Transcripts are sensitive: customer calls, voice memos, interviews, lectures. Here's exactly what happens to your audio when it passes through Whipscribe — short enough to read in a meeting, specific enough to forward to your security team.
Everything is hosted on our own servers at Vultr (EU + US regions). Speech-to-text runs on the same host family — no third-party AI vendor ever sees your audio. The transcription engine is self-hosted. The storage layer is either Vultr Object Storage (S3-compatible) or an encrypted disk volume, depending on tier.
We do not use OpenAI, Anthropic, Google Cloud Speech, AWS Transcribe, or any other hosted model for the transcription itself. When a user opts to forward a finished transcript to an LLM (e.g. "send to Claude"), that action is their own — we don't proxy it and we don't store the result.
| Artefact | Guest (anonymous) | Free | Paid |
|---|---|---|---|
| Uploaded audio | 3 days | 30 days | 365 days |
| Transcript (text) | 3 days (attached to the audio) | Kept in your personal vault until you delete | Kept in your personal vault until you delete |
| Job metadata | 3 days | 30 days | 365 days |
| Payment records | 7 years (statutory) | ||
Ask us to delete sooner at contact@neugence.ai — we honour deletion requests within 7 days.
Not our models, not anyone else's. Uploads, transcripts, and derived artefacts are used solely to deliver the service you asked for. We do not sell data, and we do not share it with advertisers or analytics brokers beyond aggregate product metrics.
We treat Whipscribe as a tool, not a library. You upload content, we transcribe it. That model depends on three things:
If you're recording a call, a lecture, or an event with other people in it, the law treats you as the party doing the recording. Whipscribe is the tool; you are responsible for obtaining consent from the other parties involved.
Twelve US states require all-party consent for recording audio (California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, Washington). The EU's GDPR requires a lawful basis plus notice. When in doubt, disclose that the call is being transcribed.
Coming soon: auto-generated consent disclosure you can paste into the chat of a meeting or live Space. See the roadmap below.
| Vendor | Purpose | Data they see |
|---|---|---|
| Vultr | Compute, object storage | Encrypted blobs + metadata |
| Firebase (Google) | Auth / sign-in | Email, OAuth profile |
| Razorpay | Payments | Name, billing email, amount |
| Cloudflare | DNS + edge | IP, request metadata |
| Plausible | Privacy-first analytics | No cookies, no PII — aggregate page views only |
| Item | Status | Notes |
|---|---|---|
| TLS 1.2+ / HSTS | Live | All traffic. |
| Data deletion on request | Live | Email contact@neugence.ai; 7-day SLA. |
| Per-upload rights attestation | Live | Blocking checkbox. |
| Regional storage (EU / US) | Live | Account region determines residency. |
| Consent-disclosure generator for meetings | Q2 2026 | One-click notice for live calls. |
| DPA (Data Processing Agreement) — Team / Enterprise | Q2 2026 | Available on request today for enterprise pilots. |
| SOC 2 Type II | Planned | Targeting 2027 once team-tier signups warrant it. |
| Customer-managed encryption keys | Planned | Enterprise ask; scoped for self-hosted tier. |
Found a security issue? Please send it to security@neugence.ai (GPG on request). We commit to:
Whipscribe is built by Neugence Technology Pvt. Ltd. See also the Privacy Policy and Terms of Service.