Privacy Policy Media2Text by Babay

GENERAL PROVISIONS

This "Privacy Policy" describes how the Media2Text application (hereinafter the "Service") collects, uses and protects information about users (hereinafter "You").

By using Media2Text, you agree to the processing of data. We comply with the GDPR (EU) and Law No. 94 of the Republic of Kazakhstan.

1. DATA COLLECTION AND USE

We collect the minimum amount of data necessary solely to provide the Service and improve the quality of services. We do not sell or transfer the data we collect to anyone. We do not train AI on your data.

1.1. Audio/Video files

Purpose: Automatic transcription of user media files (video or audio) into text.

Retention period: Uploaded media files are deleted immediately when the session ends (closing or forcibly refreshing the application page), or when a new file is uploaded by the user, or automatically as part of routine system cleanups (every 6 hours). In abnormal cases (connection loss, etc.) deletion is performed by the automatic cleanup every 6 hours.

Your files are processed on servers physically located in Germany (EU).

Note: We do not view, read, copy or transfer user files or their contents, and we delete them when the user's session ends.

1.2. Transcription results – transcribed texts

Purpose: To provide the user with the transcription results.

Retention period: Transcript files and the transcribed text displayed in the interface are deleted immediately when the session ends (closing or forcibly refreshing the application page), or when a new file is uploaded by the user, or automatically as part of routine system cleanups (every 6 hours).

Note: We do not view, read, copy or transfer the transcription results of user media files, and we delete them once the transcription session ends.

1.3. User email addresses (Google OAuth and Google One Tap)

Legal basis: performance of a contract (Article 6(1)(b) GDPR) — Article 6(1)(b) GDPR.

When you authorize via Google, the Service receives from Google only the user's email address and a technical account identifier needed for proper authentication. Other Google profile data (contacts, files, activity history and other information) is not requested or processed.

Purpose:

• Authentication via Google OAuth or Google One Tap to identify the user, provide services within the selected plan, and monitor usage within that plan;
• Communication between the user and the application: receiving user complaints, suggestions, requests and questions and providing targeted responses and reports on the execution of requests.

Retention period:

• Email addresses for paid subscription plans are stored for the duration of the paid plan (30 calendar days – the standard term for the "Standard" and "Pro" paid plans, or until the balance is exhausted for the "Freedom" prepaid plan) plus 15 calendar days after the plan expires;
• Email addresses for authorized users on the free plan are stored for no more than 48 hours from the first authorization.

Note: Email addresses are stored by the Service only for the specified periods, after which they are permanently deleted from the system and databases of the Service and are not preserved in backups for further use.

1.4. Anonymous metadata (media file size, format, transcription time, date)

Purpose: Collection is carried out for statistical accounting of overall service performance and monitoring of functionality – its stability, efficiency, quality of work with different file types and sizes, and identification of peak load periods. Metadata is anonymous, collected in aggregate form and does not contain email addresses, names or other data that could lead to user identification.

Retention period: We store the anonymous metadata collected from a specific session for 12 months from the time of collection, after which the data is removed from the service.

Note: We collect only statistical and general data about the application's operation without linking it to user data.

1.5. Cookies and similar technologies

Purpose: To ensure the operation of the service and user authentication.

Technologies used:

• Cookies: may be used by the browser to maintain the session and ensure the correct operation of the interface;
• JWT tokens: for secure authentication via Google OAuth;
• Local storage: for temporary storage of interface settings. Retention: JWT tokens are valid for 1 hour. Data in local storage remains until deleted by the user or the browser is cleared.

Note: You may disable cookies in your browser settings, but this may limit the functionality of the Service. JWT tokens are required for authentication and expire automatically (after up to 1 hour).

2. DATA DISCLOSURE

We do not sell or transfer media files or transcription texts to third parties. Data is processed on the technical infrastructure of the Service (Hetzner Online GmbH) and by the Google authorization provider (upon sign-in). Data obtained through Google authorization is used solely for user authentication and is not used for advertising, profiling or other purposes.

The software component of the application is hosted on secure servers (Hetzner Online GmbH, Germany, EU). You can review the Hetzner Online GmbH privacy policy at https://www.hetzner.com/legal/privacy-policy/. AI model: a fine-tuned OpenAI Whisper model (MIT License) is used for transcription – the model runs locally on Hetzner Online GmbH servers. No data is transferred to OpenAI.

3. CONSENT TO DATA PROCESSING

By clicking the “Start”/“Sign in with Google” button, you voluntarily and explicitly consent to the processing of your data to the extent and under the conditions of this “Media2Text Privacy Policy” (GDPR Art. 7, Law of the Republic of Kazakhstan No. 94 Art. 11).

You have the right to withdraw your consent at any time. You can do this:

• By clicking the “Delete My Data” button and logging out of the Service – your data will be deleted in accordance with this Policy;
• By declining further use of the Service (data will be deleted automatically in accordance with section 1.3 of this document. Anonymous data will be deleted at the times specified in section 1.4);
• By sending a data deletion request to support@media2text.me – we will delete your data within 24 hours.

4. CHILDREN’S DATA

The Service is not intended for users under the age of 16. We do not provide services to children and do not collect information about them.

5. YOUR RIGHTS

Your rights are protected in accordance with the standards, provisions and principles of the GDPR (General Data Protection Regulation) of the European Union and the Law of the Republic of Kazakhstan “On Personal Data and Their Protection” No. 94-V (as amended through 16 September 2025).

Under applicable law you have the right to:

• Request a copy of your personal data – we will provide a statement associated with your email address with information about the data being processed;
• Request the deletion of your data (to do so, send an email to support@media2text.me with the subject “Delete Data”) – we will delete your data and provide you with a report;
• Withdraw your consent to data processing – you cease using the Service (data will be deleted automatically in accordance with section 1.3 of this “Media2Text Privacy Policy”);
• File a complaint with a supervisory or other competent authority: the Data Protection Authority (DPA), the Ministry of Artificial Intelligence and Digital Development of the Republic of Kazakhstan;
• Request the correction of inaccurate or outdated data;
• Request restriction of processing of your data in cases provided by law;
• Receive your data in a structured format, if applicable;
• Object to the processing of your data in cases provided by law.

Note: We undertake to respond to your request sent to support@media2text.me within one month.

6. INTERNATIONAL DATA TRANSFER

All email data of users authorized in the application is processed and stored in accordance with this “Media2Text Privacy Policy” on servers located in Germany (European Union), ensuring a level of data protection in line with GDPR requirements.

7. DATA SECURITY

We implement technical and organizational measures to protect your data (GDPR Art. 32, Law of the Republic of Kazakhstan No. 94 Art. 15). We use the following safeguards:

• Encryption: all data is transmitted via HTTPS using TLS 1.3;
• Storage: isolation on Hetzner servers (Germany, GDPR-compliant);
• Access: limited to only the necessary personnel;
• Deletion: temporary files are deleted automatically – at the end of user sessions, as part of routine system cleanups (every 6 hours), and after the retention periods stated in this Privacy Policy;
• Monitoring: regular audits and software updates.

Note: In the event of a security breach (GDPR Art. 33), we will notify the supervisory authority within 72 hours of discovery. The user will be notified without undue delay if the breach could affect their rights.

8. TRANSCRIPTION ACCURACY

— The Service provides transcription of media files using artificial intelligence technology;

— Transcription accuracy depends on the quality of the source material: with clear speech and no noise or interference it can be 91–96%;

— Accuracy is influenced by objective factors: background noises, accents, and technical characteristics of the recording;

— We recommend checking transcription results before using them for professional purposes;

— If you have questions about service quality, please contact technical support.

9. POLICY UPDATES

We will notify you of any changes to this “Media2Text Privacy Policy” by publishing these changes in the application and on the application’s website at Media2Text.me at least 30 calendar days before the changes take effect.

10. CONTACTS

For all questions related to this Privacy Policy and your personal data, you can contact us:

• Contact email for correspondence regarding the application: support@media2text.me;
• Official requests (including personal data requests): support@media2text.me (please include “Legal Inquiry” in the subject line);
• Contact for urgent informal questions about the application: https://www.facebook.com/Media2Text.

Note: Official requests for personal data are processed exclusively via email. Facebook messages are not considered official channels for requests under the GDPR.

References to legal acts of the EU and the Republic of Kazakhstan

European Union (GDPR):

• Article 6(1)(b) GDPR (legal basis) — gdpr-info.eu/art-6-gdpr/;
• Article 7 GDPR (consent) — gdpr-info.eu/art-7-gdpr/;
• Article 32 GDPR (security) — gdpr-info.eu/art-32-gdpr/;
• Article 33 GDPR (notification of breaches) — gdpr-info.eu/art-33-gdpr/;

Republic of Kazakhstan:

• Article 11 Law of the Republic of Kazakhstan No. 94 (consent of the data subject) — adilet.zan.kz/rus/docs/Z1300000094#z7763;
• Article 15 Law of the Republic of Kazakhstan No. 94 (data protection) — adilet.zan.kz/rus/docs/Z1300000094#z7767.