This summary is provided for convenience. The full legal policy below governs your rights and our obligations.
- We collect your name, email, audio recordings, transcription output, usage activity, and support messages to run the Penguin Scribe platform.
- We do not sell your personal data to anyone.
- We do not use your audio or transcription content for AI model training without your explicit consent.
- Your data is stored on Google Firebase infrastructure and processed through our AI transcription provider and email service.
- You can request access to, correction of, or deletion of your personal data at any time by contacting us at hello@penguinscribe.com.
- If you are in the EU, UK, or India, you have additional statutory rights described in full below.
Penguin Biotechnologies PVT LTD (we, us, our) is the company behind Penguin Scribe, an enterprise audio transcription and collaboration platform (the Platform).
This Privacy Policy explains what personal data we collect, why we collect it, where and how we store it, who we may share it with, how long we keep it, your rights, and how to contact us with privacy-related requests.
This Policy applies to all users of the Penguin Scribe platform, including company administrators, individual users, superadministrators, and visitors to our marketing website.
By accessing or using Penguin Scribe, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, you should not use the Platform.
Penguin Biotechnologies PVT LTD
Registered Office, Bengaluru
Karnataka 560001
India
Privacy contact: hello@penguinscribe.com
Phone: +91 98298 05571
If you are located in the EU/EEA, we act as a data controller under Article 4(7) GDPR. If you are in India, we act as a Data Fiduciary under the DPDP Act 2023. If you are in the UK, we act as the data controller under UK GDPR and the Data Protection Act 2018.
We collect only the personal data necessary to provide and operate the Penguin Scribe platform.
3.1 Account and Identity Data
- Full name
- Work email address
- Job role or title (where provided)
- Organization / company name
- Account role (User, Admin, or Superadmin)
- Password in hashed form via Firebase Authentication (no plaintext passwords)
- Optional profile information
Source: Provided by you or your administrator.
3.2 Audio Recording Data
- Audio files captured during recording sessions
- Metadata: recorder name, duration, file size, timestamp
- Storage path reference in Firebase Storage
Audio is tenant-scoped and accessible only to authorized users and Penguin Biotechnologies PVT LTD for operation and maintenance of the Platform.
3.3 Transcription Content Data
- Generated transcription text output
- File name and metadata for transcription records
- Transcription history and edits
- Record linkage to source audio
Important note on AI processing: Audio is submitted to configured AI providers for processing. We do not authorize providers to use submitted content for model training.
3.4 Usage and Activity Data (Audit Logs)
- Actions performed, including logins, recordings, transcriptions, edits, and logouts
- Timestamps
- Target records/resources
- Actor account identifier
3.5 Session and Technical Data
- Session tokens (issued and tracked server-side)
- IP address
- Browser and device type
- Active session status
3.6 Support Communications
- Name and contact details
- Support message content
- Attachments and additional information
- Support conversation history
3.7 Marketing and Newsletter Data
- Email address
- Name (where provided)
- Enquiry type and message
- How you heard about us (where provided)
| Purpose | Data Used | Legal Basis (GDPR/UK GDPR) | DPDP Act Basis |
|---|
| Creating and managing your user account | Account data | Performance of contract | Consent / Legitimate use |
| Providing recording functionality | Audio data, session data | Performance of contract | Consent / Legitimate use |
| Processing audio through transcription pipeline | Audio data, transcription data | Performance of contract | Consent / Legitimate use |
| Storing and displaying transcription outputs | Transcription data | Performance of contract | Consent / Legitimate use |
| Enforcing session security | Session and technical data | Legitimate interests | Legitimate use |
| Maintaining audit logs | Activity data | Legitimate interests | Legitimate use |
| Responding to support requests | Support data | Performance of contract / Legitimate interests | Consent / Legitimate use |
| Sending transactional notifications | Account and notification data | Performance of contract | Consent |
| Sending marketing communications | Marketing data | Consent | Consent |
| Complying with legal obligations | Relevant categories | Legal obligation | Legal obligation |
| Detecting and preventing fraud | Session and audit data | Legitimate interests | Legitimate use |
We do not use personal data for automated decision-making that produces legal or similarly significant effects without human review.
We retain personal data only as long as necessary for the purposes described in this Policy or as required by applicable law.
| Data Category | Retention Period |
|---|
| Account data | For duration of account plus 12 months after deletion |
| Audio recordings | For subscription duration plus 6 months, or until deleted by authorized user |
| Transcription content | For subscription duration plus 6 months, or until deleted by authorized user |
| Audit logs | 24 months from logged action |
| Session and technical data | 30 days from session expiry |
| Support communications | 24 months from support resolution |
| Marketing data | Until consent withdrawal or 24 months from last engagement |
Note: Retention periods are reviewed periodically and may be adjusted based on legal and operational requirements.
6.1 Google Firebase (Google LLC)
Services: Firebase Authentication, Firestore, Firebase Storage
Data: Account/session data, audio recordings, transcription content, audit logs, support messages
Purpose: Core platform infrastructure
Privacy information: firebase.google.com/support/privacy | policies.google.com/privacy
6.2 AI Transcription Provider
Services: AI-assisted audio-to-text processing
Data: Audio submitted for transcription
Purpose: Transcription processing pipeline
Data location: Managed by the configured provider and may include India, the US, or other regions used by that provider.
Important: We require the provider not to use submitted audio for model training beyond service delivery.
6.3 Email / SMTP Provider
Services: Transactional email delivery (SMTP)
Data: Name, email, message content for email delivery
Purpose: Notifications and communications
Data location: Google Mail SMTP infrastructure (Gmail / Google Workspace), subject to Google's regional processing.
6.4 Hosting Provider
Services: Application hosting
Data: Request metadata in transit
Purpose: Hosting Penguin Scribe Next.js application
Recommended provider: Vercel Privacy Policy
We do not sell personal data and do not share data with third parties for their own marketing purposes.
Penguin Scribe is operated from India. Data may be transferred to, stored, and processed in countries other than your residence, including the United States (for infrastructure services).
Where required, we apply safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, and contractual protections with sub-processors.
Depending on your location, you may have rights under GDPR/UK GDPR, India DPDP Act, or CCPA/CPRA. Contact hello@penguinscribe.com to exercise rights.
8.1 GDPR / UK GDPR
- Right of Access
- Right to Rectification
- Right to Erasure
- Right to Restriction of Processing
- Right to Data Portability
- Right to Object
- Right to Withdraw Consent
- Right to Lodge a Complaint
8.2 India DPDP Act 2023
- Right to Access Information
- Right to Correction and Erasure
- Right to Grievance Redressal
- Right to Nominate
- Right to complain to the Data Protection Board (when operational)
8.3 CCPA / CPRA (California)
- Right to Know
- Right to Delete
- Right to Correct
- Right to Opt-Out of Sale/Sharing (not applicable; no sale/sharing for cross-context advertising)
- Right to Non-Discrimination
8.4 How to Exercise Rights
Email: hello@penguinscribe.com
Subject: Privacy Request — Access / Correction / Deletion
Response timelines are generally within 30 days (GDPR/UK GDPR), 30 days (DPDP once rules are in force), or 45 days (CCPA), subject to legal requirements.
We implement technical and organizational safeguards to protect personal data from unauthorized access, disclosure, alteration, and destruction.
- Firebase Authentication and secure session controls
- Server-issued/server-tracked tokens and single-device enforcement
- CSRF protections, rate limiting, and CSP headers
- Role-based access control with tenant isolation
- Deny-by-default Firestore security rules
- HTTPS on all platform connections
- Environment-variable-based secret management
- Audit logs for consequential actions
No system is completely risk-free. Where required by law, we will notify affected parties and authorities of qualifying breaches.
| Cookie / Technology | Purpose | Type | Duration |
|---|
| Session token cookie | Maintains authenticated session | Essential / Strictly necessary | Session / 7 days |
| Authentication state | Manages Firebase Auth session | Essential / Strictly necessary | Session |
We do not use third-party advertising cookies or tracking pixels on the Platform.
Penguin Scribe is intended for adult organizational users. We do not knowingly collect personal data from individuals under 18 years of age. If such data is identified, contact hello@penguinscribe.com for prompt deletion steps.
Where Penguin Scribe is used under an organization agreement, the organization generally acts as controller/Data Fiduciary for workspace data, and Penguin Biotechnologies PVT LTD acts as processor/Data Processor for that workspace.
Your organization administrator controls access permissions and governance settings in your tenant.
We send marketing communications only where consent is provided. You can unsubscribe any time via email footer links or by contacting hello@penguinscribe.com with subject “Unsubscribe”.
Unsubscribing from marketing does not affect transactional account communications.
Our platform and marketing pages may link to external services. This Privacy Policy applies only to Penguin Scribe. Please review third-party privacy notices directly.
We may update this Policy to reflect practice, product, or legal changes. For material updates, we will revise the Last Updated date and provide user notice where required.
Grievance Officer: Anish Singh Rajpurohit
Organization: Penguin Biotechnologies PVT LTD
Email: hello@penguinscribe.com
Phone: +91 98298 05571
Address: Registered Office, Bengaluru, Karnataka 560001, India
Response timeframe: Acknowledgement within 72 hours and resolution within 30 days, or as prescribed by applicable rules.
Penguin Biotechnologies PVT LTD
Privacy / Data Protection
Registered Office, Bengaluru, Karnataka 560001
India
📧 hello@penguinscribe.com
📞 +91 98298 05571
We aim to respond to privacy-related enquiries within 5 business days.
This Privacy Policy is governed by the laws of India, including the Information Technology Act 2000, the IT Rules 2011, and the DPDP Act 2023. For EU/UK users, rights and obligations under GDPR/UK GDPR also apply where required.
Disputes are subject to exclusive jurisdiction of courts in Bengaluru, India, except where mandatory law requires otherwise.