Last updated: 25 April 2026
Quentin Lemarié, sole proprietor
Email: privacy@aurascribe.com
Located in France
If you have questions about this policy or wish to exercise your data rights, contact us at the email above.
When you use auraScribe, including its Meeting Bot feature, we may collect and process the following categories of personal data:
| Category | Description | Source |
|---|---|---|
| Account data | Name, email address, authentication credentials | Provided by you at registration |
| Audio recordings | Meeting audio captured by the Meeting Bot | Microsoft Teams, Google Meet via Meeting BaaS (Spoke) |
| Transcripts | Verbatim text generated from audio | Generated by Gemini AI from recordings |
| Speaker profiles | Speaker identification labels linked to voice segments | Generated by AI diarisation |
| Behavioural analysis | Structured observations about communication patterns (e.g., speaking time, interruptions, question frequency) | Generated by AI analysis |
| Meeting metadata | Date, time, duration, platform, participant count | Collected automatically during recording |
| Usage data | Feature interactions, session data, error logs | Collected automatically |
Important: auraScribe does not perform emotion recognition as defined in EU AI Act Art. 3(39). A dedicated compliance agent rewrites any AI-generated emotion inferences into observable behavioural descriptions before output reaches you. See our AI Transparency page for details.
For detailed information about which of these data categories are shared with third-party processors, see Section 3: Third-Party Audio & AI Data Processing.
auraScribe uses third-party services to process your audio and generate analysis. No data is sent to any third party until you have provided explicit consent via the in-app consent dialog. This section describes exactly what data is shared, with whom, for what purpose, and how it is protected.
Google LLC, via the Gemini API (models: Gemini Flash and Gemini Pro). Data is transmitted to Google’s API endpoints over encrypted connections (TLS 1.2+).
Google processes auraScribe API data under their Data Processing Addendum, which includes Standard Contractual Clauses for international transfers. Google is certified under the EU-US Data Privacy Framework.
Under Google’s Gemini API Terms of Service for paid API usage, data sent via the API is not used to train Google’s models. Audio files and cached data are retained by Google only for the duration necessary to complete the requested processing and are not stored permanently by Google after the API call completes. Temporary data caches used for follow-up analysis are retained only for the duration of your active session, after which they are automatically deleted.
Spoke Technologies, via the Meeting BaaS API. The meeting bot joins the meeting on your behalf, records the audio, and transmits it to auraScribe’s servers for processing.
Meeting BaaS processes data under their service terms. Recorded audio is transmitted to auraScribe’s secure cloud storage (Google Cloud Storage) promptly after the meeting ends and is not retained by Spoke beyond the delivery period. Once delivered, the recording is stored in your personal, isolated storage path and is subject to the same protections described in this privacy policy.
Before any audio is processed or any data is sent to the third-party services described above, you must explicitly consent via an in-app dialog. This dialog:
Your consent is recorded in your account profile with a timestamp. You cannot use the app’s audio processing features without consenting. Consent is requested once and persisted — you are not re-prompted on every use.
If you create an auraScribe account and use the service, we process your data on the basis of contract performance (Art. 6(1)(b) GDPR) — the processing is necessary to provide the service you signed up for.
When our Meeting Bot joins a meeting, it may process the personal data of participants who are not auraScribe account holders.
We rely on legitimate interest (Art. 6(1)(f) GDPR) — both our own interest in providing the meeting analysis service to our users, and the meeting host’s interest in creating accurate meeting records, transcriptions, and obtaining communication insights. We balance these interests against participants’ rights through the following safeguards:
We log per-session usage metrics (API token counts, processing engine used, estimated processing cost, audio duration, and your user ID) to monitor service costs and detect anomalies. This data contains no audio, transcripts, or analysis content — only operational metadata. This processing is based on legitimate interest (Art. 6(1)(f)). Usage metrics are stored in Google Cloud Firestore (EU region: europe-west1).
The data controller (developer) may access usage metrics and user account data via the Google Cloud Console for service operation, troubleshooting, and support purposes. Access is protected by multi-factor authentication and Cloud Audit Logs.
For analytics, security, and service improvement, we rely on legitimate interest (Art. 6(1)(f)). For any processing not covered above, we will obtain your consent (Art. 6(1)(a)) before proceeding.
We process personal data for the following purposes:
For complete details about data shared with Google Gemini and Meeting BaaS, including what data is sent, why, and how it is protected, see Section 3.
We use the following sub-processors to deliver the service:
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Cloud Platform (GCP) | Audio storage (Cloud Storage), database (Firestore), hosting (Cloud Run) | EU (europe-west regions) | EU Standard Contractual Clauses; Google Cloud Data Processing Addendum |
| Google Gemini AI | Audio recordings, transcripts, speaker metadata, behavioural audio cues, user-provided context, and follow-up chat messages — for transcription, analysis, and behavioural observation generation | EU/US | Google Cloud Data Processing Addendum; EU SCCs |
| Meeting BaaS by Spoke | Meeting Bot deployment — joins meetings, captures audio | US | Data Processing Agreement; EU SCCs |
All sub-processors are bound by data processing agreements that require them to process data only on our instructions and implement appropriate security measures.
Your data is primarily stored and processed within the European Union (Google Cloud europe-west regions). Where data is transferred outside the EU/EEA (e.g., to US-based sub-processors), we rely on EU Standard Contractual Clauses (SCCs) as adopted by the European Commission, supplemented by technical measures including encryption in transit and at rest.
Under the GDPR, you have the following rights regarding your personal data:
| Right | GDPR Article | Description |
|---|---|---|
| Access | Art. 15 | Request a copy of all personal data we hold about you |
| Rectification | Art. 16 | Request correction of inaccurate data |
| Erasure | Art. 17 | Request deletion of your data (“right to be forgotten”) |
| Restriction | Art. 18 | Request that we limit how we process your data |
| Portability | Art. 20 | Receive your data in a structured, machine-readable format |
| Objection | Art. 21 | Object to processing based on legitimate interest |
| Complaint | Art. 77 | Lodge a complaint with a supervisory authority |
To exercise any of these rights, contact us at privacy@aurascribe.com. We will respond within 30 days.
Supervisory authority: If you are unsatisfied with our response, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) — www.cnil.fr — or your local supervisory authority.
We implement appropriate technical and organisational measures to protect your data, including:
No system is perfectly secure. If we become aware of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by GDPR Art. 33–34.
auraScribe is not intended for use by anyone under 16 years of age. We do not knowingly collect data from children. If you believe a child’s data has been processed through our service, contact us and we will delete it promptly.
We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. The “Last updated” date at the top reflects the most recent revision.
← Back to auraScribe