Privacy Policy
Last updated: 7 July 2026 · Refund Policy
This Privacy Policy explains how Dokitscript ("we", "us", "our") collects, uses, and protects your personal data when you use our website at dokitscript.com. Dokitscript is operated by LEDOFFYX LTD, a private limited company registered in England and Wales (company number 16642301), with its registered office at 20 Wenlock Road, London, England, N1 7GU, United Kingdom. LEDOFFYX LTD is the data controller responsible for your personal data.
We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (EU GDPR), the UK GDPR, and applicable data protection laws. Depending on where you are located, you may have additional rights under regional law — including California (CCPA/CPRA), Brazil (LGPD), and other jurisdictions — as described in the dedicated sections below.
1. Data We Collect
We collect the following categories of personal data:
- (a) Account data: name, email address, and password (hashed) when you register.
- (b) Usage data: number of transcriptions performed, timestamps, AI features used, and selected plan.
- (c) Technical data: IP address, browser type, device type, and session information.
- (d) Device fingerprint: a non-personally-identifiable browser fingerprint generated by FingerprintJS, used solely to prevent abuse (multiple free accounts from the same device). This fingerprint is stored in our database and linked to your account. Upon account deletion, a one-way hash of your email address and your device fingerprint are retained for 90 days for fraud prevention purposes (see Section 8 — Data Retention).
- (e) Content data: audio or video files you upload, URLs you submit pointing to video content on third-party platforms, and the resulting transcriptions, translations, summaries, captions, and other AI-generated outputs ("Content"). We act as a data processor on your behalf with respect to this Content. Content you submit may contain personal data about third parties, or in some cases sensitive personal data (for example, recordings of medical consultations or interviews). We do not actively seek out or solicit such sensitive data. You are solely responsible for ensuring you have the necessary rights, consents, and authorisations to submit such Content to the service. We do not use Content to infer sensitive characteristics about any individual, beyond what is technically necessary to provide the transcription and AI features.
- (f) Analytics data: pages visited, time on site, and traffic sources (via Google Analytics 4).
2. How We Use Your Data
- To provide and operate the transcription and AI features service.
- To manage your account and enforce plan limits.
- To send email verification, transactional communications, and important service notifications.
- To send marketing and promotional communications (see Section 7 — Marketing Communications).
- To analyse usage patterns and improve the service.
- To process payments and manage subscriptions.
- To prevent fraud and enforce our Terms of Service.
- To improve and develop the service and our own AI models — see Section 3 (AI Training & Service Improvement) for full details.
Legal bases for processing are detailed in Section 4.
3. AI Training & Service Improvement
Dokitscript may use Content — including audio recordings you submit and the transcriptions and AI outputs generated from them — to operate, maintain, and improve the service, and to train and develop our own AI models.
- Purpose: improving transcription accuracy, AI feature quality, and building proprietary models that benefit all users of the service.
- Legal basis (EU/UK): legitimate interests (improving service quality and developing better technology), balanced against your privacy interests.
- De-identification: before use in model training, data is de-identified or anonymised so that it cannot reasonably be linked back to an individual user.
- No sensitive inference: we do not use Content to infer sensitive characteristics (health, political opinions, beliefs, etc.) about any person.
- Not a sale: using Content for training does not constitute a sale of your personal data. We do not sell your personal data to any third party.
- Opt-out: you may object to the use of your Content for AI training at any time by contacting us at [email protected]. We will honour opt-out requests within 30 days. Opting out does not affect the service you receive.
4. Legal Bases for Processing
- Contract performance: processing necessary to provide the transcription and AI features you have requested, manage your account, and process payments.
- Legitimate interests: fraud prevention, security, service analytics, product improvement, and AI model training (always balanced against your fundamental rights).
- Consent: analytics cookies and marketing communications, where your consent is required. You may withdraw consent at any time.
- Legal obligation: where we are required to process data to comply with applicable law.
5. Cookies
We use the following cookies and similar technologies. By clicking "Got it" on the cookie banner or continuing to use the site, you consent to their use.
- Session cookie (
transcriptai.sid): strictly necessary, keeps you logged in. Expires after 7 days.
- Analytics cookies (Google Analytics 4): track usage and traffic. You can opt out via your browser settings or using the Google Analytics Opt-out Add-on.
- Consent cookie (
ck, localStorage): remembers that you have accepted this cookie notice. Never transmitted to our servers.
6. How We Share Your Data (Third-Party Services)
We share data with the following trusted third parties solely to operate the service. All third-party processors are bound by appropriate data processing agreements.
- Third-party AI speech-to-text providers, to convert your audio into text. Your audio file and/or the resulting transcription text is shared with these providers solely for processing on our behalf.
- Third-party AI providers, to power the AI features (summaries, key points, translations, captions, blog posts, chapters, fact-checking, sources, and text-to-speech audio). Transcription text and related inputs are shared with these providers solely for processing on our behalf.
- Third-party providers used to retrieve the source video from the link you submit, when you transcribe a URL rather than an uploaded file.
- Stripe, payment processing for subscriptions and one-time purchases. When you pay via Apple's App Store, Google Play, PayPal, or a crypto payment processor (NOWPayments), those respective processors may also handle your payment data.
- Google, website analytics (Google Analytics 4) and authentication (Sign in with Google).
- Cloudflare R2, audio file storage (see Section 8 — Data Retention).
- MongoDB Atlas, database hosting.
- Railway, server hosting and infrastructure.
- Resend, transactional and marketing email delivery.
- Sentry, error and performance monitoring.
- FingerprintJS, open-source browser fingerprinting library loaded from
openfpcdn.io, used for anti-abuse detection only. No data is shared with FingerprintJS Inc. beyond what is technically necessary to load the script.
We do not sell your personal data to any third party.
7. Marketing Communications
We may send you marketing and promotional emails (such as onboarding tips, new feature announcements, and special offers) if you have not opted out of such communications.
- You can opt out at any time by clicking the unsubscribe link in any marketing email, or by updating your communication preferences in your account settings.
- Opting out of marketing emails does not affect transactional emails (email verification, password resets, payment receipts, and other service-critical communications), which we will continue to send as necessary.
- We never share your email address with third parties for their own marketing purposes.
8. Data Retention
- Account data: retained for as long as your account is active.
- Transcription history: last 20 transcriptions stored per account; older ones are automatically removed.
- Audio files: for logged-in accounts, the source audio may be stored for up to 90 days to enable replay and quality diagnostics, after which it is automatically deleted from Cloudflare R2.
- Anonymous usage: IP-based usage counters reset monthly.
- Upon account deletion: your account, transcriptions, and stored audio are permanently deleted immediately, and your chat support messages and API keys are permanently deleted. Your public review, if any, is anonymised (disassociated from your name) rather than removed, so that the rating remains part of the aggregate shown to other users. For fraud prevention purposes, a one-way irreversible hash (SHA-256) of your email address and your device fingerprint are retained for 90 days to prevent abuse of the free plan; these hashed values cannot be used to identify you and are automatically purged after 90 days. Separately, a limited set of records — namely payment and revenue records, support ticket history, marketing lead records, and internal customer-risk signals — may continue to reference your email address after account deletion, where necessary for accounting, tax, and legal-record-keeping obligations, and for fraud/abuse prevention (for example, preventing repeated use of a one-time promotional discount). These records are not used to re-market to you, are access-restricted to authorised staff, and are retained only as long as necessary for those purposes. You may request erasure of these residual records, subject to our legal obligation to retain financial records for statutory retention periods — contact [email protected].
- De-identified training data: de-identified or anonymised copies of Content used for AI model training (see Section 3) may be retained beyond the above periods, as they no longer constitute personal data.
9. Your Rights (EU/UK GDPR)
If you are located in the European Economic Area or the United Kingdom, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your account and personal data.
- Portability — receive your data in a structured, machine-readable format.
- Object — opt out of processing based on legitimate interests (including AI model training).
- Restriction — ask us to restrict processing in certain circumstances.
- Withdraw consent — at any time where consent is the legal basis, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority — in the United Kingdom: Information Commissioner's Office (ICO); in France (or for EU complaints generally): Commission Nationale de l'Informatique et des Libertés (CNIL).
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information.
Categories of personal information we collect: identifiers (name, email, IP address), commercial information (subscription plan, payment history), internet or other electronic network activity (usage data, analytics), and audio/visual data (uploaded files and transcriptions).
Your rights under California law:
- Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it.
- Right to Delete: request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct: request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: we do not sell your personal information, and we do not share it with third parties for cross-context behavioural advertising. You therefore do not need to take any action to exercise this right, but you may submit a request via [email protected] to confirm.
- Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information beyond what is necessary to provide the service.
- Right to Non-Discrimination: we will not discriminate against you for exercising any of your California privacy rights.
- Global Privacy Control (GPC): we recognise and respect GPC browser signals as a valid opt-out of sale/sharing.
To submit a California rights request, contact us at [email protected]. We will respond within 45 days, with one 45-day extension where reasonably necessary.
11. Brazil — LGPD Rights
If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) grants you rights equivalent to those listed in Section 9, including the right to access, correct, delete, and port your personal data, and to object to processing or revoke consent. LEDOFFYX LTD acts as the data controller for the purposes of the LGPD. To exercise your rights under the LGPD, contact us at [email protected]. You may also contact the Brazilian data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), at gov.br/anpd.
12. Other Regions
Depending on your country of residence, you may benefit from rights and protections under local data protection law. Where such rights apply, we will honour them in accordance with applicable law. To submit a request from any jurisdiction not specifically addressed in this Policy, contact us at [email protected].
13. Voice & Biometric Data
When you submit an audio or video file, the audio is processed by third-party AI speech-to-text providers to generate a text transcription. The resulting transcription text is then processed by our service and, where applicable, by third-party AI providers for the AI features you request. Audio files are stored temporarily in accordance with our retention policy (see Section 8) and then permanently deleted. We do not create voiceprints or any biometric identifier from the audio, and we do not use audio to identify individuals by their voice.
14. Children
The service is not directed at children under the age of 15. We do not knowingly collect personal data from children under 15. If you are between 15 and 18 years of age, please ensure you have obtained parental or guardian consent before registering or using the service. If we become aware that we have inadvertently collected personal data from a child under 15 without verifiable parental consent, we will delete that data promptly. If you believe a child under 15 has provided us with personal data, please contact us at [email protected].
15. Data Security
We implement appropriate technical and organisational measures to protect your data, including password hashing (bcrypt), HTTPS encryption in transit, access controls, and rate limiting. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
16. International Data Transfers
LEDOFFYX LTD is incorporated in the United Kingdom, and your data may be processed by us or our third-party processors in countries outside the European Economic Area (EEA) or the UK, including the United States. Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection law — such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK equivalent, adequacy decisions, or other legally recognised transfer mechanisms. For more information about the safeguards applicable to specific transfers, contact us at [email protected].
17. EU/UK Representative
As a UK-established company, you may direct EU and UK data protection enquiries and rights requests to: [email protected] — LEDOFFYX LTD, 20 Wenlock Road, London, England, N1 7GU, United Kingdom.
18. Browser Extension
Dokitscript offers an optional browser extension (available for Chrome-based browsers) that lets you start a transcription directly from supported video pages, in addition to the website. The extension uses the same account system described in this Policy and collects the following data:
- Login credentials: the email address and password you enter to sign in from the extension are sent securely to our backend (dokitscript.com) to authenticate you — the same account used on the website.
- Local session data: after signing in, an authentication token and basic account details (name, plan) are stored locally in your browser (
chrome.storage.local) so you remain signed in. This data stays on your device and is never sent anywhere other than to our own backend to authorise your requests. It is removed when you log out or uninstall the extension.
- Video URL: when you click "Transcribe" on a supported page (TikTok, Instagram, YouTube, Facebook, X) or use the right-click menu, the extension reads the URL of that specific video to send it to our backend for transcription. It does not track or record your general browsing activity, and does not read page content beyond what is needed to identify the video.
Data collected through the extension is shared with the same third-party service providers listed in Section 6, and is subject to the same retention, security, and rights described elsewhere in this Policy. We do not sell extension user data to any third party.
19. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the service, our practices, or applicable law. We will notify registered users of material changes by email at least 30 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of the service after any changes constitutes acceptance of the updated Policy.
20. Contact
For any privacy-related questions, rights requests, or concerns, please contact our data controller at:
[email protected]
LEDOFFYX LTD
20 Wenlock Road, London, England, N1 7GU
United Kingdom
For payment or billing queries: [email protected]
For general support: [email protected]
© 2026 LEDOFFYX LTD — Dokitscript is a service operated by LEDOFFYX LTD, a company registered in England and Wales (No. 16642301), 20 Wenlock Road, London, England, N1 7GU, United Kingdom.
Dokitscript · dokitscript.com · Refund Policy · Terms of Service · DMCA