Privacy Policy

Last updated: March 30, 2026

This Privacy Policy describes how Recorda collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

1. Data Controller

The data controller is:

Recorda
Email: info@recorda.it

2. Data We Collect

We collect only the data necessary to provide the service:

• Account data: Full name, email address, and password. If you sign in with Google OAuth, we also receive the name and profile picture associated with your Google account.
• Transcripts and summaries: Text generated from your audio recordings, and AI-generated summaries.
• Recording metadata: Title, platform, duration, language, and selected options.
• User preferences: App settings, stored locally in your browser (localStorage) and never sent to our servers.

3. Data We Do NOT Collect

• Audio: Audio recordings are never stored on our servers. Audio is captured in the browser, streamed directly to the transcription service (AssemblyAI), and deleted from browser memory after processing.
• Payment data: We do not collect payment information.
• Profiling or marketing cookies: We do not use tracking, profiling, or marketing cookies.

4. Legal Basis for Processing

We process your data based on:

• Performance of a contract (Art. 6.1.b GDPR): To provide the meeting transcription and summary service.
• Legitimate interest (Art. 6.1.f GDPR): For aggregate, anonymous analysis to improve the service via Umami Analytics (which does not use cookies and does not collect personally identifiable data).

5. Sub-processors

We use the following third-party providers to deliver the service:

• Supabase Inc. (USA) — Database hosting, user authentication, server functions. Data is encrypted in transit (TLS) and at rest. Privacy policy
• AssemblyAI Inc. (USA) — Audio transcription with speaker recognition. Receives audio in real time, produces text transcripts, and does not retain audio after processing. Privacy policy
• OpenAI Inc. (USA) — Generation of summaries, titles, and email drafts from transcript text. Does not receive audio. Privacy policy
• Cloudflare Inc. (USA) — CDN and website hosting. Privacy policy
• Umami — Anonymous, cookieless website analytics. Does not collect personally identifiable data, IP addresses, or use cookies. Privacy policy

6. International Data Transfers

Some sub-processors are based in the United States. Data transfers to the US are carried out under the EU-US Data Privacy Framework or, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

• Account data: Retained until account deletion.
• Transcripts and summaries: Retained until deleted by the user or upon account closure.
• Audio: Never retained. Deleted from browser memory immediately after being sent to the transcription service.

You can request deletion of your data at any time by writing to info@recorda.it.

8. Your Rights

Under Articles 15-22 of the GDPR, you have the right to:

• Access: Obtain a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your personal data.
• Restriction: Restrict the processing of your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to the processing of your data.

To exercise your rights, write to info@recorda.it.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali — www.garanteprivacy.it).

9. Security

• All data is encrypted in transit via TLS/SSL.
• Database data is encrypted at rest.
• Audio is never stored on our servers.
• Each user can only access their own data through Row Level Security policies.

10. Children

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

11. Cookies

The site uses only technical cookies required for authentication (managed by Supabase Auth). We do not use profiling, marketing, or analytics cookies. For more details, see our Cookie Policy.

12. Changes

We may update this Privacy Policy. Changes will be posted on this page with an updated date.

13. Contact

For any questions regarding the processing of your data:

Email: info@recorda.it