Privacy Policy

1. Introduction

Zero Point Studio d.o.o. ("we", "our", or "us") operates the Transcript API service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

3. Information We Collect

3.1 Personal Information

When you register for an account, we collect:

• Email address
• Name (optional)
• Password (stored as encrypted hash)
• Account preferences and settings

3.2 Usage Information

When you use our API, we automatically collect:

• IP addresses
• User agent information
• API endpoint requests
• Request parameters and query data
• YouTube video IDs you request transcripts for
• Response times and performance metrics
• API key usage and credit consumption
• Cache hit/miss information
• Error logs and debugging information

3.3 Payment Information

We process payments through Stripe. We store:

• Stripe customer ID
• Stripe subscription ID
• Stripe invoice ID
• Credit purchase and consumption records

Important: We do not store credit card numbers, CVV codes, or full payment card details. All payment card information is handled directly by Stripe, which is PCI DSS compliant.

3.4 Classification Data (Optional Feature)

For users with classification features enabled, we may collect and store semantic analysis data including content categories, keywords, and confidence scores derived from transcript content.

4. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve our API service
• Authentication: To verify your identity and manage your account
• Billing: To process payments and manage subscriptions
• Usage Monitoring: To track API usage, enforce rate limits, and manage credit consumption
• Performance Optimization: To analyze and improve API performance and reliability
• Security: To detect, prevent, and respond to fraud, abuse, and security incidents
• Communication: To send service updates, billing notifications, and account alerts
• Legal Compliance: To comply with legal obligations and enforce our terms
• Analytics: To understand usage patterns and improve our service

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to provide the API service you've subscribed to
• Legitimate Interests: Improving our service, preventing fraud, and ensuring security
• Legal Obligation: Complying with accounting, tax, and other legal requirements
• Consent: Marketing communications and optional features (where applicable)

6. Third-Party Services

We use the following third-party services that may process your data:

7. Cookies and Tracking Technologies

We use cookies for:

• Authentication: To keep you logged in and manage your session
• Analytics: To understand how users interact with our service (via PostHog)
• Preferences: To remember your settings and preferences

You can control cookies through your browser settings, but disabling cookies may affect service functionality.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Correct inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data
• Right to Restriction (Article 18): Limit how we use your data
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for optional processing activities
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

9. Data Retention

We retain your data for the following periods:

• Active accounts: For the duration of your account
• Closed accounts: Up to 2 years after account closure for legal and accounting purposes
• Usage logs: Up to 1 year for performance analysis and security
• Payment records: Up to 7 years for tax and accounting compliance
• Cached data: Temporary, typically 24-48 hours

After these periods, data is securely deleted or anonymized.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (HTTPS/TLS)
• Encrypted password storage using industry-standard hashing
• Regular security updates and monitoring
• Access controls and authentication
• Regular backups with encryption
• Security incident monitoring and response procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Our servers are located in Croatia (EU). However, some third-party services (such as Stripe) may transfer data outside the EU. These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the EU
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

12. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our service. Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us: