above.

3. Personal Data We Process

3.1 Data you provide directly

  • Account email address and profile information provided through Clerk
  • Audio, video, and source URLs submitted for transcription
  • Job settings such as language, subtitle settings, translation, and diarization options
  • Billing details you submit to Stripe
  • Messages you send through the contact form or support email

3.2 Data generated when you use the service

  • Authentication and account identifiers
  • Subscription, plan, usage, and quota information
  • Job status, timestamps, processing metadata, and transcript segments
  • API key metadata, audit events, and rate-limit events
  • Technical logs, performance data, and error reports

3.3 Cookies and similar technologies

We currently use:

  • Essential cookies required for authentication and session handling
  • A language preference cookie (user_language)
  • Security-related browser storage or cookies used by Clerk and reCAPTCHA

We do not describe optional analytics cookies in this policy unless and until they are actually deployed.

4. Purposes and Legal Bases

We process personal data for the following purposes:

4.1 Providing the service

Legal basis: performance of a contract

  • Creating and maintaining your account
  • Receiving and processing transcription jobs
  • Delivering transcripts, translations, and related results
  • Managing usage limits, billing state, and subscription entitlements

4.2 Billing and payment administration

Legal basis: performance of a contract and legal obligation

  • Creating and managing Stripe checkout and billing portal sessions
  • Processing invoices, receipts, and billing records
  • Preventing misuse of paid resources and enforcing plan limits

4.3 Support and service communications

Legal basis: performance of a contract and legitimate interest

  • Replying to support requests
  • Sending transactional messages about jobs, billing issues, and account events
  • Handling abuse, fraud, and operational incidents

4.4 Security, monitoring, and abuse prevention

Legal basis: legitimate interest and legal obligation

  • Logging security-relevant events
  • Detecting abuse, fraud, and unauthorized access
  • Monitoring system reliability and investigating errors

4.5 Compliance with privacy requests

Legal basis: legal obligation

  • Providing GDPR exports
  • Deleting or anonymizing account data where applicable
  • Maintaining records required by law

5. Recipients and Service Providers

We do not sell personal data.

We use service providers and infrastructure that may process personal data on our behalf, including:

  • Clerk for authentication and account identity management
  • Stripe for payments, subscriptions, invoices, and billing portal functions
  • S3-compatible object storage for uploads, results, and export files
  • RunPod and related GPU processing infrastructure for transcription workloads
  • Redis for queues, cache, rate limiting, and operational state
  • Sentry for error monitoring, when enabled
  • SMTP/email providers for transactional email delivery
  • Google reCAPTCHA for contact form abuse protection

We may also disclose data when required by law or to protect our rights, users, or service security.

6. International Transfers

Some of our service providers may process data outside the European Economic Area, including in the United States.

Where personal data is transferred outside the EEA, we aim to rely on an appropriate transfer mechanism, such as adequacy decisions or contractual safeguards, depending on the provider and service configuration in use at the time.

7. Retention

We retain personal data only for as long as needed for the relevant purpose, unless a longer retention period is required by law.

Current implementation-based examples:

  • Account records: generally until account deletion, unless law requires longer retention
  • Billing records: retained as required by accounting and tax law
  • Contact form tickets stored in Redis: up to 30 days
  • Job data stored in Redis: typically up to 30 days for related job keys
  • GDPR export links: up to 7 days
  • Some audit and usage-related records: may be retained for up to 90 days or longer depending on the storage system and record type

Because the service uses multiple storage layers, exact retention can vary by data category. If you need details about a specific dataset, contact us.

8. Security

We use technical and organizational measures intended to protect personal data, including:

  • TLS-protected connections
  • Access controls and role-based restrictions
  • Authentication via Clerk
  • Separate billing handled through Stripe
  • Audit logging and operational monitoring
  • Malware scanning and upload controls in parts of the file handling flow

No system is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on applicable law, you may have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your data
  • Restrict or object to certain processing
  • Receive your data in a portable format
  • Lodge a complaint with a supervisory authority

The backend currently includes GDPR-related endpoints for data export, account deletion, anonymization, data summary, and audit log access. If you cannot use those tools directly, contact us at info@aitranskriptio.fi.

10. Contact and Support Messages

If you submit the contact form:

  • We process your name, email, subject, and message
  • We use reCAPTCHA to reduce abuse
  • We may store the ticket temporarily in Redis
  • We may send confirmation and support notification emails

11. Children

This service is not intended for children, and we do not knowingly offer it to minors as a dedicated children’s service.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with a revised date.

Kysymyksiä tietosuojasta? Ota yhteyttä tietosuojavastaavaan