Privacy Policy

Last updated: 22 October 2025

1. Introduction

This Privacy Policy explains how Shout ("we," "us," or "our"), a sole trader business operating in the United Kingdom, collects, uses, and protects your personal information when you use our dictation application and related services (the "Service").

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Email Address: Required for account creation, authentication, and service communications

2.2 Audio Data

We process your audio recordings solely for transcription purposes. Audio data is processed in real-time and is not stored on our systems. The audio is transmitted to our transcription service providers and immediately discarded after processing.

2.3 Transcription Data

Text transcriptions are retained only for the brief period necessary to complete processing and deliver results to you (typically seconds). This data is then automatically deleted.

2.4 Usage Analytics

We collect anonymised usage analytics including:

  • Feature usage patterns
  • Performance metrics
  • Error logs (without personal content)
  • Session duration and frequency

2.5 Cookies and Website Data

Our website may use cookies and similar technologies for authentication, preferences, and analytics. You can control cookie settings through your browser.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide the dictation and transcription services you've subscribed to
  • Legitimate Interest: For service improvement, security, and analytics
  • Consent: Where specifically requested for marketing communications (opt-in only)

4. How We Use Your Information

We use your information to:

  • Provide transcription and AI text transformation services
  • Manage your account and subscription
  • Process payments and provide customer support
  • Improve our services through anonymised analytics
  • Send important service notifications and updates
  • Comply with legal obligations

5. Third-Party Service Providers

We work with trusted third-party providers to deliver our services. Your data may be processed by:

  • Supabase: Database and authentication services
  • Deepgram: Audio transcription processing
  • OpenAI, Anthropic, Google: AI text transformation services

All third-party providers are carefully selected and bound by appropriate data protection agreements. They process data only as necessary to provide their specific services.

6. Data Retention

We retain data for the following periods:

  • Audio Data: Not stored - processed and immediately discarded
  • Transcription Data: Retained for seconds only during processing
  • Account Information: Retained while your account is active
  • Usage Analytics: Retained for up to 2 years in anonymised form

When you delete your account, we will delete your personal information within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Secure data processing with trusted providers

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond within one month.

9. International Data Transfers

Some of our third-party providers may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

10. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The updated policy will be effective when posted.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

[email protected]

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately.

13. Data Controller

The data controller for your personal information is Shout, a sole trader business operating in the United Kingdom.