1. Data Controller
The data controller responsible for your personal data is Exactum, operated by the site owner.
If you have any questions about how your personal data is processed, you can contact us at any time using the details above or via our contact page.
2. What Data We Collect
We collect the following categories of personal data:
Account Information
- Email address
- Name
- Password (securely hashed, never stored in plain text)
- Authentication provider details (if using third-party sign-in)
Content Data
- Uploaded audio and video files
- Transcription text generated from your files
- AI analysis results (summaries, key points, chapters, sentiment analysis, topics, FAQs, fact checks)
- YouTube transcript data extracted via our browser extension
Payment Information
- Payment details are collected and processed directly by our payment processor. We do not store your full credit card number, CVC, or billing address on our servers.
- We receive from our payment processor: transaction IDs, subscription status, plan type, and payment confirmation.
Usage and Technical Data
- Service usage data (transcription minutes used, extension usage counts)
- Device and browser information (user agent string)
- IP address (processed temporarily for security purposes; not stored long-term)
- Pages visited and features used
- Cookies and local storage preferences
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data on the following legal bases:
| Legal Basis | Processing Activities |
|---|
Performance of Contract
(Art. 6(1)(b)) | Providing transcription services, AI analysis, account creation and management, processing payments, delivering subscription features |
Consent
(Art. 6(1)(a)) | Analytics cookies for anonymous visit tracking. You can withdraw consent at any time through your cookie preferences. |
Legitimate Interest
(Art. 6(1)(f)) | Fraud prevention, abuse detection, service improvement, security monitoring, enforcing usage limits |
4. How We Use Your Data
We use your personal data for the following purposes:
- Transcription Services: Processing your uploaded audio and video files through our transcription engine to generate text output
- AI Analysis: Generating summaries, key points, chapters, sentiment analysis, topics, FAQs, and fact checks from your transcripts
- Account Management: Creating and maintaining your account, authenticating your identity, managing your subscription and plan limits
- Payment Processing: Processing subscription payments, managing billing cycles, and handling refunds through our payment processor
- Customer Support: Responding to your inquiries, troubleshooting issues, providing technical assistance
- Service Improvement: Analyzing aggregated, anonymized usage patterns to improve our services (with your consent where required)
- Security: Detecting and preventing fraud, abuse, and unauthorized access to our services
We do not use your content to train AI models. Your transcriptions and uploaded files are processed solely to deliver the services you requested.
5. Third-Party Data Processors
To provide our services, we work with a limited number of trusted third-party processors for the following purposes:
- Speech-to-text transcription — your audio is sent to our transcription provider to generate text
- AI text analysis — transcripts are processed by our AI provider to generate summaries, key points, and other insights
- Payment processing — subscription and payment data is handled by our payment processor
- Server hosting — your data is stored on our hosting infrastructure
- Authentication — if you choose to sign in with a third-party account, that provider processes your login
All processors act under our instructions and are bound by data processing agreements. Where data is transferred outside the European Economic Area, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). These transfers are necessary to provide our services.
To ensure your data is protected in accordance with GDPR requirements, all international transfers are safeguarded by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with all third-party processors
- Technical measures including encryption in transit
7. Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this policy. Specific retention periods are as follows:
Transcription History
| Plan | Retention Period |
|---|
| Free | 7 days |
| Basic | 30 days |
| Starter | 30 days |
| Creator | Unlimited (until account deletion) |
| Studio | Unlimited (until account deletion) |
Other Data
- Audio/video files: Stored securely in cloud storage for the duration of your account so you can replay and re-download your media. Files are permanently deleted when you delete a transcription or your account.
- Account data: Permanently deleted immediately when you delete your account through account Settings.
- Analytics data: Anonymous visit data is retained for service improvement purposes and deleted when no longer needed.
- Payment records: Retained as required by applicable tax and financial regulations.
8. No Advertising & No Data Sharing
Exactum does not display advertisements on the website and does not participate in any advertising networks. We do not use any third-party tracking services.
We do not sell, rent, or share your personal data with third parties for marketing, advertising, or any other commercial purpose. The anonymous analytics data we collect (with your consent) is used exclusively for internal purposes — understanding website traffic and improving the user experience.
9. Cookies and Tracking
We use the following types of cookies and storage mechanisms:
| Type | Purpose | Consent Required |
|---|
| Essential Cookies | Session management, security, authentication | No (strictly necessary) |
| Analytics Cookies | Visitor tracking, usage statistics, performance monitoring | Yes |
| Preference Storage | Theme (dark/light), language, UI preferences | No (localStorage, not cookies) |
You can manage your cookie preferences at any time. For more information, see our Cookie Policy.
10. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
- Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to access a copy of that data. You can export your data from your account Settings.
- Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data. You can update your account information directly in your Settings.
- Right to Erasure (Article 17): You have the right to request deletion of your personal data. You can delete your account and all associated data from your account Settings. Upon deletion, all your data is permanently erased immediately.
- Right to Restrict Processing (Article 18): You have the right to request that we limit how we process your data in certain circumstances, such as when you contest the accuracy of your data.
- Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format. You can export your data from your account Settings.
- Right to Object (Article 21): You have the right to object to processing based on legitimate interests, including analytics tracking. You can opt out of analytics at any time via cookie preferences.
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. You can manage your cookie preferences by clicking "Cookie Settings" in the website footer. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
To exercise any of these rights, contact us at [email protected] or use the self-service options in your account Settings. We will respond to your request within 30 days as required by GDPR.
11. Children's Privacy
Exactum is intended for users who are 18 years of age or older. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data as soon as possible.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] so we can take appropriate action.
12. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption in transit: All data is transmitted over encrypted connections
- Encryption at rest: Sensitive credentials are encrypted before storage
- Password security: Passwords are securely hashed and never stored in plain text
- Abuse prevention: Endpoints are protected against brute-force attacks
- Access controls: Strict access controls to production systems and data
While we take all reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. If you discover a security vulnerability, please report it to [email protected].
13. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33
- Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, in accordance with GDPR Article 34
- Document the breach, its effects, and the remedial actions taken
Notifications will be sent via email to the address associated with your account and, where appropriate, via a prominent notice on our website.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify registered users via email for any material changes that affect how your data is processed
- Where required by law, obtain your consent before applying material changes
Your continued use of Exactum after changes are posted constitutes your acknowledgment of the updated policy. We encourage you to review this page periodically.
15. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us through the following channels:
We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.