Home

Blog

RecapHub

Contact

Request a Demo

Sign in

PRIVACY POLICY

Privacy Policy Translingo

Non-binding summary: This policy explains how Niron B.V. processes personal data when providing real-time transcription and translation services  (Translingo) and live- and post-event content summary/analysis and generation (RecapHub). It is drafted to cover scenarios where Niron B.V. primarily acts as a processor on behalf of organizing clients, without prejudice to cases where it acts as a controller (e.g., self-service accounts, billing, support, limited proprietary analytics).

1. Data controller

  • Entity: Niron B.V.

  • Address: Stationsplein 45, 4th floor A4.004, 3013 AK Rotterdam, The Netherlands

  • Commercial Register (KVK): 90020340

  • NIF/VAT: NL865184938B01

  • Privacy contact email: build@niron.ai

Note on roles:

  • In assignments with event organizers, the organizer is generally responsible and Niron B.V. processor (art. 28 GDPR).

  • In functions that Niron B.V. defines on its own (e.g. account registration, billing, security, minimum technical analytics), Niron B.V. acts as a data controller.

  • If there are joint decisions on ends/means, joint responsibility will be documented  (art. 26 GDPR).

2. Scope of application

This policy applies to:

  • Translingo (real-time transcription and translation at events, conferences, and meetings).

  • RecapHub (generation of abstracts, indexes, proceedings and post-event derivative materials).

  • Associated websites and apps: translingo.cc, recaphub.co, and eventlabs.ai.

  • Integrations with storage platforms and technology providers (e.g., Google Cloud, Supabase, Heroku, etc.). The full list is available upon request.

3. Types of personal data processed

A. Account and profile data: first name, last name, email, phone, language, role, company/organization; credentials (hash), settings and preferences.
B. Event data: title, agenda, participants/speakers (names/roles if provided by the client), languages and metadata (date, duration, access).
C. Captured content: audio (and video if enabled), presentations or materials shared by the client.
D. Outputs generated: transcripts, translations, subtitles, abstracts, proceedings, excerpts, keywords, topic tags, mind maps, derivative editorial material.
E. Support Data: tickets, helpdesk communications, support recordings (if authorized).
F. Technical data and telemetry: IP, device/session identifiers, access logs, user agent, usage events, cookies/similar storage.
G. Billing and collection data: tax data, billing address, payment history, vouchers.

Special categories (art. 9 GDPR)
We do not intentionally request sensitive data (health, ideology, etc.). They could appear incidentally if a speaker discloses them. In such a case:

  • We apply encryption and strong access controls.

  • The organiser should assess the appropriate legal basis and, if appropriate, carry out an impact assessment (DPIA/DPIA).

Minors: Services are not directed to minors. The organiser must avoid recruiting them or obtain valid authorisations.

4. Source of the data

  • Client/organizer: configuration of events, participants, materials.

  • Participants: voice interventions, documentary contributions.

  • Integrations: Customer-authorized video conferencing/storage platforms.

  • Automatically: telemetry, cookies, usage logs.

5. Purposes of processing and legal bases

When we act as a processor, we deal with the instructions of the person in charge (organizer). When we act as a responsible party, the following legal bases apply:

PurposeDescriptionLegal basisReal-time deliveryAudio capture/processing for transcription and simultaneous translation; Viewing to Authorized UsersExecution of the contract (art. 6.1.b GDPR); Legitimate interest  (security/operational)During- and post-event Generating abstracts, minutes, indexes, and derivative materials from transcriptsExecution of contract (art. 6.1.b GDPR)Account ManagementRegistration/deregistration, authentication, access control, space managementExecution of contract (art. 6.1.b GDPR)IntegrationsConnect to database, import/exportExecution of contract (art. 6.1.b GDPR); Consent if the integration requires itSupport & ServiceIncident Handling and Service Communications (Non-Marketing)Execution of the contract (art. 6.1.b GDPR); Legitimate interest (security/operational)Safety and abuse preventionMonitoring, logging, detection and response to incidentsLegitimate interest; Legal obligation where applicableLimited Product AnalyticsTechnical metrics for stability, quality, and incremental improvement, with aggregation/pseudonymization/anonymizationLegitimate interest (art. 6.1.f GDPR)Invoicing and accountingInvoice issuance, payment management, tax complianceLegal obligation (art. 6.1.c GDPR)Own marketingNewsletter and equivalent commercial communicationsConsent (Art. 6.1.a); legitimate interest (with opt-out where permitted by law)Non-essential cookiesAnalytics/PersonalizationConsent for non-essential (mandatory technical and functional) (ePrivacy)AI/TrainingWe do not use identifiable data to train general models without express consent; use of aggregated/anonymized data for benchmarking/statisticsConsent (if applicable) / Legitimate interest with robust anonymization

6. Description of the technical flow (transparency)

  1. Capture: The audio of the speaker/participants is captured from the room or the authorized video conferencing platform.

  2. Encrypted transmission: The stream is sent via TLS to infrastructure.

  3. Processing: STT (speech-to-text) engines transcribe; where appropriate, MT (machine translation) translates; and AI assistive systems generate summaries/indexes.

  4. Controlled delivery: The result is displayed/delivered to users with permissions.

  5. Retention/erasure: After the service is terminated, the data is retained for the minimum time necessary according to the customer's configuration, and is deleted or anonymized.

7. Recipients and sub-processors

We may share data with:

  • Technology sub-processors: cloud hosting, databases, CDN, monitoring, STT/MT/TTS APIS, transactional email, helpdesk, invoicing and payments.

  • Advisors/auditors: under confidentiality agreements.

  • Authorities: when there is a legal obligation or valid requirement.

All under contract in accordance with art. 28 GDPR. We maintain an up-to-date list of sub-processors. We will give reasonable notice of material changes, offering the right to object where required by the contract.

8. International transfers

The architecture is designed to store data  in the EU/EEA. Where a subprocessor operates outside the EEA, we will apply Standard Contractual Clauses (SCCs).

9. Retention periods

We apply minimization and limited withholdings. As a guideline (adjustable by contract/customer instruction):

CategoryDefault DeadlineRemarksAudioUp to 1 yearRecording can be disabled or force delete on closureTranscriptions/translationsUp to 1 yearExportable by the customer; Deletion on requestGenerated outputs (recaps)Up to 2 yearsOr even deleted by the clientEvent metadataUp to  2 yearFor traceability and invoicingTechnical logs/security3–12 monthsDifferent withholdings depending on the purposeSupport12–24 monthsAfter ticket closureBilling/Accounting7–10 yearsAccording to applicable tax regulations

10. Security measures (summary)

  • Encryption in transit and at rest (TLS ≥1.2; database encryption and backups).

  • Identity and access management (IAM), MFA, segregation of duties, principle of least privilege.

  • Logical isolation by client/tenant, control of environments and activity logging.

  • SSDLC: Code reviews, dependency analysis, testing, and remediation.

  • Incident monitoring and response; WAF/CDN when applicable.

  • Continuity and disaster recovery  plans; Encrypted and tested backups.

  • Internal policies and privacy/security training.

  • Breach notification in accordance with Articles 33–34 GDPR.

11. Rights of individuals

You can exercise: access, rectification, deletion, opposition, limitation, portability and not to be subject to automated decisions (art. 22 GDPR). To do this, write to build@niron.ai indicating the right exercised. We may request identity verification. We will resolve in 1 month (extendable 2 months due to complexity). You have the right to lodge a complaint with your supervisory authority: in the Netherlands, Autoriteit Persoonsgegevens.

12. Cookies and similar technologies

We use cookies/local storage to:

  • Strictly necessary (operation, security, authentication).

  • Preferences (language, accessibility).

  • Analytics (usage measurement) – requires consent.

  • Personalization/own marketingrequires consent.

You can set or withdraw your consent at any time from our cookie management panel. More information in the Cookies Policy.


13. AI Information (AI Act)

  • Our services incorporate AI systems to transcribe, translate and summarize content.

  • Transparency: we inform customers and users that AI intervention is present and that errors may occur; human supervision throughout the process (no automated decisions with legal effects).

  • Training Data: We do not use identifiable customer data to train general-purpose models without express consent

  • Risk management: We conduct regular reviews on accuracy, robustness, safety, and bias, documenting mitigation measures.

  • Traceability: We retain proportionate technical records for auditing, security, and responsible improvement.

  • Prohibited Use: We block uses contrary to law/contract (e.g., unauthorized surveillance, unlawful extraction of information).

14. Responsibilities in events (transparency towards participants)

The organiser must inform speakers and attendees in advance of the recording and processing (transcription/translation/recap).
Suggested short notice (editable by the organizer):

"This event uses services from Niron B.V. (Translingo / RecupHub) for real-time transcription/translation and abstract generation. The audio of the interventions will be captured for operational purposes of the event. More information and exercise of rights: [link to this policy] / [contact of the organizer]."

15. Automated Decisions

We do not adopt automated decisions with legal effects or of similar importance to individuals (art. 22 GDPR). AI capabilities support and require human supervision from the customer.

16. Reporting data to authorities

We may disclose data where there is a legal obligation or a valid requirement from a competent authority, limiting disclosure to what is strictly necessary and, where legally possible, informing the customer.

17. Changes to this Policy

We may update this policy to reflect legal or technical changes.

18. Contact

For privacy or exercise of rights: build@niron.ai, postal address: Stationsplein 45, 4th floor A4.004, 3013 AK Rotterdam, The Netherlands.