Privacy Policy

How we collect, use, and protect your data

Last updated: February 2026

1. Data Controller

Amanuscribe ("we", "us", or "our") is the data controller responsible for your personal data. We operate the website at amanuscribe.ie and the transcription application at app.amanuscribe.ie.

  • Legal entity: Amanuscribe, a sole trader registered in Ireland (CRO number: 717986)
  • Address:P.O. Box 6, 43a Bandon Road, Cork, Ireland.
  • Contact email: admin@amanuscribe.ie

2. Information We Collect

We collect information you provide directly and information generated through your use of the service:

Information you provide:

  • Account information: When you create an account, we collect your name and email address via our authentication provider (Clerk).
  • Audio files: Audio files you upload for transcription, including metadata such as file name, duration, and format.
  • Template documents: Optional Word document (.docx) templates you upload alongside audio files.
  • Payment information: Payment card details are collected and processed directly by Stripe. We do not store your full card number on our servers. We receive and store your Stripe customer ID, subscription status, and transaction history.
  • Communications: When you contact us via email or our contact form, we retain the correspondence.

Information collected automatically:

  • Session data: We use essential cookies to maintain your login session. See Section 9 (Cookies) below.
  • Usage data: Basic information about how you use the service, such as job creation dates and status changes.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): Processing your account information, audio files, and payment details is necessary to provide you with our transcription service.
  • Legitimate interest (Art. 6(1)(f)): We process usage data to maintain, improve, and secure the service. We process communications to respond to your enquiries.
  • Legal obligation (Art. 6(1)(c)): We retain certain transaction records as required by Irish tax and accounting regulations.

4. How We Use Your Information

  • To create and manage your account
  • To provide the transcription service, including making your audio files and templates available to your assigned typist
  • To process payments and manage subscriptions
  • To send transactional emails (job status updates, payment confirmations)
  • To send push notifications to your mobile device about job status (if you have the mobile app installed and notifications enabled)
  • To respond to your support requests and enquiries
  • To maintain the security and integrity of the service

We do not sell your personal data. We do not use your data for advertising or profiling purposes.

5. Sharing Your Data with Typists

When you create a transcription job, the following data is made available to the typist assigned to your job:

  • Your audio file(s)
  • Your template document(s), if provided
  • Job metadata (audio duration, priority level, any instructions you provide)

Amanuscribe marketplace typists are independent contractors who process your data on our behalf as data processors under GDPR Article 28. We have data processing agreements in place with our marketplace typists that require them to process your data only for the purpose of completing your transcription, to treat all content as confidential, and to delete your files upon job completion.

Your own invited typists are individuals you choose to invite to the platform. When you invite your own typist, you are the party responsible for the relationship with that typist, including any confidentiality or data handling arrangements. We provide the platform infrastructure, but your invited typist accesses your files based on your instruction.

In all cases, typists do not receive your email address, payment information, or account details.

6. Third-Party Service Providers

We use the following third-party services to operate Amanuscribe. Each processes data on our behalf and under our instructions. We have entered into data processing agreements (DPAs) with these providers as required by GDPR Article 28:

  • Clerk (clerk.com) — Authentication and account management. Processes your name, email address, and login credentials. Based in the United States. Clerk's DPA and data processing practices are available at clerk.com/legal/dpa.
  • Amazon Web Services (AWS) — File storage (S3) and email delivery (SES). Audio files, templates, and transcripts are stored in the EU (Ireland) region. Transactional emails are sent via AWS SES. AWS's GDPR DPA applies automatically under the AWS Customer Agreement.
  • Stripe (stripe.com) — Payment processing and subscription management. Processes your payment card details, billing address, and transaction data. Stripe acts as both a data processor (on our behalf) and an independent data controller (for payment fraud prevention and regulatory compliance). Stripe's DPA is available at stripe.com/legal/dpa.
  • Expo (expo.dev) — Push notification delivery for the mobile app. Receives your device push token (not your name or email) to deliver notifications. Based in the United States.
  • Google Fonts (fonts.google.com) — Font delivery for the marketing website. Your browser connects to Google servers to load fonts, which may transmit your IP address to Google. See Google's Privacy Policy.

7. International Data Transfers

Your audio files and transcripts are stored on AWS servers in the EU (Ireland). However, some of our service providers are based in or transfer data to the United States:

  • Clerk processes authentication data in the US.
  • Stripe processes payment data with servers in the EU and US.
  • Expo processes push notification tokens in the US.

Where personal data is transferred outside the European Economic Area (EEA), we rely on one or more of the following safeguards as required by GDPR Chapter V:

  • EU-US Data Privacy Framework: Where the recipient is certified under the EU-US Data Privacy Framework, we rely on the European Commission's adequacy decision of 10 July 2023. We verify certification status via the Data Privacy Framework list.
  • Standard Contractual Clauses (SCCs): Where DPF certification is not available, we ensure the provider has entered into the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914).

You may request a copy of the safeguards in place for any specific transfer by contacting us at admin@amanuscribe.ie.

8. Data Retention

  • Audio files and templates: Retained for 90 days after job completion, then automatically deleted. Files for cancelled jobs are deleted immediately.
  • Completed transcripts: Retained and available for download for as long as your account is active. Upon account closure, transcripts are deleted within 30 days, subject to any legal retention obligations.
  • Account information: Retained for as long as your account is active. If you request account deletion, we will delete your account data within 30 days, subject to any legal retention obligations.
  • Payment records: Transaction records are retained for 7 years as required by Irish tax law (Taxes Consolidation Act 1997).
  • Communications: Support correspondence is retained for 2 years from the date of last contact.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data in accordance with GDPR Article 32, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest (AES-256 for stored files)
  • Access controls limiting who can access your files to only the assigned typist and authorised personnel
  • Secure authentication via Clerk with support for multi-factor authentication
  • Pre-signed, time-limited URLs for file access (files are never publicly accessible)
  • Regular security reviews of our infrastructure and dependencies

No method of electronic storage or transmission is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Irish Data Protection Commission within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34.

Notification will include the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

11. Special Categories of Data

We do not intentionally collect special categories of personal data (as defined in GDPR Article 9), such as data revealing health information, political opinions, religious beliefs, or trade union membership.

However, we recognise that audio files you upload for transcription may contain sensitive content (e.g., medical dictation, legal proceedings). If your audio files contain special category data, you are responsible for ensuring you have a lawful basis to have that content processed by a third-party transcription service. By uploading such content, you confirm that you have obtained any necessary consents or have another lawful basis for processing.

12. Cookies

We use essential cookies only to maintain your login session and store your preferences within the application. These cookies are strictly necessary for the service to function and do not require consent under the ePrivacy Directive.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

Our marketing website loads fonts from Google Fonts, which may set cookies. For more information, see Google's Privacy Policy.

13. Your Rights Under GDPR

If you are in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interest.

To exercise any of these rights, contact us at admin@amanuscribe.ie. We will respond within 30 days. If we need to extend this period (by up to a further 60 days for complex requests), we will inform you within the initial 30-day period and explain the reason for the delay.

There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

14. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Irish Data Protection Commission:

  • Data Protection Commission
  • 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
  • Website: www.dataprotection.ie
  • Phone: +353 (0)1 765 0100 / 1800 437 737

15. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Audio duration and pricing are calculated automatically, but no decisions about your access to the service are made without human involvement.

16. Children's Privacy

Amanuscribe is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

17. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by placing a notice on our website. The "last updated" date at the top of this page indicates when the policy was last revised.

18. Contact

For any questions about this privacy policy or how we handle your data, contact us at admin@amanuscribe.ie.