🎉Instant Draft is Here! Get 75-mins of free AI transcription & Smart Insights. Secure and export-ready to NVivo & ATLAS.ti.
GDPR Statement
Qualtranscribe processes and stores all customer audio and transcripts exclusively in the EEA (Frankfurt, Germany), while using Standard Contractual Clauses (SCCs) to ensure GDPR-compliant data protection for US-based account management
Qualtranscribe is committed to protecting the privacy and personal data of our clients in full accordance with the General Data Protection Regulation (GDPR) (EU 2016/679). This statement outlines our practices regarding the collection, use, protection, and handling of personal data in the course of delivering transcription, translation, and related services.
Data Responsibility
Qualtranscribe acts as a data processor on behalf of its clients, who serve as data controllers. We ensure that all personal data processed through our services is handled lawfully, fairly, and transparently.
Types of Data Processed
We only collect personal data necessary to provide our services. This may include:
Audio and video files containing identifiable information
Written transcripts or translated materials
Contact information for billing and project management
Lawful Basis for Processing
We process personal data based on the following lawful bases:
With the client’s explicit instruction and consent
To fulfill contractual obligations and deliver transcription/translation services
To comply with legal obligations
On the basis of legitimate interests to ensure effective service delivery
Data Usage
Your data is used strictly for the purpose of providing transcription, translation, and related client communications. We do not share personal data with third parties for marketing or commercial purposes.
For standard human transcription orders, audio files and transcripts are never accessed by automated systems. For clients using our optional Instant Draft service, audio is processed by AssemblyAI's automated speech recognition system solely to generate the requested transcript. EU client audio is processed within AssemblyAI's EU infrastructure, ensuring data remains within the EEA. For clients using Smart Insights or AI Chat, transcript text is processed by Anthropic Claude via AWS Bedrock solely to generate the requested analysis. EU client data is processed within AWS Bedrock's EU infrastructure, ensuring data remains within the EEA. Neither AssemblyAI nor Anthropic uses submitted content for model training.
Data Security
We implement robust technical and organizational safeguards to protect personal data from unauthorized access, alteration, loss, or destruction. These include:
AES-256 encryption at rest and TLS 1.3 encryption in transit
Restricted access to project files
Transcription and translation staff bound by confidentiality and data processing agreements
Ongoing monitoring and system controls
EU client data is stored exclusively within the EEA in Wasabi's eu-central-2 region (Frankfurt, Germany). Data residency region is selected at account creation and does not change thereafter.
Data Retention
We retain your personal data only for as long as necessary to fulfill the requested service. Unless otherwise agreed, all files are securely deleted or anonymized within 30 days after project completion.
Subprocessors and Data Transfers
We engage the following trusted subprocessors to support our operations. All subprocessors are bound by contractual terms, required to process data only under our instructions, and maintain GDPR-compliant data protection standards
Subprocessor | Purpose | Data Location & Transfer Mechanism |
|---|---|---|
Wasabi Technologies | S3-compatible object storage | EEA Only (Frankfurt, Germany). Data remains within the EEA. |
AssemblyAI | AI transcription (Instant Draft) | EEA Only (EU Infrastructure). Files deleted upon completion; no model training. |
Anthropic via AWS Bedrock | Smart Insights and AI Chat | EEA Only (EU Infrastructure). No model training or content retention. |
Stripe | Payment processing | Global. Transfers governed by Standard Contractual Clauses (SCCs). |
Supabase | Database hosting | United States (US-East). Transfers are protected by Standard Contractual Clauses (SCCs). |
Resend | Transactional email | Global. Transfers governed by Standard Contractual Clauses (SCCs). |
Cloudflare | Bot protection and security | Global. Transfers governed by Standard Contractual Clauses (SCCs). |
Contracted transcriptionists | Human transcription and translation | Bound by signed Confidentiality and Data Processing Agreements. |
If personal data is transferred outside the European Economic Area, Standard Contractual Clauses or equivalent legal safeguards are in place for every transfer.
If personal data is transferred outside the European Economic Area (EEA), we ensure adequate protections such as Standard Contractual Clauses (SCCs) or equivalent legal safeguards are in place.
Data Subject Rights
As a data subject, you have the right to:
Access your personal data
Request rectification, deletion, or restriction of processing
Object to processing based on legitimate interests
Request data portability
Withdraw consent at any time
Requests can be submitted by contacting us at support@qualtranscribe.com.
Data Processing Agreements
A signed Data Processing Agreement (DPA) is available upon request for clients who require one. To request a DPA, contact us at support@qualtranscribe.com.
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, Qualtranscribe will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will notify affected clients without undue delay.
Effective Date: May 8, 2026
© 2026 Qualtranscribe LLC. Services Provided Globally