Last updated: March 2026
This Privacy Policy explains how Zeph.io ("we", "us", or "our") collects, uses, and protects your personal data when you use the Zeph.io desktop application and related services (the "Service"). We are committed to protecting your privacy and processing your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection legislation.
The data controller responsible for your personal data is:
ElearningSpecialist
Testrupvej 119
8320 Mårslet, Denmark
Email: hello@getzeph.io
When you use the dictation feature, your voice is recorded from your microphone and transmitted to our API proxy for transcription. Audio data is processed in real time and is not stored permanently by Zeph.io. Audio is discarded immediately after transcription is complete.
The text generated from your voice dictation is stored locally on your device in a SQLite database. This data never leaves your machine and is not transmitted to or stored on our servers.
On first launch, the application generates a unique device identifier (UUID). This identifier is used to manage your account, track usage against your plan limits, and facilitate billing. It does not contain any personally identifiable information about you or your device.
We collect a count of dictations performed per billing period to enforce plan limits (e.g., 30 dictations/month for the free tier). We do not collect the content of your dictations.
We process your data for the following purposes under the following legal bases:
| Purpose | Data | Lawful Basis |
|---|---|---|
| Voice-to-text transcription | Voice audio | Article 6(1)(b) GDPR — performance of contract |
| Text cleanup and formatting | Transcribed text (in transit) | Article 6(1)(b) GDPR — performance of contract |
| Account management and billing | Device ID, usage count | Article 6(1)(b) GDPR — performance of contract |
To provide the Service, we engage the following sub-processors and third-party service providers. Each sub-processor processes your personal data solely on our behalf and in accordance with our documented instructions.
When you use the dictation feature, your voice audio is transmitted from your device to our API proxy, which runs on Cloudflare Workers. The proxy forwards the audio to the OpenAI Whisper API for transcription. The transcribed text is then returned to your device. This is the sole data flow — audio is not stored on the proxy, and transcribed text is stored only locally on your machine.
OpenAI acts as a data processor (sub-processor) under their standard Data Processing Agreement (DPA). Your voice audio is sent to OpenAI's Whisper API for transcription and, optionally, to GPT-4o-mini for text cleanup. The following safeguards apply:
Cloudflare acts as a data processor (sub-processor) under their Data Processing Agreement (DPA). Our API proxy runs on Cloudflare Workers and serves as a pass-through that forwards your audio to OpenAI for transcription. The following safeguards apply:
Payment processing for Pro subscriptions is handled by LemonSqueezy, which acts as the Merchant of Record. LemonSqueezy collects and processes payment information (credit card details, billing address, email) directly. We do not have access to your full payment details. LemonSqueezy's own privacy policy governs its handling of payment data.
| Sub-Processor | Purpose | Data Processed | Transfer Safeguard |
|---|---|---|---|
| OpenAI | Speech-to-text transcription; text cleanup | Voice audio, transcribed text (in transit) | SCCs under DPA |
| Cloudflare | API proxy infrastructure | Voice audio (in transit), request metadata | SCCs under DPA |
| LemonSqueezy | Payment processing (Merchant of Record) | Payment and billing information | LemonSqueezy privacy policy |
Your data is transferred to service providers located in the United States. These transfers are safeguarded by:
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at hello@getzeph.io. We will respond within 30 days.
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
Website: www.datatilsynet.dk
Email: dt@datatilsynet.dk
The Zeph.io desktop application does not use cookies. If you visit our website at getzeph.io, we may use essential cookies required for the website to function. We do not use advertising or tracking cookies. Any future use of analytics cookies will be subject to your consent.
The Service uses artificial intelligence (OpenAI Whisper and GPT-4o-mini) to process your voice audio into text and to clean up the resulting transcription. This processing is essential to the core functionality of the Service. No decisions with legal or similarly significant effects are made based on automated processing. You always retain full control over the transcribed text and may edit or delete it at any time.
The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that data promptly. If you believe a child under 13 has provided us with personal data, please contact us at hello@getzeph.io.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the application or by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: hello@getzeph.io