Privacy policy

Last updated: 2026-05-10

What we collect

When you place an order or contact us, we collect: your name, email, optional company name, the audio or video file you upload, and any project notes you provide. For paid orders, Stripe handles your card details — we never see card numbers.

How we use it

  • To process your transcription order and deliver the result.
  • To respond to your questions and send order status updates.
  • To produce invoices and tax records as required by US law.
  • To improve our service quality (in aggregate, never individual content).

We do not sell your data. We do not run advertising. Your audio is not used to train AI models.

How we store it

Files travel over HTTPS to a private Cloudflare R2 bucket. Access requires signed URLs that expire after the active project window. At-rest encryption is on by default. Personal information is stored in PostgreSQL with role-based access; only the team members working on your order can read it.

Retention

  • Audio files: 30 days after final delivery, then auto-deleted. Earlier deletion on written request.
  • Transcripts: 90 days for re-download access, then archived encrypted.
  • Order metadata: 7 years for tax and accounting purposes.
  • Email correspondence: 2 years.

Subprocessors

  • Cloudflare (R2 storage, CDN)
  • Stripe (payment processing)
  • SendGrid or similar (transactional email)
  • Hetzner (server hosting, EU data center)

We do not use Tilda, Wix, Squarespace, or other site-builders that would route your data through additional processors.

Your rights

You can ask us to:

  • Show you what we have on file about you (data access).
  • Correct inaccurate information.
  • Delete your data (subject to tax-record retention requirements).
  • Export your transcripts and order history.

Email hello@lessrec.com with the subject line "Data request" and we’ll respond within 30 days.

California, Virginia, Colorado privacy laws

If you live in California (CCPA/CPRA), Virginia (VCDPA), or Colorado (CPA), the rights above apply by law. We do not sell personal data, do not engage in targeted advertising, and do not profile users.

Cookies

We use a single first-party session cookie to keep you logged in if you have an account. No third-party advertising cookies, no tracking pixels. We use a privacy-first analytics snippet (PostHog Cloud, EU region) to count page views in aggregate.

NDAs

For sensitive work — legal evidence, medical records, IRB-protected research — we sign your NDA. Our entire transcription team works under a master NDA covering all client material. Sub-contracting outside the team requires your written consent.

Changes to this policy

Material changes are emailed to active customers. The "last updated" date at the top of this page reflects the most recent revision.

Contact

Questions about this policy: hello@lessrec.com