Back to Home

Privacy Policy

Last updated: July 13, 2026

1. Introduction

Subsume ("we", "our", or "us") provides real-time speech-to-text captioning and translation services. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Authentication data through our authentication provider (OAuth tokens, session data)
  • Organization name (for team accounts)

2.2 Audio and Transcript Data

When you use our captioning service:

  • Audio streams are transmitted in real time to our speech-to-text providers for processing and are only briefly buffered in memory while being processed. We do not store audio recordings.
  • Text transcripts generated from your audio are stored in our database to provide session history, playback, and export features.
  • Translations of transcripts (if enabled) are also stored.
  • AI processing: Transcript and translation text may be sent to third-party AI language model providers to perform caption cleaning, translation quality analysis, and other service improvements. These providers act as our service providers and are not permitted to use your content to train their models. Some providers may retain data for a short period (for example, up to 30 days) for abuse monitoring and security before deleting it.
  • Audio dubbing and voice: If you enable audio dubbing, translation text is sent to speech-synthesis providers to generate spoken audio. With the Live Translate engine, your audio is processed by a speech-to-speech provider to produce translated speech that resembles the speaker's own voice. This processing happens in real time; we do not store audio recordings or voice models. When the "match speaker" option is used, a short text description of the speaker's vocal style may be derived and stored on your recurring template to keep voices consistent across sessions.
  • Service improvement: At the end of a session, the Service may automatically derive terminology and quality refinements from your session data to improve captioning and translation accuracy for future sessions within your account. This processing is scoped to your account and is not used to train third-party AI models.
  • You retain ownership of all transcript content generated from your audio.

2.3 Usage Data

We automatically collect:

  • Session duration and timestamps
  • Features used (languages, translation settings)
  • Credit consumption for billing
  • IP address (used transiently for security, rate limiting, and abuse prevention) and browser/device information
  • Pages visited and interactions with our Service

2.4 Payment and Billing Information

Payments are processed by our payment processor (Stripe). We never receive or store your full card number. We store your subscription plan and status, credit balance and transaction history, and payment references (such as customer and invoice identifiers) needed to manage your account and comply with financial record-keeping requirements.

2.5 Event Attendees and Caption Viewers

People who view captions or listen to translated audio through a shared session link do not need an account, and we do not collect their name or email address. For attendees, we process only:

  • A random identifier stored in the browser's local storage, together with the chosen caption language, used solely to count how many people are watching a broadcast. It is not linked to any identity.
  • IP address, used transiently for rate limiting and abuse prevention. We do not store attendee IP addresses or browser details in our viewer records.

The captions and audio an attendee sees are the event host's content; the host controls what is captured and shared.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide you with our Service (account management, captioning, billing).
  • Legitimate interests: Processing for our legitimate business interests (improving our Service, security, fraud prevention), where not overridden by your rights.
  • Consent: Where you have given explicit consent for specific processing activities.
  • Legal obligations: Processing necessary to comply with legal requirements.

4. How We Use Your Information

  • To provide, operate, and maintain our captioning and translation services
  • To process your audio and generate accurate captions
  • To analyze and refine transcript and translation quality using AI language models
  • To manage your account, billing, and credit balance
  • To communicate with you about service updates, security alerts, and support
  • To improve our Service and develop new features
  • To detect, prevent, and address technical issues or abuse
  • To comply with legal obligations

5. Third-Party Services and Data Sharing

We work with trusted third-party service providers to operate our Service. These providers fall into the following categories:

  • Authentication providers — to manage user accounts and secure login sessions
  • Speech-to-text providers — to convert your audio streams into text transcripts in real time
  • AI language model providers — to perform transcript cleaning, translation quality analysis, and other text processing tasks
  • Speech synthesis and voice providers — to generate spoken audio of translations and, when audio dubbing is enabled, translated speech in the speaker's voice
  • Cloud infrastructure and database providers — to host and store your data securely
  • Payment processors — to handle subscription payments and credit purchases securely
  • Error monitoring providers — to capture application errors so we can fix problems; error reports may include technical details such as IP address and browser information
  • Email delivery providers — to send transactional and service emails

Each provider receives only the data necessary to perform its specific function. Our service providers are contractually obligated to protect your data and use it only as directed by us. Each provider maintains their own privacy policy governing their data practices. A current list of our subprocessors is available on request at privacy@subsume.io.

We do not sell your personal information to third parties. We do not share your data with third parties for their own marketing purposes.

6. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers are located. These countries may have different data protection laws.

When we transfer data from the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or transfers to countries with adequate data protection recognized by relevant authorities.

7. Data Retention

We retain your data for as long as necessary to provide our Service and fulfill the purposes described in this policy:

  • Account data: Retained while your account is active. When your account or organization is deleted, account records are anonymized and your content is deleted as described below.
  • Transcript data: Retained until you delete the session or your account. You can delete individual sessions at any time; deleted sessions are permanently removed from our systems within 30 days of deletion.
  • Attendee presence records: The anonymous viewer-count records described in Section 2.5 are deleted within 90 days.
  • Usage logs: Retained for up to 12 months for billing, analytics, and security purposes.

When you delete your account or organization, your content data — sessions, transcripts, translations, learned terminology, and speaker settings — is deleted and your account records are anonymized. Billing and transaction records are retained where required for tax, accounting, and other legal compliance.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/SSL) for all data transmission
  • Encryption at rest for stored data
  • Organization-level access controls that isolate each customer's data
  • Ongoing security review and updates
  • Strict access controls limiting access to production data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities in accordance with applicable law, including within 72 hours where required by the GDPR.

9. Your Rights

Depending on your location, you may have the following rights:

All Users

  • Access your personal data
  • Correct inaccurate data
  • Delete your data and account
  • Export your transcript data

You can delete individual sessions from your dashboard, and delete your account or organization from your account settings. You can also email us at privacy@subsume.io and we will carry out the deletion for you.

EEA/UK Residents (GDPR)

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

California Residents (CCPA/CPRA)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

To exercise any of these rights, please contact us at privacy@subsume.io. We will respond to your request within 30 days (or sooner if required by law).

10. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication and core functionality. Cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., theme settings).
  • Browser local storage: Used to remember preferences and, on caption viewer pages, to hold the random listener identifier described in Section 2.5 so we can count how many people are watching a broadcast. It contains no personal details and is not used for tracking across sites.

We do not use advertising, analytics, or third-party tracking cookies. Our authentication provider sets cookies necessary for secure login sessions.

Our Service does not currently respond to Do Not Track (DNT) browser signals. However, as described above, we do not use third-party tracking or advertising cookies.

11. Automated Processing

Our Service uses AI language models to process your transcript and translation text for quality improvement purposes. This processing is used solely to enhance the accuracy and readability of captions and translations. It does not involve automated decision-making that produces legal or similarly significant effects on you.

12. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@subsume.io.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: