Privacy Policy
Last updated: May 25, 2025
1. Introduction
OmniScribe ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.
This policy complies with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").
2. Data We Collect
We collect only the minimum data necessary to provide the Service:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, authentication, communication | Consent, contract performance |
| Name (optional) | Account personalization | Consent |
| Word usage count | Enforcing tier limits, usage analytics | Contract performance |
| Device hardware ID (hashed) | License binding for Pro/Enterprise tiers | Contract performance |
| Subscription status | Providing paid features | Contract performance |
We do NOT collect: voice recordings, dictated text content, keystrokes, browsing history, or any content you dictate. All speech-to-text processing happens entirely on your device.
3. How We Use Your Data
- To create and manage your account
- To authenticate you and maintain your session
- To enforce word usage limits based on your subscription tier
- To issue and verify licenses for Pro and Enterprise users
- To process payments via our payment processor
- To send service-related communications (account updates, renewal reminders)
- To improve the Service based on aggregated, anonymized usage patterns
4. Data Storage & Security
Your data is stored on Supabase, our database provider, which uses encrypted storage (AES-256 at rest, TLS in transit). Supabase servers are located in regions selected during project setup. We implement reasonable security practices including:
- Row-Level Security (RLS) on all database tables
- Encrypted license storage on your device (ChaCha20Poly1305)
- Ed25519 digital signatures for license verification
- Hardware-bound license tokens to prevent unauthorized sharing
5. Third-Party Services
We use the following third-party services to operate the Service:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database hosting | Email, name, subscription status, word usage count |
| Dodo Payments | Payment processing (Merchant of Record) | Email, transaction details |
| Cloudflare | Website hosting, CDN | Standard web server logs (IP address, user agent) |
| Google, GitHub, Microsoft | OAuth sign-in (if you choose) | Email, name (per provider's privacy policy) |
We do not sell, rent, or share your personal data with any other third parties.
6. Data Retention
We retain your personal data for as long as your account is active. Upon account deletion:
- Profile, subscription, and license data is deleted within 30 days
- Anonymized word usage statistics may be retained for business analytics
- Payment records are retained per Dodo Payments' retention policy
7. Your Rights (DPDP Act, 2023)
Under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access: Request a copy of your personal data we hold
- Correction: Request correction of inaccurate data
- Erasure: Request deletion of your personal data
- Grievance: File a complaint with our Grievance Officer or the Data Protection Board of India
To exercise these rights, contact us at omniscribe@bspmme.anonaddy.com. We will respond within 30 days.
8. Data Breach Notification
In the event of a personal data breach, we will notify affected users and the Data Protection Board of India within 72 hours of becoming aware of the breach, as required by the DPDP Act.
9. Cookies
We use only essential authentication cookies required for the Service to function (Supabase session management). We do not use tracking, analytics, or advertising cookies. See our Cookie Policy for details.
10. Children's Privacy
The Service is not intended for users under 13 years of age. We do not knowingly collect data from children under 13.
11. International Data Transfers
Your data may be stored on servers located outside India (Supabase regions include US, EU, and Asia-Pacific). We ensure adequate safeguards are in place per the DPDP Act.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email. Continued use after changes constitutes acceptance.
13. Grievance Officer
In accordance with the DPDP Act and IT Act, you may contact our Grievance Officer:
Grievance Officer: OmniScribe Team
Email:omniscribe@bspmme.anonaddy.com
Address: Bangalore, Karnataka, India
Response time: Within 30 days of receipt
14. Contact
For privacy-related inquiries, contact omniscribe@bspmme.anonaddy.com.