Privacy Policy

Last updated: June 9, 2026

The Short Version

SolScribe is a zero-retention cloud transcription service. You upload audio; we transcribe it in an isolated GPU environment; we destroy the audio the moment the text is extracted. The transcript is stored encrypted in your account, under your control, and we never use your audio or transcripts to train AI models.

This policy covers the hosted service at app.solscribe.ai and the marketing site at solscribe.ai.

How Your Audio Is Processed

• Upload: Audio is transmitted over TLS to our API.
• Transcription: Your audio is staged in encrypted storage (AWS S3 with SSE-KMS) and passed by a short-lived signed URL to an isolated GPU worker (RunPod) running Whisper Large-v3 with optional speaker diarization.
• Destruction: The audio object is destroyed from storage immediately after the transcript is produced. It exists only for the duration of the transcription job and is never moved to a durable store or backed up.
• Storage: The resulting transcript is stored encrypted in our database (Neon Postgres), retained until you delete it.

For every cloud transcription, SolScribe generates a downloadable Certificate of Destruction — a record containing a SHA-256 hash of the original audio, its file metadata, the processing tier and the exact UTC destruction timestamp — evidencing that the audio was processed and permanently destroyed with no retained copies or backups. Audio destruction is also written to the immutable audit log (actor, action, record ID, timestamp), which HIPAA-tier accounts can export as CSV.

What We Store, and For How Long

Data	Why	Where	Retention
Audio files	Transcription only	Transiently in AWS S3 (SSE-KMS), then a RunPod GPU worker	Destroyed from S3 immediately after the transcript is produced; never backed up
Transcripts	The product you paid for	Encrypted database (AES-256-GCM)	Until you delete them
Account data (email, password hash)	Authentication	Neon Postgres + Neon Auth	Life of account
Compute ledger (minutes used)	Bill the correct number of minutes	Database	Life of account; no audio content or filenames logged
Payment data	Process payments	Stripe (we never see card numbers)	Per Stripe
Operational logs / errors	Reliability and debugging	Sentry (errors) + Fly.io (server logs)	Sentry error events retained up to ~90 days; operational data only — verified to carry no transcript, audio or PHI (user reduced to country-level geo). Fly.io server logs are ephemeral.

Encryption

Transcripts are encrypted at rest with AES-256-GCM, and all data is transmitted over TLS in transit.

We Do Not Train On Your Data

Your audio and transcripts are never used to train AI models — ours or anyone else's. They are processed solely to produce and store your transcript.

AI / LLM Features

SolScribe offers optional features such as chat-with-your-audio and summarization. For the hosted service this inference runs over your transcript text only — never audio, which is already destroyed — via OpenAI, or Anthropic where applicable, both under a Business Associate Agreement. You may instead supply your own OpenAI or Anthropic key (Bring-Your-Own-Key), in which case your text routes directly to that provider under their privacy policy.

Subprocessors

We rely on the following service providers to operate SolScribe:

• RunPod — GPU transcription compute
• Amazon Web Services (AWS) — S3 + KMS for transient encrypted audio staging (BAA in place)
• Neon — Postgres database and authentication (BAA in place)
• OpenAI — AI chat and summarization over transcript text (BAA in place); see AI / LLM Features
• Anthropic — AI features where Claude is used (BAA in place)
• Vercel — marketing site and API hosting
• Stripe — payment processing
• Sentry — error monitoring (request bodies, auth headers and query strings stripped before send)
• Plausible (self-hosted) — privacy-respecting analytics
• Google Ads — marketing-site conversion measurement and advertising cookies

Analytics & Advertising

The marketing site uses self-hosted Plausible analytics (no cookies, no personal data) and Google Ads conversion tracking (gtag.js), which sets cookies for advertising measurement. The hosted application itself contains no third-party advertising trackers.

Your Rights

• Export: Download your transcripts at any time (SRT, VTT, TXT, JSON).
• Deletion: Delete individual transcripts or your entire account. Deletion removes your transcripts from our database. Audio is already destroyed at processing time.
• GDPR / CCPA: If you are in the EEA or California, you have rights of access, correction, deletion and portability. Contact us to exercise them.

HIPAA

Only customers on the $499 Compliance & Legal tier who have executed a Business Associate Agreement (BAA) with DST Digital LLC are authorized to transmit Protected Health Information (PHI) through SolScribe. The BAA is a separate executed document. HIPAA-tier accounts receive Certificates of Destruction, audit logging and dedicated HIPAA-eligible infrastructure. SolScribe is HIPAA-ready; HIPAA compliance is a shared responsibility and depends on your own configuration and a signed BAA.

Legal Entity & Contact

SolScribe is operated by DST Digital LLC. Privacy questions, data requests, or to execute a BAA: privacy@solscribe.ai / compliance@solscribe.ai.

Changes

We will update this policy as the service evolves and bump the "Last updated" date above.