Privacy Policy

Who we are

Dictare is a product of BadgerBuilds Ltd ("we", "us", "our"), company number 17236397, registered office 15 Morban Road, Leicester, LE2 8LW, United Kingdom. We are the data controller for the personal data described in this policy.

We are registered with the UK Information Commissioner's Office (ICO), registration reference ZC154496. For any privacy question, or to exercise your rights, contact privacy@badgerbuilds.co. We are a small company and are not required to appoint a Data Protection Officer; privacy queries go to that address.

What we collect

• Account data — your email address and a securely hashed password, so you can sign in and we can manage your subscription.
• Voice and text content — when you use Dictare, the audio you record is sent to be transcribed, and the resulting text may be translated and polished. We use this content only to produce your result and return it to you. Because you choose what to dictate, this content may contain sensitive information; you control what you record, and (as set out below) we do not keep it on our servers.
• Usage data — counters such as trial time used and translation volume, which we need to enforce free-trial limits and operate subscriptions.
• Subscription and payment data — your subscription status and plan. Card payments are processed by Stripe; we never see or store your full card details.
• Diagnostics — if the app encounters an error, we may receive a crash report containing technical metadata (such as error type, app version, operating system, and device/session identifiers). Crash reports never contain the content you dictate.
• Waitlist — if you join our waitlist, we store your email address to notify you when Dictare is available.

How we use it, and our lawful bases

Under UK GDPR, we rely on the following lawful bases:

• To perform our contract with you — creating your account, processing your audio and text to deliver transcription/translation/polishing, and managing your subscription.
• Our legitimate interests — keeping the service secure, preventing abuse of free trials, diagnosing crashes, and improving the product. We balance these against your rights.
• Your consent — joining the waitlist, and receiving any optional product or marketing emails. You can withdraw consent at any time (see "Marketing" below).
• Legal obligation — retaining records of payments for tax and accounting purposes.

What we do not store

Dictare is built so that the content you dictate stays yours. The audio you record is processed to produce text and is not retained by us after processing. The transcribed, translated, or polished text is returned to your device — we do not keep a server-side copy of your dictation content. Any history or review of your text lives locally on your own device.

How we protect your data

We take appropriate technical and organisational measures to keep your data secure: connections to our services use encryption in transit (HTTPS/TLS), passwords are stored only as secure hashes (never in plain text), access to our systems is limited to what's needed to run the service, and we use reputable infrastructure and payment providers. No system is perfectly secure, but we work to protect your data and to limit what we collect in the first place.

The services we use (sub-processors)

We use a small number of trusted providers to deliver Dictare. Each only processes what's needed for its function:

• Supabase — account authentication, database, and the secure functions that route your requests.
• OpenAI — speech-to-text transcription and text polishing. OpenAI does not use data submitted through its API to train its models, and retains it for a limited period (up to 30 days) for abuse monitoring before deletion.
• DeepL (Pro) — translation. On DeepL's Pro plan, your text is not stored after translation and is not used to train models.
• Stripe — payment processing and subscription billing.
• Sentry — crash and error diagnostics (hosted in the EU).
• Cloudflare — hosting for this website and storage of waitlist sign-ups.

International transfers

Some of these providers process data outside the UK. In particular, OpenAI, Stripe, and Cloudflare are based in the United States, while DeepL (EU) and Sentry (EU) process data within the European Economic Area. Where your data is transferred outside the UK, we rely on appropriate safeguards — principally the UK International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses, or an adequacy decision (for EEA transfers) — so that your data receives an equivalent level of protection.

How long we keep it

• Account and subscription data — for as long as your account is active. When your account is deleted, we delete this data, except (a) payment records we must keep to meet legal and tax obligations, and (b) the limited fraud-prevention record described below.
• Dictation content — audio is transient; text is not stored on our servers (see above).
• Fraud prevention — to stop the same person repeatedly claiming a free trial, we keep a normalised form of your email address (lower-cased, with dots and any "+alias" removed) even after your account is deleted. We rely on our legitimate interest in preventing fraud, and use this record solely for that purpose.
• Diagnostics — crash reports are kept for up to 90 days, then deleted.
• Waitlist — kept until launch (plus a short period to send launch notices), or until you ask to be removed, whichever is sooner.

Marketing

We will send you service messages you can't opt out of while you have an account (for example, billing or security notices). We will only send product updates or marketing if you've opted in (such as by joining the waitlist), and every such email includes an unsubscribe link. You can opt out at any time by using that link or emailing privacy@badgerbuilds.co.

Cookies and local storage

This website does not use third-party advertising or tracking cookies. The Dictare app stores your settings and a sign-in token locally on your own device so it can function — this stays on your device and is not shared.

Your rights

Under UK GDPR you have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent. To exercise any of these — including deleting your account — email privacy@badgerbuilds.co and we will respond within one month. We may need to verify your identity before acting on a request.

If you believe we have mishandled your data, you can complain to the ICO at ico.org.uk — though we'd appreciate the chance to put things right first.

Children

Dictare is not directed at children, and we do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

If we change how we handle your data — for example, by adding a new provider — we will update this page and revise the "last updated" date above.