Privacy Policy
Version: 1.0
Last Updated: October 24, 2024
Effective Date: October 24, 2024
Introduction
Hangjegyzet ("we," "us," or "our") operates the website https://hangjegyzet.hu and provides audio transcription services (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Hungarian data protection laws.
Data Controller
Email: privacy@hangjegyzet.hu
Supervisory Authority
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Website: https://naih.hu/
1. Personal Data We Collect
1.1 Information You Provide
Account Information
- Email address (required for registration)
- Name (optional)
- Password (stored securely using bcrypt hashing)
Payment Information
- Billing address
- Payment method details (processed and stored by Stripe)
- VAT/Tax ID (if applicable)
Content You Upload
- Audio files (MP3, WAV, M4A, etc.)
- File metadata (filename, upload date, file size)
- Generated transcripts
1.2 Information We Collect Automatically
- IP address, browser type, device information
- Pages visited and features used
- Essential cookies (authentication, security)
- Analytics cookies (Vercel Analytics) - requires your consent
2. How We Use Your Personal Data
2.1 Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
Performance of Contract (Art. 6(1)(b))
Providing transcription services, managing your account, processing payments, delivering customer support
Legitimate Interests (Art. 6(1)(f))
Improving our services, security monitoring and fraud prevention, analyzing usage patterns
Consent (Art. 6(1)(a))
Sending marketing communications (if you opt-in), using analytics cookies
Legal Obligation (Art. 6(1)(c))
Complying with tax and accounting requirements, responding to legal requests
3. Third-Party Data Processors
We use the following third-party processors to provide our Service:
Stripe (Payment Processing)
Purpose: Payment processing, subscription management
Location: USA (adequate under GDPR via Data Privacy Framework)
Privacy Policy: https://stripe.com/privacy
Cloudflare R2 (File Storage)
Purpose: Secure storage of audio files and transcripts
Location: EU data centers (Hungary)
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Soniox (Transcription Service)
Purpose: Speech-to-text transcription
Location: USA
Data Retention: Audio files deleted after transcription
Resend (Email Delivery)
Purpose: Transactional emails (account notifications, password resets)
Location: USA
Privacy Policy: https://resend.com/legal/privacy-policy
Vercel (Hosting & Analytics)
Purpose: Website hosting, analytics (optional, requires consent)
Location: USA
Privacy Policy: https://vercel.com/legal/privacy-policy
Supabase (Database)
Purpose: User accounts, file metadata, subscription data
Location: EU data centers
Privacy Policy: https://supabase.com/privacy
4. Data Retention
We retain your personal data while your account is active and for the periods specified below:
| Data Type | Retention Period | Rationale |
|---|---|---|
| Account information | Account lifetime + 30 days | Service provision, legal obligations |
| Audio files & transcripts | Until deleted by user | Service provision, user content |
| Payment records | 7 years after last transaction | Financial regulations, tax compliance |
| Audit logs | 90 days (standard events) | Security monitoring |
5. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of Access (Article 15)
You can request a copy of all your personal data we hold. We will provide this within 1 month, free of charge, in a machine-readable format.
How to Exercise: Click "Export My Data" in Settings → Privacy
Right to Erasure / Right to be Forgotten (Article 17)
You can request deletion of your personal data. We will complete this within 1 month.
How to Exercise: Click "Delete Account" in Settings → Privacy
Right to Rectification (Article 16)
You can correct inaccurate personal data.
How to Exercise: Update your profile in Settings → Profile
Right to Data Portability (Article 20)
You can receive your personal data in a structured, machine-readable format (JSON).
How to Exercise: Use "Export My Data" feature
Right to Lodge a Complaint (Article 77)
You can file a complaint with the Hungarian NAIH if you believe we've violated your rights.
NAIH Contact: ugyfelszolgalat@naih.hu
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to provide, protect, and improve our Service. This section explains what cookies we use, why we use them, and your choices regarding cookies.
6.1 What are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us recognize your browser and remember your preferences. Cookies can be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain until they expire or you delete them).
6.2 Cookie Categories
Necessary Cookies (Always Active)
These cookies are essential for the website to function and cannot be disabled. They are required for core functionality like authentication, security, and session management.
auth_token
Purpose: User authentication and session management
Retention: Session-based or 30 days (if "Remember me" is selected)
Legal Basis: Essential for service provision (no consent required per ePrivacy Directive)
csrf_token
Purpose: Cross-Site Request Forgery protection
Retention: Session-based
Legal Basis: Security and fraud prevention
cookie_consent
Purpose: Stores your cookie preferences
Retention: 1 year
Legal Basis: GDPR compliance (remembers your consent choices)
Analytics Cookies (Requires Your Consent)
These cookies help us understand how visitors use our website through anonymous usage statistics. They improve user experience by identifying popular features and performance bottlenecks.
Vercel Analytics
Provider: Vercel Inc. (USA)
Data Collected: Page URLs, timestamps, device type, browser, referrer, anonymized IP address
Retention: 30 days
Purpose: Understand user behavior, improve website performance
Privacy Policy: https://vercel.com/legal/privacy-policy
Marketing Cookies (Requires Your Consent)
These cookies are used for retargeting and advertising purposes. Currently not implemented, but available for future marketing campaigns.
Future Integration: Google Ads, Facebook Pixel (planned)
Retention: 90 days (when implemented)
Purpose: Personalized advertising, campaign tracking
6.3 Managing Your Cookie Preferences
You have full control over which optional cookies we use. You can change your preferences at any time:
First Visit: You'll see a cookie consent banner when you first visit our website. Choose to accept all, reject all, or customize your preferences.
Change Anytime: Click the button below to update your cookie preferences at any time.
Browser Settings: You can also manage cookies through your browser settings. Note that disabling necessary cookies may prevent you from using certain features.
6.4 Third-Party Cookies
Some cookies are set by third-party services we use (e.g., Vercel Analytics). We do not control these cookies. Please review the privacy policies of these services:
6.5 Withdrawing Consent
You can withdraw your consent for analytics and marketing cookies at any time by:
- Clicking the "Manage Cookie Preferences" button above to update your settings
- Clearing your browser cookies (this will also remove necessary cookies and log you out)
- Contacting us at privacy@hangjegyzet.hu
Note: Withdrawing consent for analytics cookies does not affect your account or service functionality. You can continue using Hangjegyzet with only necessary cookies enabled.
7. Data Security
We implement industry-standard security measures:
- Encryption: HTTPS/TLS for data in transit, AES-256 encryption for data at rest
- Access Controls: Role-based access control, audit logging of data access
- Password Security: Bcrypt password hashing
- Monitoring: 24/7 security monitoring, intrusion detection systems
Despite our efforts, no system is 100% secure. If you believe a breach has occurred, please contact us immediately at security@hangjegyzet.hu.
8. Children's Privacy
Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we discover we've collected data from a child, we will delete it immediately.
9. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email notification or prominent notice on our website.
10. Contact Us
General Inquiries: support@hangjegyzet.hu
Privacy Concerns: privacy@hangjegyzet.hu
We aim to respond to all privacy inquiries within 5 business days.
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | October 24, 2024 | Initial publication |