Privacy Policy
1. Introduction
Welcome to Scribano ("we," "us," or "our"). This Privacy Policy explains how Agroware Inc. (doing business as Scribano), located at 55 Livingston Rd, Suite 601, Scarborough, ON M1E 1K9, Canada, collects, uses, shares, and protects your personal information when you use our AI-powered meeting transcription and minutes service.
By using Scribano, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address (via Google OAuth)
- Profile Information: Optional company name, phone number
- Audio Recordings: Meeting audio files you upload or record within the app
- Meeting Metadata: Titles, notes, client names, project names, tags, and other organizational data
- Payment Information: Processed securely through Stripe (we do not store your credit card details)
2.2 Information Collected Automatically
- Usage Data: Features used, session duration, frequency of use
- Device Information: Device type, operating system, browser type, IP address
- Location Data: General location (country/region) based on IP address (not precise geolocation)
- Log Data: Error logs, crash reports (via Sentry for debugging)
2.3 Information from Third Parties
- Google OAuth: We receive your name, email, and profile picture from Google when you sign in
- Payment Provider: Stripe provides payment status updates (successful/failed transactions)
3. How We Use Your Information
We use your information to:
- Provide the Service: Transcribe audio, generate AI summaries, organize meetings
- Process Payments: Manage subscriptions and billing through Stripe
- Improve Our Service: Analyze usage patterns, fix bugs, develop new features
- Communicate with You: Send service notifications, billing updates, and support responses
- Ensure Security: Detect fraud, prevent abuse, and protect user accounts
- Legal Compliance: Comply with applicable laws and regulations
4. How We Share Your Information
We do NOT sell, rent, or trade your personal information. We share data only in these limited circumstances:
4.1 Service Providers
We use trusted third-party services to operate Scribano:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google Cloud Platform | Hosting, storage, database | Audio files, metadata, usage logs | Google Cloud Privacy |
| Deepgram | Audio transcription | Audio files (ephemeral processing) | Deepgram Privacy |
| OpenRouter | AI summaries (via Gemini) | Transcript text (no audio) | OpenRouter Privacy |
| Stripe | Payment processing | Name, email, payment methods | Stripe Privacy |
| Sentry | Error tracking | Anonymized crash logs | Sentry Privacy |
| Microsoft Clarity | Heatmaps and session recordings (product improvement) | Anonymized interaction data; form input masked by default; 30-day retention; honors Consent Mode v2 | Microsoft Privacy Statement |
4.2 Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or to protect our rights, safety, or property.
4.3 Business Transfers
If Scribano is acquired, merged, or undergoes a business restructuring, your information may be transferred to the new entity. We will notify you via email if this occurs.
5. Your Content and AI Training
5.1 You Own Your Content
- Audio Recordings: You retain full ownership of all audio files you upload.
- Transcripts and Summaries: You own all transcriptions and AI-generated content.
- Metadata: Client names, project names, and notes belong to you.
5.2 We Do NOT Train AI Models on Your Data
- Your recordings and transcripts are NOT used to train our AI models or any third-party models.
- Deepgram and OpenRouter process your data only to provide transcription and summarization services.
- We do not share your content with AI companies for model improvement.
6. Data Retention
- Active Accounts: We retain your data for as long as your account is active.
- After Account Deletion: Your data is permanently deleted within 30 days, except where required by law (e.g., tax records retained for 7 years).
- Backups: Deleted data may persist in encrypted backups for up to 30 days for disaster recovery purposes.
7. Data Security
We implement industry-standard security measures:
- Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
- Access Controls: Strict employee access policies (need-to-know basis).
- Infrastructure: Hosted on Google Cloud Platform with SOC 2 Type II compliance.
- Monitoring: Real-time security monitoring and automated threat detection.
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Your Privacy Rights
8.1 Access and Portability (All Users)
- Access: Request a copy of your personal data.
- Portability: Export your recordings, transcripts, and metadata in standard formats (JSON, CSV).
8.2 Correction and Deletion (All Users)
- Correction: Update inaccurate or incomplete information via account settings.
- Deletion: Permanently delete your account and all associated data.
8.3 GDPR Rights (EU/UK Users)
If you are located in the European Union or United Kingdom, you have additional rights:
- Right to Rectification: Correct inaccurate data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data.
- Right to Restrict Processing: Limit how we use your data.
- Right to Object: Object to certain types of processing (e.g., direct marketing).
- Right to Data Portability: Receive your data in a machine-readable format.
- Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing).
8.4 CCPA Rights (California Users)
If you are a California resident, you have:
- Right to Know: What personal information we collect and how it's used.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out of Sale: We do NOT sell personal information, so this is not applicable.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
8.5 PIPEDA Rights (Canadian Users)
Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA):
- Right to Access: Request a copy of your personal information.
- Right to Correction: Update inaccurate information.
- Right to Challenge Compliance: File a complaint with the Privacy Commissioner of Canada if you believe we violated PIPEDA.
8.6 How to Exercise Your Rights
To exercise any of these rights, email us at: hello@scribano.app
We will respond within:
- GDPR: 30 days (extendable to 60 days for complex requests)
- CCPA: 45 days (extendable to 90 days)
- PIPEDA: 30 days
9. Children's Privacy
Scribano is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 18, we will delete it immediately.
If you believe a child has provided us with personal information, please contact us at: hello@scribano.app
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including:
- United States: Google Cloud Platform data centers (us-central1 region in Iowa)
- Other Regions: Backup servers may be located in other GCP regions
We ensure that such transfers comply with applicable data protection laws, including:
- GDPR: Standard Contractual Clauses (SCCs) and adequacy decisions
- Privacy Shield: For US-EU transfers (where applicable)
11. Cookies and Tracking Technologies
11.1 Essential Cookies
We use cookies and similar technologies for:
- Authentication: Keep you logged in (JWT tokens)
- Preferences: Remember your settings (language, theme)
- Security: Prevent fraud and abuse
11.2 Analytics
We may use analytics services (e.g., Google Analytics) to understand how users interact with Scribano. These services may use cookies to collect anonymized data.
11.3 Your Choices
Most browsers allow you to control cookies through settings. However, disabling essential cookies may impair your ability to use Scribano.
12. Third-Party Links
Scribano may contain links to third-party websites or services (e.g., Stripe payment pages, Google Sign-In). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- Notification: We will notify you via email and/or an in-app notification.
- Effective Date: Changes take effect 30 days after notification, unless required sooner by law.
- Continued Use: Your continued use of Scribano after changes take effect constitutes acceptance of the updated policy.
You can review the current Privacy Policy at any time in the app under Settings → Privacy Policy or at scribano.app/privacy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: hello@scribano.app
Mailing Address:
Agroware Inc. (dba Scribano)
55 Livingston Rd, Suite 601
Scarborough, ON M1E 1K9
Canada
Data Protection Officer: hello@scribano.app
For EU users, you may also contact your local data protection authority if you have concerns about how we handle your data.
15. Governing Law
This Privacy Policy is governed by the laws of:
- Ontario, Canada (primary jurisdiction)
- Applicable international data protection laws (GDPR, CCPA, PIPEDA) where relevant
Thank you for trusting Scribano with your meeting data. Your privacy is our priority.
Last Updated: March 20, 2026 · Version: 1.0