SenitePrivacy Policy

Privacy Policy

Last updated: July 2026

Who operates this service

Senite is an independent project, currently operated by an individual developer based in Germany, rather than a registered company. Throughout this policy, “we” and “us” refers to that operator, who is the data controller under the EU General Data Protection Regulation (GDPR) for the processing described here. Full legal identity and contact details are published in our Impressum. For any privacy question, the fastest way to reach us is support@senite.app.

Legal basis for processing (GDPR Art. 6)

  • Contract necessity — processing your uploaded audio, and generating transcripts/translations/summaries, is necessary to provide the service you requested.
  • Legitimate interest — technical/rate-limiting data, and the hashed signup-bonus record described below, are processed to keep the service secure and free of abuse (e.g. repeated bonus claims); this interest is balanced against your privacy and limited to what's needed for that purpose.
  • Consent — where a feature explicitly asks for your consent (e.g. optional processing steps), you can withdraw it at any time with future effect.

What we collect

  • Account data — the email address and profile info provided by your sign-in method.
  • Content you upload — audio/video files you submit for transcription, and the transcripts, translations, and summaries generated from them.
  • Live translation data — audio segments and text from real-time translation sessions you start.
  • Usage & billing data — credit balance, job history, and processing metadata (file duration, provider used, timestamps).
  • Technical data — request metadata used for abuse prevention (rate limiting, bot/App Check verification). This is not tied to a long-lived profile beyond what's needed to enforce limits.
  • Signup bonus record — a one-way cryptographic hash of your email (not the email itself), used only to prevent the same person from claiming the one-time signup credit bonus multiple times by deleting and recreating an account. See “How long we keep your data” below.

How we use it

Solely to operate the service you asked for: turning your uploaded audio into transcripts, translations, and summaries; tracking credit usage so billing is accurate; keeping the service secure and reasonably free of abuse; and troubleshooting when something breaks. We do not sell your data, and we do not use your uploaded content to train AI models we operate.

Third parties that process your data

Processing your files requires sending them to specialized service providers. Depending on which options are active for your job, that can include:

  • Authentication & database provider — handles sign-in and stores job records and account data.
  • Object storage provider — one storage backend is active at a time, used to store uploaded audio and generated results.
  • Speech-to-text providers — used to transcribe uploaded audio into text.
  • Language model provider — used for translation and summarization of transcripts, when you request those features.
  • Real-time translation provider — used for live-translation sessions.

We deliberately don't name these providers here, since the specific vendors and configuration are technical implementation details that can change without affecting how your data is handled. Each provider processes data under its own privacy terms and may be located outside your country. We only send the minimum data each provider needs to perform its function. If you'd like the current list of providers for a specific purpose (e.g. a data-portability request), email us and we'll provide it.

Some of these providers are based outside the EU/EEA, which means using them involves an international transfer of your data. Where that's the case, the transfer relies on the provider's Standard Contractual Clauses or an equivalent safeguard recognized under GDPR Chapter V.

Cookies and similar technologies

We only use cookies that are necessary to operate the service. We do not use cookies for advertising, cross-site tracking, or analytics profiling.

  • Session cookie (firebase_session) — keeps you signed in. Set when you log in, httpOnly (not readable by page scripts), and expires automatically after 14 days or when you sign out.
  • Language preference (senite_locale) — remembers the interface language you selected, so we don't reset it on every visit. Expires after 1 year.
  • Security / bot-protection (Google reCAPTCHA, via Firebase App Check) — set by Google when the app loads, used to distinguish real visitors from automated abuse before your requests reach our API. This is necessary to keep the service secure and isn't used by us for tracking. Google processes this as its own service; see Google's Privacy Policy for how it handles this data.
  • Cookie notice acknowledgement (voca_cookie_notice_ack) — records that you've dismissed the cookie notice banner, so it doesn't reappear on every page. Expires after 1 year.

Because every cookie above is necessary for the service to function, none require your consent under the German TTDSG or the EU ePrivacy rules — but we disclose them here for transparency. If we ever add optional cookies (e.g. analytics), we'll ask for your consent first and update this section.

How long we keep your data

Retention is configurable and enforced automatically by a background job. As of this page's last update, the active settings are:

  • Processed files are archived 30 days after processing, then permanently deleted 1 day after being archived.
  • Once a file is removed (by you, or by the archiving step above), it is permanently purged within 1 day.
  • Short-lived streaming copies of your audio, created only to hand a chunk to a speech-to-text provider, auto-expire within a couple of hours regardless of the settings above.
  • The hashed signup-bonus record described above is kept indefinitely for fraud prevention — it cannot be reversed back into your email address without the server-side secret key.

Once a file is permanently purged, it is gone from our servers — including the transcript, translation, and summary text, not just the downloadable PDF/TXT copies. We do not keep a separate backup for you to recover later. If you want to keep a transcript, translation, or summary long-term, download or copy it before it expires. Self-service export of your full account data isn't built yet (see “Your rights” below) — until it is, this is the only way to keep a copy.

These numbers reflect the live configuration and update automatically if the retention policy changes.

Deleting your account

You can permanently delete your account from Settings at any time. Doing so immediately and irreversibly:

  • Deletes outright — your account profile, sign-in credentials, folders, job step logs, live translation transcript segments, and every audio/result file you uploaded or that was generated for you in storage.
  • Anonymizes rather than deletes — your job and live-translation session records. We keep aggregate usage figures (processing time, provider used, token/credit counts, timestamps) because our internal cost and usage reporting is built from this data, but every identifying or content field — your file names, transcript text, translated text, error messages, and storage file paths — is stripped at the same time. What remains cannot be traced back to you once your account profile and sign-in credentials are gone.

There is no recovery grace period for the deletion itself; once you confirm, it cannot be undone.

Your rights

Under GDPR (and similar laws elsewhere), you have the right to:

  • Access — a copy of the personal data we hold about you.
  • Rectification — correction of inaccurate or incomplete data.
  • Erasure — deletion of your data. Self-service via Settings (see above); this immediately deletes your identity and content, and anonymizes the aggregate usage records we retain for reporting (see “Deleting your account” above).
  • Restriction — limit how we process your data in certain circumstances.
  • Objection — object to processing based on legitimate interest.
  • Portability — receive your data in a portable format.
  • Withdraw consent — at any time, where processing is based on consent, without affecting past processing.

To exercise any of these (other than self-service deletion), email support@senite.app and we'll handle it manually while self-service export is being built. You also have the right to lodge a complaint with a data protection supervisory authority — either in your country of residence, or in Germany, where the controller is based.

Security

All traffic to the service is encrypted in transit. Access to your account is protected by an industry-standard authentication provider, and API endpoints are protected against automated abuse with rate limiting and bot-detection checks. No method of transmission or storage is 100% secure, but we take reasonable, industry-standard steps to protect your data.

Children

This service is not directed at, and should not be used by, anyone under 16 years old.

Changes to this policy

If this policy changes materially, we'll update the “Last updated” date above. Continued use of the service after a change means you accept the updated policy.

Contact

Questions about this policy or your data: support@senite.app