Privacy Policy

Last updated: March 25, 2026

1. Introduction

SpeakEasy (“we”, “us”, “our”) operates the SpeakEasy Speech-to-Text and Text-to-Speech API platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, dashboard, and API services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored as a secure hash — we never store plaintext passwords)

2.2 Billing Information

Payment processing is handled by Stripe. We do not store your credit card number or banking details. We store a Stripe customer identifier to link your account to your billing record.

2.3 Usage Data

We record the following for billing and service monitoring:

  • API endpoint called (Speech-to-Text or Text-to-Speech)
  • Duration or character count of each request
  • Timestamp and API key identifier used
  • Aggregate usage per billing period

2.4 Content You Submit

When using our API, you may submit audio files for transcription or text for speech synthesis. This content is processed by our upstream AI provider to generate results and is not retained after processing is complete. We do not use your content to train AI models.

2.5 Cookies and Session Data

We use essential cookies for authentication and session management. See our Cookie Policy for details.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage your subscription
  • Track usage for billing purposes
  • Send transactional emails (welcome emails, usage alerts, billing notifications)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising or marketing profiling.

4. Third-Party Service Providers

We share information with the following third parties solely to operate the Service:

ProviderPurposeData Shared
SupabaseAuthentication & databaseAccount data, usage records
StripePayment processingEmail, billing information
LemonfoxAI audio/speech processingAudio files, text content (transient)
ResendTransactional email deliveryEmail address, name
UpstashRate limitingAccount identifier (anonymized)

Each provider processes data under their own privacy policy and is contractually obligated to protect your data.

5. Data Retention

  • Account data: Retained while your account is active and for 30 days after deletion to allow recovery.
  • Usage records: Retained for 12 months for billing reconciliation, then aggregated and anonymized.
  • Audio and text content: Not retained after processing. Content is passed to our upstream provider, results are returned to you, and the content is discarded.
  • Payment records: Retained as required by tax and financial regulations (typically 7 years).

6. Data Security

We protect your data through:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for stored data
  • HMAC-SHA256 hashing for API keys (raw keys are never stored)
  • Secure password hashing via Supabase Auth
  • Row-level security (RLS) in our database
  • Webhook signature verification for payment events

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

7.1 All Users

Regardless of location, you can:

  • Access your personal data via your dashboard settings
  • Update or correct your account information
  • Delete your account and associated data
  • Export your usage data

7.2 European Economic Area (GDPR)

If you are in the EEA, you additionally have the right to:

  • Request data portability
  • Restrict or object to processing
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

Our legal basis for processing is contract performance (providing the Service you signed up for) and legitimate interests (fraud prevention, service improvement).

7.3 California Residents (CCPA)

California residents have the right to:

  • Know what personal information is collected and how it is used
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your rights

8. International Data Transfers

Your data may be processed in countries other than your own. Our service providers maintain appropriate safeguards (such as Standard Contractual Clauses) to ensure your data is protected in accordance with applicable laws.

9. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at:

privacy@tryspeakeasy.io

SPEAKY