Privacy Policy

Last updated: April 2026

1. Data Controller

Skripta is operated from Malta. For privacy inquiries, contact .

2. What We Collect

• Account information: Email address, display name, and hashed password when you create an account.
• Payment information: Processed and stored by Stripe. We store only your Stripe customer ID, not your card details.
• Usage data: Number of pages transcribed, models used, timestamps. Used for billing and service improvement.
• Transcription data (Pro users only): If you choose to save transcriptions, the extracted text is stored in our database. Original PDF files are never stored.
• Session data: A session cookie to keep you logged in.

3. What We Do NOT Collect

• We do not store uploaded PDF files. Documents are processed in memory and discarded.
• We do not use tracking cookies or third-party analytics that identify you personally.
• We do not sell or share your personal data with advertisers.

4. How We Use Your Data

• To provide the transcription service and process payments.
• To maintain your account and transcription history (if opted in).
• To send transactional emails (receipts, account notifications).
• To comply with legal obligations.

5. Third-Party Processors

• OpenAI: Document images are sent to OpenAI's API for transcription. OpenAI's data usage policies apply. As of our last review, OpenAI does not train on data sent via their API.
• Stripe: Payment processing. See Stripe's Privacy Policy.
• Supabase: Database hosting. Data is stored in EU data centres.

6. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account deletion.
• Saved transcriptions: Auto-deleted after 90 days, or immediately upon user request.
• Usage logs: Retained for 12 months for billing purposes.
• Transaction records: Retained for 7 years as required by tax law.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion of your account and data.
• Portability: Export your transcription data.
• Object: Object to processing of your data.

To exercise these rights, email . We will respond within 30 days.

8. Security

Passwords are hashed using bcrypt. All connections use HTTPS/TLS encryption. Database access is restricted to authorized services only. We conduct regular security reviews.

9. Cookies

We use a single session cookie (sk_session) that is strictly necessary for the service to function. It contains no personal information and expires after 7 days. We do not use advertising or analytics cookies.

10. Changes

We may update this policy. Material changes will be communicated via email. The "Last updated" date at the top reflects the most recent revision.