Privacy Policy
This Privacy Policy explains how TurboVoice collects, uses, discloses, stores, and protects personal data across its speech-to-text translation features and its document translation service delivered through Google Chat app workflows.
What we store
Account details, billing records, usage logs, uploaded audio/video/document content, and output files generated for you.
How we use it
To provide transcription, translation, billing, support, fraud prevention, and security monitoring.
Where data lives
We store customer data on EU-based servers and infrastructure.
1. Controller and scope
This Privacy Policy applies to our websites, applications, support channels, billing flows, and the document translation service implemented as a Google Chat app. For the purposes of applicable data protection laws, TurboVoice acts as a data controller for the personal data we collect for our own business purposes, and as a data processor where we process customer content on behalf of our business customers.
By using our services, you acknowledge that you have read this Privacy Policy and understand how your data is handled. If you do not agree with this Policy, please do not use the services.
2. Personal data we collect
The categories of data we may collect depend on how you use the service:
| Category | Examples | Source |
|---|---|---|
| Account and profile data | Name, email address, login credentials, and account settings. | Provided by you or your organization. |
| Billing and transaction data | Purchase history, invoice details, payment status, and refund-related records. | Provided by you and our payment providers. |
| Customer content | Audio files, video files, documents, and translation outputs. | Uploaded or submitted by you. |
| Usage and device data | IP address, feature usage, and diagnostic information. | Collected automatically. |
| Support communications | Requests sent to support, feedback, bug reports, and correspondence with our team. | Provided by you. |
| Google Chat app data | File references, workspace metadata, and app interaction events necessary to provide document translation inside Google Chat. | Provided by you, your workspace, and Google-enabled interactions. |
3. How we use personal data
- To provide speech-to-text transcription, translation, subtitle generation, and document translation services.
- To create and manage user accounts, authentication, billing, invoicing, and payment processing.
- To display job status, manage file uploads, deliver output files, and maintain service history.
- To provide customer support, troubleshoot errors, and improve reliability and performance.
- To detect abuse, fraud, unauthorized access, spam, and security incidents.
- To comply with legal obligations, enforce our terms, and protect our rights and users.
We do not use customer audio, video, documents, transcripts, or translations to train, fine-tune, or improve our models.
4. Legal basis for processing under GDPR
Where the GDPR applies, we rely on one or more of the following legal bases:
- Contract: to provide the services you request and perform our obligations to you.
- Legitimate interests: to secure the platform, prevent fraud, improve service quality, and maintain business operations, provided those interests are not overridden by your rights.
- Consent: where we ask for your consent, such as certain cookies, marketing emails, or optional features.
- Legal obligation: to comply with tax, accounting, regulatory, or lawful request requirements.
For business customers, we may also process customer content as a processor acting on documented instructions from the controller.
5. Sharing and processors
We do not sell your personal data. We may share limited data with trusted service providers that help us operate the service, such as payment processing, email delivery, monitoring, and customer support providers.
These providers act as processors or sub-processors and are only permitted to use data as necessary to provide their services to us. We use contractual and technical safeguards designed to protect customer content and personal data.
- Cloud infrastructure and storage services.
- Payment processors and billing platforms.
- Email and communication service providers.
- Security, logging, and analytics tools.
- Google services used for the Google Chat app workflow.
6. International data transfers
We aim to store and process customer data on EU-based services and infrastructure. Where personal data must be transferred outside the European Economic Area, we use appropriate safeguards where required, such as Standard Contractual Clauses or another valid transfer mechanism recognized by applicable law.
Even when a service provider has an international footprint, we configure our systems and contractual framework to support GDPR-compliant processing wherever possible.
7. Retention and deletion
Uploaded files, generated transcripts, translated documents, and related processing artifacts are automatically deleted after 30 days from upload or creation, unless a longer retention period is required by law, needed for billing/dispute handling, or separately agreed in writing for enterprise customers.
Account information, billing records, and support communications may be retained for as long as necessary to operate the account, meet legal obligations, resolve disputes, and enforce agreements. Logs and technical records are retained only for a limited period consistent with security and operational needs.
Automatic deletion after 30 days is part of our standard privacy and data-minimization practice for customer files.
8. Security measures
We use administrative, technical, and organizational safeguards intended to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption in transit, restricted administrator access, logging, and role-based permissions.
No system can be guaranteed to be completely secure, but we continuously work to improve our security posture and minimize risk.
9. Your rights under GDPR
Subject to applicable law and any exceptions, individuals in the EEA, UK, and other jurisdictions with similar laws may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your personal data.
- Restrict or object to certain processing activities.
- Request data portability where applicable.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with a supervisory authority.
If you are using our services through an organization, your request may need to be handled first by that organization as the controller.
To exercise your rights, contact us at support@turbovoice.ai. We may need to verify your identity before responding.
10. Cookies and analytics
We may use essential cookies and similar technologies that are necessary for authentication, security, session management, load balancing, and core site functionality. Where required, we may also use analytics or preference cookies to understand usage and improve the user experience.
When non-essential cookies are used, we will provide notice or consent controls where required by law. You can also manage cookies through your browser settings, though some features may not work properly if essential cookies are disabled.
11. Children’s privacy
Our services are not directed to children under the age required by applicable law to consent to data processing. We do not knowingly collect personal data from children without appropriate authorization. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. When we make material changes, we will post the updated version on this page and revise the effective date above.
13. Contact us
If you have questions about this Privacy Policy, our data handling practices, or your GDPR rights, contact us at:
- Email: support@turbovoice.ai
- Subject line suggestion: Privacy Request or GDPR Request
If you are acting on behalf of an organization that uses our services, please include the company name, the email address associated with the account, and a short description of your request.