Privacy Policy

Last Updated: 2025-07-16

Table of Contents

1. INTRODUCTION

This Privacy Policy describes how Effectively ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use our AI-powered transcription service ("Service"). We are committed to protecting your privacy and handling your data responsibly.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Personal Information

Account Information:

  • Email address (required for account creation)
  • Name and profile information (when provided via OAuth)
  • Profile picture (when provided via OAuth)
  • Authentication tokens and session data

Usage Information:

  • IP address and location data
  • Device information (browser type, operating system, device identifiers)
  • Service usage patterns and preferences
  • Timestamps of account activities

2.2 Content Information

Submitted Content:

  • YouTube URLs and video metadata
  • Audio files (processed temporarily and deleted)
  • Transcription results and processed text
  • User-generated summaries and notes

Processing Data:

  • Job status and processing history
  • Error logs and debugging information
  • Performance metrics and analytics

2.3 Technical Information

System Data:

  • Log files and server access records
  • Performance monitoring data
  • Security and fraud detection information
  • API usage statistics

3. HOW WE COLLECT INFORMATION

3.1 Direct Collection

  • Information you provide when creating an account
  • Content you submit for transcription
  • Communications with our support team
  • Feedback and survey responses

3.2 Automatic Collection

  • Technical data through cookies and similar technologies
  • Usage analytics through service interactions
  • Security monitoring and fraud detection systems
  • Performance metrics and error tracking

3.3 Third-Party Collection

  • OAuth authentication data from Google
  • Public metadata from YouTube videos
  • Payment information from payment processors
  • Analytics data from integrated services

4. HOW WE USE YOUR INFORMATION

4.1 Service Provision

  • Process and transcribe submitted content
  • Provide AI-powered text analysis and summaries
  • Manage user accounts and authentication
  • Deliver customer support and technical assistance

4.2 Service Improvement

  • Analyze usage patterns to improve features
  • Monitor system performance and reliability
  • Conduct research and development
  • Optimize user experience and interface

4.3 Communication

  • Send service-related notifications
  • Provide account updates and security alerts
  • Respond to inquiries and support requests
  • Share important policy changes

4.4 Legal and Security

  • Comply with legal obligations and regulations
  • Protect against fraud and security threats
  • Enforce our Terms of Service
  • Respond to legal requests and court orders

4.5 AI Processing Details

  • Text analysis is performed using OpenAI's commercial API services
  • Your transcribed text may be processed by OpenAI's systems for analysis
  • OpenAI has committed to not using API data for model training
  • Processing occurs according to OpenAI's current data usage policies
  • AI analysis results may vary and should be verified for critical applications

4.6 Automated Decision-Making

  • We do not use automated decision-making that produces legal effects
  • AI processing is used for content analysis but not for user profiling
  • All account decisions involve human review

4.7 Marketing Communications

  • We only send marketing emails with explicit opt-in consent
  • You can unsubscribe anytime via link in emails
  • Service notifications are sent regardless of marketing preferences
  • We never sell or share your email for third-party marketing

6. DATA SHARING AND DISCLOSURE

6.1 Third-Party Service Providers

AWS (Amazon Web Services):

  • Infrastructure hosting and cloud services
  • Data storage and processing
  • Security and monitoring services
  • Geographic location: EU regions (Ireland)

AI Text Processing Services:

  • AI-powered text processing and analysis
  • Summary generation and key point extraction
  • Content enhancement services
  • Data is processed according to third-party AI service providers' usage policies

Google Services:

  • OAuth authentication and user verification
  • Analytics and performance monitoring
  • Profile information and authentication tokens

Payment Processors:

  • Payment processing and billing services
  • Fraud detection and prevention
  • Transaction history and records
  • Financial compliance and reporting

6.2 Legal Disclosure

We may disclose your information when:

  • Required by law or legal process
  • Necessary to protect our rights or property
  • To prevent fraud or security threats
  • With your explicit consent
  • In connection with business transactions

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

6.4 Legal Compliance Data

In case of legal challenges or investigations:

  • We may be required to preserve certain user data
  • Processing logs may be retained for legal defense
  • User submission patterns may be analyzed for compliance
  • Law enforcement requests will be handled according to applicable law

7. DATA RETENTION

7.1 Account Data

  • Active accounts: Retained while account remains active
  • Inactive accounts: Deleted after 24 months of inactivity
  • Deleted accounts: Permanently removed within 30 days

7.2 Content Data

  • Transcription results: Retained until user deletion
  • Audio files: Processed and immediately deleted
  • Processing logs: Retained for 90 days
  • Backup data: Retained for 30 days

7.3 Legal Retention

  • Legal compliance data: Retained as required by law
  • Financial records: Retained for 7 years
  • Security logs: Retained for 12 months
  • Support communications: Retained for 3 years

8. DATA SECURITY

8.1 Technical Safeguards

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security audits and assessments
  • Intrusion detection and monitoring

8.2 Administrative Safeguards

  • Employee training and access controls
  • Data handling policies and procedures
  • Regular security reviews and updates
  • Incident response and breach protocols

8.3 Physical Safeguards

  • Secure data centers and facilities
  • Environmental controls and monitoring
  • Access restrictions and visitor controls
  • Equipment disposal and destruction

9. YOUR PRIVACY RIGHTS

9.1 Access and Control

  • View and download your personal data
  • Update and correct inaccurate information
  • Delete your account and associated data
  • Export your transcription results

9.2 GDPR Rights (EU Residents)

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Export your data in machine-readable format
  • Right to Object: Opt out of certain processing activities
  • Right to Withdraw Consent: Revoke consent for specific processing

9.3 CCPA Rights (California Residents)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of sale of personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

9.4 Exercising Your Rights

To exercise your privacy rights:

  • Email us at: privacy@effectively.cloud
  • Use the account settings in your dashboard
  • Contact our support team
  • Response time: 30 days maximum

10. COOKIES AND TRACKING

10.1 Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Service functionality and performance
  • User preferences and settings

10.2 Analytics Cookies

  • Usage statistics and performance metrics
  • Service improvement and optimization
  • Error tracking and debugging
  • A/B testing and feature validation

10.3 Cookie Management

  • Browser settings and controls
  • Opt-out options and preferences
  • Third-party cookie policies
  • Regular cookie audits and updates

10.4 Cookie Details

Essential Cookies:

  • Session ID: Maintains your login session (expires on logout)
  • Security tokens: Prevents CSRF attacks (session duration)
  • Preferences: Stores your settings (1 year)

Analytics Cookies (with consent):

  • Google Analytics: Usage patterns (_ga, _gid)
  • Performance monitoring: Page load times
  • Feature usage: Helps us improve services

10.5 Cookie Consent

  • We request consent before setting non-essential cookies
  • You can withdraw consent at any time in account settings
  • Essential cookies cannot be disabled while using the service

11. INTERNATIONAL DATA TRANSFERS

11.1 Data Processing Locations

  • Primary servers: AWS EU regions (Ireland)
  • Data is processed and stored within the European Union
  • No routine transfers of personal data outside the EEA
  • AWS acts as our data processor under a Data Processing Agreement (DPA)
  • EU data residency ensures compliance with European privacy regulations

11.2 Limited Third-Party Processing

Some third-party services may process data outside the EU:

  • Analytics and monitoring services
  • Payment processors (may use global infrastructure)
  • Such transfers are limited, necessary for service provision, and protected by appropriate safeguards
  • Text data is sent to OpenAI's API for AI analysis
  • OpenAI may process data on US-based servers
  • Transfer mechanism: OpenAI's Data Processing Agreement and SCCs
  • OpenAI commits to not training on API data
  • Processing is necessary for our AI features

11.3 Transfer Safeguards

When data is transferred outside the EU:

  • Standard Contractual Clauses (SCCs) are implemented
  • Data Processing Agreements (DPAs) with all processors
  • Regular compliance audits and assessments
  • Additional security measures for non-EU processing

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

  • Service is not intended for users under 13
  • Parental consent required for users 13-16 (where applicable)
  • Age verification procedures
  • Special protections for minors

12.2 Child Data Protection

  • Limited data collection for minors
  • Enhanced security and privacy protections
  • Parental rights and controls
  • Immediate deletion upon discovery of underage use

13. PRIVACY BY DESIGN

13.1 Data Minimization

  • Collect only necessary information
  • Limit processing to stated purposes
  • Regular data audits and cleanup
  • Automatic deletion procedures

13.2 Transparency

  • Clear privacy notices and policies
  • Regular policy updates and notifications
  • User-friendly privacy controls
  • Open communication about data practices

13.3 User Control

  • Granular privacy settings
  • Easy opt-out mechanisms
  • Data export and deletion tools
  • Regular privacy preference reviews

13.4 Legal Risk Mitigation

To minimize legal exposure:

  • We collect minimal data necessary for service provision
  • Processing logs are automatically deleted after short retention periods
  • Content sources and processing methods are not disclosed to third parties

14. UPDATES TO THIS POLICY

14.1 Policy Changes

  • We may update this Privacy Policy periodically
  • Material changes will be notified via email or service notification
  • Updated policy will be posted on our website
  • Continued use constitutes acceptance of changes

14.2 Change History

  • Version tracking and change logs
  • Archive of previous policy versions
  • Summary of material changes
  • Effective dates for policy updates

14.3 Emergency Data Procedures

In case of legal challenges:

  • We may immediately cease data collection for specific features
  • Existing data may be preserved pending legal resolution
  • Users will be notified of any emergency data handling changes
  • Data export options will remain available where legally permissible

15. CONTACT INFORMATION

15.1 Privacy Officer

For privacy-related questions or concerns:

  • Email: privacy@effectively.cloud
  • Response time: 72 hours for acknowledgment
  • Resolution time: 30 days maximum

15.2 Data Protection Authorities

We are subject to supervision by:

  • Lead Authority: UODO (Poland) - uodo.gov.pl
  • EU residents may also contact their local DPA
  • UK residents: Information Commissioner's Office (ICO)
  • For other regions, contact us for relevant authority information

15.3 General Contact

  • Support: support@effectively.cloud
  • Legal: legal@effectively.cloud
  • Business: business@effectively.cloud

16. DATA BREACH PROCEDURES

16.1 Breach Response

In the event of a personal data breach:

  • We will notify UODO within 72 hours of awareness
  • Affected users will be notified without undue delay if high risk
  • We maintain breach logs and impact assessments
  • Remediation measures will be implemented immediately

Data Controller Information

  • Service: Effectively
  • Operated by: Individual Service Provider
  • Status: Individual Service Provider (Sole Proprietor)
  • Jurisdiction: Poland
  • Contact: support@effectively.cloud

This Privacy Policy is effective as of the last updated date and applies to all users of the Effectively service.

Privacy Policy - Effectively