Privacy Policy

Dictately ("we", "us", "our") is operated by GIETO GROUP. This Privacy Policy explains how we collect, use, and protect your information when you use the Dictately voice dictation application and related services (the "Service").

1. Information We Collect

1.1 Audio Data

When you use Dictately, your voice audio is sent to a third-party speech-to-text (STT) provider for transcription. Audio is processed in real time and immediately discarded. We do not store, retain, or have access to your audio recordings at any point.

1.2 Transcription Data

Your transcription history is stored locally on your device only. We do not upload, sync, or back up transcription content to our servers.

1.3 Personal Dictionary

If you create a personal dictionary (custom words, phrases, or corrections), this data is synced to Google Firestore to enable cross-device access. It does not contain transcription content.

1.4 Account Information

We use Firebase Authentication to manage user accounts. When you sign up, we collect your email address and basic profile information (name, if provided). This data is stored in Firebase.

1.5 Usage Data

We track anonymised usage metrics (e.g. word count, feature usage, active sessions) in Google Firestore to enforce plan limits and improve the Service. This data is linked to your account but does not include transcription content.

1.6 Payment Data

Payments are processed by Stripe. We do not store your credit card number or full payment details. Stripe may collect billing information in accordance with their own Privacy Policy.

2. Third-Party Services

We use the following third-party services to operate Dictately:

• Groq — Primary speech-to-text provider
• OpenAI — Speech-to-text fallback provider
• Deepgram — Speech-to-text fallback provider
• Firebase (Google) — Authentication and data storage
• Stripe — Payment processing

Each third-party service has its own privacy policy governing how they handle data. Audio sent to STT providers is used solely for the purpose of transcription and is not retained by those providers.

3. How We Use Your Information

• To provide and maintain the voice dictation Service
• To authenticate your identity and manage your account
• To process payments and manage subscriptions
• To enforce usage limits (e.g. free-tier word caps)
• To sync your personal dictionary across devices
• To improve the Service and fix bugs
• To communicate with you about your account or changes to our terms

4. Data Retention

Audio: Not retained. Audio is streamed to the STT provider and discarded immediately after transcription.

Transcriptions: Stored locally on your device. We have no access to this data.

Account data: Retained for the duration of your account. Deleted upon request or account termination.

Usage data: Retained for analytics and plan enforcement. Deleted upon account termination.

5. Cookies

Dictately uses minimal cookies strictly necessary for authentication session management. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to data portability: Request your data in a structured, machine-readable format
• Right to restrict processing: Request that we limit how we use your data
• Right to object: Object to processing of your data for specific purposes

To exercise any of these rights, please contact us at hello@dictately.io. We will respond within 30 days.

7. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS) for all data in transit. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on our website. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us: