Privacy Policy
Last updated: 2026-06-14
This Policy explains how [COMPANY_LEGAL_NAME] (“we”) handles personal data for Hushscript. We comply with Thailand’s Personal Data Protection Act B.E. 2562 (PDPA) and Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) (PDPO).
Data controller
[COMPANY_LEGAL_NAME], [COMPANY_ADDRESS]. Privacy contact: [DPO_EMAIL].
What we collect
- Account data: your email address (for magic-link sign-in).
- Payment data: billing metadata from Stripe (we never receive your full card number).
- Content: the audio you submit and the transcripts produced from it.
- Usage/technical data: limited logs and rate-limiting signals.
How recordings are handled
Your browser extracts and compresses the audio before upload — the original video never leaves your device. Uploaded audio is deleted the moment the transcript is produced. The speech-processing engine runs with zero data retention. Transcripts are stored privately to your account until you delete them.
Purpose and lawful basis
We process data to provide the service, take payment, prevent abuse, and meet legal obligations — on the bases of contract performance, legitimate interest, consent (where required), and legal compliance under the PDPA and PDPO.
Sub-processors
Cloudflare (hosting, storage, Workers AI speech model), Stripe (payments), and Mailgun (transactional email). Data may be processed outside Thailand or Hong Kong with appropriate safeguards.
Your rights
Under the PDPA and PDPO you may request access, correction, erasure, or portability of your personal data, object to or restrict processing, and withdraw consent. To exercise these rights, contact [DPO_EMAIL]. You may also complain to the relevant authority (Thailand’s PDPC or Hong Kong’s PCPD).
Retention
Account and transcript data are kept until you delete them or close your account; uploaded audio is deleted immediately after transcription; payment records are kept as required by law.
Changes
We will post updates here with a new “last updated” date.