GDPR Compliance
Last Updated: January 13, 2025
At Spearmint LLC, we are committed to protecting the privacy and rights of our users under the General Data Protection Regulation (GDPR). This document outlines our compliance with GDPR requirements and explains how we protect the rights of users in the European Economic Area (EEA).
Important Notice
If you are located in the EEA, you have specific rights regarding your personal data. This document explains these rights and how to exercise them.
1. Data Controller Information
Spearmint LLC acts as the data controller for personal data collected through our Voice Transcriber Chrome extension. Our contact information is:
- Company: Spearmint LLC
- Email: [email protected]
- Website: https://voicetranscriber.ai
2. Data Protection Officer
Our Data Protection Officer (DPO) can be contacted at:
Email: [email protected]
3. Personal Data We Process
We process the following types of personal data:
- Voice recordings (temporarily during transcription)
- Transcribed text
- User preferences and settings
- Technical data (browser information, IP address)
- Payment information (for premium subscribers)
4. Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: For processing voice recordings and providing transcription services
- Contract: For providing services to premium subscribers
- Legitimate Interests: For improving our services and ensuring security
- Legal Obligation: For complying with legal requirements
5. Your Rights Under GDPR
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Obtain information about your personal data processing and get a copy | Contact [email protected] |
| Right to Rectification | Correct inaccurate personal data | Update via extension settings or contact support |
| Right to Erasure | Request deletion of your personal data | Contact [email protected] |
| Right to Restriction | Limit how we use your personal data | Contact [email protected] |
| Right to Data Portability | Receive your data in a structured, commonly used format | Request via extension settings |
| Right to Object | Object to processing based on legitimate interests | Contact [email protected] |
6. Data Protection Measures
We implement appropriate technical and organizational measures to ensure data security:
- End-to-end encryption for voice data transmission
- Secure processing through OpenAI's Whisper API
- Immediate deletion of voice recordings after transcription
- Regular security assessments and updates
- Staff training on data protection
7. International Data Transfers
When we transfer personal data outside the EEA, we ensure adequate safeguards through:
- Standard Contractual Clauses (SCCs)
- Privacy Shield certification (where applicable)
- Adequate jurisdiction decisions by the European Commission
8. Data Retention
We retain personal data only as long as necessary:
- Voice recordings: Deleted immediately after transcription
- Account information: Duration of account plus 30 days
- Payment information: As required by law
- Usage data: 12 months
9. Data Breach Notification
In case of a personal data breach, we will:
- Notify supervisory authorities within 72 hours
- Inform affected users without undue delay
- Document all breaches and remediation actions
10. Children's Data
We do not knowingly process personal data of children under 16. If we become aware of such processing, we will take immediate steps to delete the data.