Privacy Policy
Data Controller: Zenocritus B.V.
Hendrick Goltziusstraat 5, 7425 PJ Deventer, Netherlands
Chamber of Commerce (KvK): 65524829 · VAT: NL856147370B01
Contact: privacy@prodius.ai
Introduction
Prodius is a cloud-based voice transcription service that provides real-time speech-to-text conversion with AI-powered enhancement. This Privacy Policy explains how we collect, use, store, and protect your personal data.
Important: Prodius is a cloud-based service. Your audio recordings are transmitted through the Prodius Gateway (Amsterdam, Netherlands) to AI providers for processing. Practice tier subscribers are guaranteed EU-only processing via Azure OpenAI West Europe. Free and Personal tier subscribers may use US-based processors.
Key Privacy Principles
- Zero Data Retention: Audio and transcriptions are processed in memory and never stored on our servers
- EU-First Processing: Practice tier subscribers get EU-only data processing (Netherlands)
- Transparency: We clearly disclose all data processing activities
- No Data Sales: We never sell your personal data to third parties
- No Model Training: Your data is never used to train AI models
1. What Data We Collect
1.1 Account Information
- Email address (required for account creation and communication)
- Name (optional, for personalization)
- Account creation date and last login time
1.2 Audio Recordings
- Audio streams captured from your microphone during dictation
- Transmitted to the Prodius Gateway (Amsterdam, NL) via encrypted connection
- Retention: Zero — audio is processed in memory and immediately discarded. Never written to disk on any server.
1.3 Transcription Text
- Raw transcription text generated by speech recognition
- Enhanced transcription text after AI cleanup/formatting
- Retention: Zero on Prodius servers — transcriptions are typed directly into your active application and not stored server-side
- AI providers may retain data per their own policies (see Section 5)
1.4 Payment Information
- Company name and billing address
- VAT number (for EU B2B invoicing)
- Transaction history (amounts, dates, invoice numbers)
Prodius uses direct B2B invoicing (Zenocritus B.V.). We do not store credit card numbers.
1.5 Usage Data
- Device information: Operating system, app version, device type
- Usage metrics: Word counts for quota management
- Error logs: Technical errors for debugging
1.6 Cookies and Tracking
Prodius does not currently use analytics cookies or third-party tracking technologies.
- Essential cookies (no consent required): Session management, authentication
- Preference cookies (no consent required): Language preference, UI settings
The Prodius desktop application does not use cookies. Authentication is handled via secure tokens stored locally on your device.
2. How We Process Your Data
2.1 Two-Stage Transcription Process
All data flows through the Prodius Gateway (Amsterdam, Netherlands) with zero data retention.
Stage 1: Speech Recognition
- Audio is transmitted from your device to the Prodius Gateway via encrypted connection (HTTPS)
- The Gateway forwards audio to the transcription provider
- The transcription provider converts speech to text
- Audio is never stored — processed in memory and immediately discarded
Stage 2: AI Enhancement
- Raw transcription text is forwarded through the Gateway to an AI language model
- The model improves punctuation, capitalization, and formatting
- Enhanced text is returned through the Gateway to your device
- Final transcription is typed directly into your active application — no server-side storage
Data Flow: Desktop App → Gateway (Fly.io Amsterdam, NL) → AI Provider (Azure OpenAI West Europe for B2B) → Gateway → Desktop App
Zero Retention: The Prodius Gateway processes all data in memory. Audio, transcription text, and enhanced text are never written to disk on our servers.
Third-Party Data Handling:
- Azure OpenAI (B2B tier): Does not retain API request data. Does not use customer data for model training. Data processed in West Europe (Netherlands).
- Groq (dev/free tier): Retains data per their privacy policy. Does not use data for model training. Data processed in the United States.
- OpenAI (fallback): Retains data for up to 30 days per their API Data Usage Policy. Does not use data for model training.
2.2 Account and Usage Data
- Account data (email, authentication tokens) is stored in Supabase (Frankfurt, Germany)
- Usage metrics (word counts) are stored for quota management
- Transcription content is NOT stored
2.3 Application Context Processing
To provide context-aware transcription accuracy and intelligent text formatting, Prodius may capture:
- Active application name and window title
- Selected text in the active window (for context-aware transcription)
- Screenshots of the active window (only when you have explicitly bound a destination window for a command turn — see Section 2.4)
Context data is transmitted to the AI provider in real-time for that single request and is never stored on Prodius servers. Privacy protections include automatic exclusion of password managers and private browsing detection.
2.4 Local Screenshot Cache (Desktop App)
When you issue a command while a destination window is explicitly bound (manual target pick or pinned modal), Prodius captures a single screenshot of that window, sends it to the AI provider to ground the response, and — by default — caches the resulting JPEG on your own device so that you can see in the conversation view exactly which image was sent. This cache is intended as a transparency control: you can verify the provenance of every AI response grounded by a screenshot.
Where the cache lives (on your device, never on Prodius servers):
- macOS:
~/Library/Application Support/Prodius/context_screenshots/ - Windows:
%LOCALAPPDATA%\Prodius\context_screenshots\ - Linux:
~/.local/share/prodius/context_screenshots/
Retention:
- Default lifetime: 7 days, configurable in Settings
- Per-conversation cap: 50 MB (oldest thumbnails are evicted first)
- Global cap: 500 MB
- When you delete a conversation, the corresponding screenshot directory is deleted from disk
Your control: The cache can be disabled entirely via Settings → Privacy → "Cache context screenshots locally" (default ON). When disabled, screenshots are still displayed inline for the duration of the turn in which they were sent, but are not written to disk and do not survive closing the modal.
No new third-party transmission: The screenshot is sent to the AI provider only once, as part of the command turn itself — the same transmission that was already covered before this cache existed. The local cache is a local-only copy of that same image, read by the Prodius desktop application when rendering your conversation history. Nothing from the cache is uploaded to Prodius, to AI providers, or to any other party.
File security: Cached files use standard operating-system file permissions (user-owned, readable by your OS user account). They are not additionally encrypted at rest by Prodius. For devices protected by full-disk encryption (FileVault, BitLocker, LUKS), the cache is encrypted as part of the wider disk. We recommend full-disk encryption for any device used for professional client work.
For firms subject to professional secrecy (beroepsgeheim): because the cache may contain pixels of documents in Outlook, Word, Excel, case-management systems, or similar, the compliance officer or IT administrator should include the paths above in the firm's device-hygiene policy (e.g., the existing policy for browser caches, recent-document lists, and other local AI-assistant histories). Disabling the cache in Settings is the simplest way to remove this surface entirely.
3. How We Use Your Data
3.1 Primary Purposes (Legal Basis: Contract Performance)
- Provide transcription service: convert your speech to text
- Enhance transcription quality via AI processing
- Process payments and issue invoices
- Customer support
3.2 Service Improvement (Legal Basis: Legitimate Interest)
- Performance monitoring: system uptime, transcription speed
- Security: detect fraud, abuse, and threats
3.3 Communications (Legal Basis: Consent or Legitimate Interest)
- Transactional emails: Account notifications, payment receipts (cannot opt out)
- Product updates: New features, service changes (cannot opt out)
- Marketing emails: Promotions, tips, company news (can opt out anytime)
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Audio Recordings | Zero — in-memory processing only |
| Transcription Text | Zero — not stored on Prodius servers |
| Application Context (app name, window title, selected text) | Zero on Prodius servers — processed in real-time, not stored |
| Context Screenshot — Prodius servers | Zero — processed in real-time by the AI provider, not stored on Prodius infrastructure |
| Context Screenshot — your own device (local cache) | Up to 7 days by default (configurable); deleted on conversation delete; can be disabled in Settings. See Section 2.4. |
| Account Data | While account active + 30 days after deletion |
| Usage Metrics | While account active + 30 days after deletion |
| Billing Data | Per tax law requirements (typically 7 years) |
5. Third-Party Service Providers (Subprocessors)
We use the following third-party services. Your data is shared with them only as necessary for service delivery.
See the full Subprocessor List for details.
| Subprocessor | Purpose | Location |
|---|---|---|
| Azure OpenAI (Microsoft) | Transcription + AI enhancement (B2B) | Netherlands (West Europe) |
| OpenAI, L.L.C. | AI enhancement (fallback) | United States |
| Groq, Inc. | Transcription + AI (dev/free tier) | United States |
| Fly.io, Inc. | Gateway hosting | Amsterdam, Netherlands |
| Supabase, Inc. | Authentication + usage tracking | Frankfurt, Germany |
| TransIP | Email delivery | Amsterdam, Netherlands |
| Sentry (Functional Software, Inc.) | Error monitoring and performance tracing | Frankfurt, Germany |
Changes: We will notify you 30 days before adding new subprocessors that handle your personal data.
6. Data Security
6.1 Technical Safeguards
- Encryption in Transit: TLS 1.2+ for all data transmission
- Zero Storage: Gateway processes data in memory only — nothing written to disk
- Access Controls: JWT authentication, role-based access
- Audit Logging: Metadata-only request logs (never content)
6.2 Limitations
- No system is 100% secure
- You must secure your account credentials and device
- We rely on our subprocessors' security measures
In Case of Breach: We will notify affected users without undue delay, and in any event within 24 hours of becoming aware of the breach (see our DPA for full details). We will provide details about the breach, affected data, and remediation steps. We will also notify the Autoriteit Persoonsgegevens within 72 hours as required by GDPR Article 33.
7. Your Privacy Rights
7.1 GDPR Rights (EU/UK/EEA Residents)
Under the General Data Protection Regulation, you have the right to:
- Access (Article 15): Request a copy of all personal data we hold about you
- Rectification (Article 16): Correct inaccurate account information
- Erasure (Article 17): Request deletion of your account and associated data
- Restriction (Article 18): Temporarily pause processing
- Portability (Article 20): Export your data in machine-readable format
- Object (Article 21): Object to processing for direct marketing
- Withdraw Consent (Article 7): Withdraw consent for optional features
- Lodge a Complaint (Article 77): File a complaint with your national data protection authority
How to Exercise Rights: Email privacy@prodius.ai. We will respond within 30 days.
7.2 CCPA Rights (California Residents)
- Right to Know: Categories and specific pieces of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out of Sale: We do NOT sell personal information
- Right to Non-Discrimination: Same service quality regardless of rights exercise
8. International Data Transfers
8.1 Practice Tier (EU-Only Processing)
For Practice subscribers, all data processing stays within the European Union:
- Gateway: Fly.io Amsterdam (Netherlands)
- AI processing: Azure OpenAI West Europe (Netherlands)
- Authentication: Supabase Frankfurt (Germany)
- No data is transferred to the United States
- Fail-closed: If Azure is unavailable, requests fail — they do NOT fall back to US providers
8.2 Free & Personal Tiers (May Include US Processing)
For Free and Personal subscribers, AI processing uses Groq (US) with OpenAI (US) as fallback. These tiers are not suitable for processing client-confidential data. We implement safeguards including:
- EU Commission-approved Standard Contractual Clauses (SCCs)
- Zero storage on the Prodius Gateway
- Contractual prohibition on model training
If you object to US processing, contact us about upgrading to the B2B tier for EU-only processing.
9. Children's Privacy
- Minimum Age (US): 13 years old (COPPA)
- Minimum Age (EU/UK/EEA): 16 years old (GDPR Article 8)
We do not knowingly collect data from children below minimum ages.
10. What Prodius Does NOT Do
- We do NOT sell your data
- We do NOT store audio, transcriptions, or context screenshots on our servers
- We do NOT upload the local screenshot cache (Section 2.4) anywhere — it stays on your device
- We do NOT train AI models on your data
- We do NOT share data with advertisers
- We do NOT use analytics or tracking cookies
11. HIPAA Compliance
Prodius is NOT HIPAA-Compliant. Do not use Prodius to transcribe Protected Health Information (PHI). See our Terms of Service for details.
12. Accuracy Disclaimer
Transcriptions may contain errors. You should independently verify all transcriptions, especially for legal documents, financial reports, and safety-critical communications. See our Terms of Service for full disclaimer.
13. Changes to This Policy
Material changes will be communicated via email notification (30 days advance notice) and updated effective date. Continued use after changes take effect constitutes acceptance.
14. Contact Information
- Privacy questions: privacy@prodius.ai
- Data subject requests: privacy@prodius.ai with subject "Data Subject Request"
- General support: support@prodius.ai
Data Protection Authority: Dutch Data Protection Authority (Autoriteit Persoonsgegevens) — https://autoriteitpersoonsgegevens.nl/
Summary
| Data Type | Retention | Shared With |
|---|---|---|
| Audio | Zero — in-memory only | AI provider (for transcription) |
| Transcriptions | Zero — not stored | AI provider (for enhancement) |
| App Context (text) | Zero on Prodius servers | AI provider (in enhancement request) |
| Context Screenshot | Zero on Prodius servers; optional local cache on your device (default 7 days, can be disabled — see §2.4) | AI provider (for the bound-destination command turn only) |
| Account Info | While active + 30 days | Supabase (Frankfurt, EU) |
| Usage Metrics | While active + 30 days | Supabase (Frankfurt, EU) |
| Billing Data | Per tax law (7 years) | None (direct B2B invoicing) |
Last Updated: April 24, 2026 · Version 3.1 · Effective: April 24, 2026
Changes in v3.1: Added Section 2.4 describing the optional local cache of bound-destination context screenshots on the user's device. Retention table in Section 4 and the Summary table now distinguish server-side retention (zero) from the local-device cache (default 7 days, configurable, can be disabled in Settings).
