Privacy Policy

Last updated: 11 March 2026  ·  Refund Policy

This Privacy Policy explains how Dokitscript ("we", "us", "our") collects, uses, and protects your personal data when you use our website at dokitscript.com. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and French data protection law.

1. Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, and password (hashed) when you register.
• Usage data: number of transcriptions performed, timestamps, and selected plan.
• Technical data: IP address, browser type, device type, and session information.
• Device fingerprint: a non-personally-identifiable browser fingerprint generated by FingerprintJS, used solely to prevent abuse (multiple free accounts from the same device). This fingerprint is stored in our database and linked to your account. Upon account deletion, a one-way hash of your email address and your device fingerprint are retained for 90 days for fraud prevention purposes (see "Data Retention" below).
• Content data: URLs submitted for transcription and resulting transcription text.
• Analytics data: pages visited, time on site, and traffic sources (via Google Analytics 4).

We do not collect any special category (sensitive) personal data.

2. How We Use Your Data

• To provide and operate the transcription service.
• To manage your account and enforce plan limits.
• To send email verification and important service communications.
• To analyse usage patterns and improve the service.
• To process payments and manage subscriptions (when applicable).
• To prevent fraud and enforce our Terms of Service.

Our legal basis for processing is: contract performance (service delivery), legitimate interests (security, analytics), and consent where required.

3. Cookies

We use the following cookies and similar technologies. By clicking "Got it" on the cookie banner or continuing to use the site, you consent to their use.

• Session cookie (transcriptai.sid): strictly necessary — keeps you logged in. Expires after 7 days.
• Analytics cookies (Google Analytics 4): track usage and traffic. You can opt out via your browser settings or using the Google Analytics Opt-out Add-on.
• Consent cookie (ck, localStorage): remembers that you have accepted this cookie notice. Never transmitted to our servers.

4. Third-Party Services

We share data with the following trusted third parties solely to operate the service:

• OpenAI — audio transcription processing (audio files are not stored beyond the API call).
• Google Analytics — website analytics.
• MongoDB Atlas — database hosting.
• Railway — server hosting.
• Resend — transactional email delivery.
• Stripe — payment processing (when subscriptions are active).
• FingerprintJS — open-source browser fingerprinting library loaded from openfpcdn.io, used for anti-abuse detection only. No data is shared with FingerprintJS Inc. beyond what is technically necessary to load the script.

We do not sell your personal data to any third party.

5. Data Retention

• Account data: retained for as long as your account is active.
• Transcription history: last 20 transcriptions stored, older ones automatically removed.
• Anonymous usage: IP-based usage counters reset monthly.
• Upon account deletion: all personal data (name, email, transcriptions) is permanently deleted immediately. For fraud prevention purposes, a one-way irreversible hash (SHA-256) of your email address and your device fingerprint are retained for 90 days to prevent abuse of the free plan. These hashed values cannot be used to identify you and are automatically deleted after 90 days.

6. Your Rights (GDPR)

You have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your account and data.
• Portability — receive your data in a machine-readable format.
• Object — opt out of processing based on legitimate interests.
• Withdraw consent — at any time, where consent is the legal basis.

To exercise any of these rights, contact us at legal@dokitscript.com. We will respond within 30 days. You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL).

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including password hashing (bcrypt), HTTPS encryption, rate limiting, and access controls. However, no method of transmission over the Internet is 100% secure.

8. International Transfers

Some of our third-party providers may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email. The "last updated" date at the top of this page will always reflect the most recent version.

10. Contact

For any privacy-related questions or requests, please contact us at:
legal@dokitscript.com

---

Dokitscript  ·  dokitscript.com  ·  Refund Policy  ·  Terms of Service