Back to Home

Privacy Policy

Last updated: November 29, 2025

1. Introduction

Subsume ("we", "our", or "us") provides real-time speech-to-text captioning and translation services. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Authentication data through our provider, Clerk (OAuth tokens, session data)
  • Organization name (for team accounts)

2.2 Audio and Transcript Data

When you use our captioning service:

  • Audio streams are transmitted in real-time to our speech-to-text providers for processing. We do not store audio recordings.
  • Text transcripts generated from your audio are stored in our database to provide session history, playback, and export features.
  • Translations of transcripts (if enabled) are also stored.
  • You retain ownership of all transcript content generated from your audio.

2.3 Usage Data

We automatically collect:

  • Session duration and timestamps
  • Features used (languages, translation settings)
  • Credit consumption for billing
  • IP address and browser/device information
  • Pages visited and interactions with our Service

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide you with our Service (account management, captioning, billing).
  • Legitimate interests: Processing for our legitimate business interests (improving our Service, security, fraud prevention), where not overridden by your rights.
  • Consent: Where you have given explicit consent for specific processing activities.
  • Legal obligations: Processing necessary to comply with legal requirements.

4. How We Use Your Information

  • To provide, operate, and maintain our captioning and translation services
  • To process your audio and generate accurate captions
  • To manage your account, billing, and credit balance
  • To communicate with you about service updates, security alerts, and support
  • To improve our Service and develop new features
  • To detect, prevent, and address technical issues or abuse
  • To comply with legal obligations

5. Third-Party Services and Data Sharing

We work with trusted third-party service providers to operate our Service, including providers for authentication, speech-to-text processing, database hosting, and infrastructure. These providers receive only the data necessary to perform their services.

Our service providers are contractually obligated to protect your data and use it only as directed by us. Each provider maintains their own privacy policy governing their data practices.

We do not sell your personal information to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers are located. These countries may have different data protection laws.

When we transfer data from the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or transfers to countries with adequate data protection recognized by relevant authorities.

7. Data Retention

We retain your data for as long as necessary to provide our Service and fulfill the purposes described in this policy:

  • Account data: Retained while your account is active and for a reasonable period afterward for legal and business purposes.
  • Transcript data: Retained until you delete the session or your account. You can delete individual sessions at any time.
  • Usage logs: Retained for up to 12 months for analytics and security purposes.

Upon account deletion, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal compliance.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/SSL) for all data transmission
  • Encryption at rest for stored data
  • Row-level security controls in our database
  • Regular security assessments and updates
  • Access controls limiting employee access to data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights:

All Users

  • Access your personal data
  • Correct inaccurate data
  • Delete your data and account
  • Export your transcript data

EEA/UK Residents (GDPR)

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

California Residents (CCPA/CPRA)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

To exercise any of these rights, please contact us at privacy@subsume.io. We will respond to your request within 30 days (or sooner if required by law).

10. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication and core functionality. Cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., theme settings).

We do not use advertising or third-party tracking cookies. Our authentication provider (Clerk) sets cookies necessary for secure login sessions.

11. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@subsume.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: