Privacy Policy

This Privacy Policy explains how BleepOn, Inc. ("BleepOn", "we", "us") handles personal data when you visit our websites, sign up for an account, or use the BleepOn platform to transcribe, filter, and export audio or video. It applies to all users worldwide and supplements any data processing agreement you may have signed with us.

We are the data controller for account and billing information. When you upload media for processing, we act as a data processor on your behalf, following your instructions.

We group the data we handle into four categories. We collect only what is needed to run the service.

Account information

Name, email, password hash or Google OAuth identifier, organization, preferred language, and profile picture.

Uploaded media

Audio and video files you submit for processing, the transcripts and captions we generate, custom word lists, and export settings.

Usage data

Pages visited, actions taken, API key usage, device and browser, IP address, and approximate location. Used for security and product improvement.

Billing information

Plan, invoices, and transaction identifiers. Card data is handled directly by our payment providers and never touches our servers.

We use the data above to:

• Provide the core product — transcription, profanity detection, caption generation, censoring, burn-in, and export.
• Authenticate you, maintain your session, and protect your account from abuse.
• Process payments, send receipts, and manage your subscription.
• Respond to support requests and send critical service notifications.
• Detect fraud, enforce our Terms, and comply with legal obligations.
• Improve the product — understand what works, fix bugs, and prioritize roadmap items.

When you upload a file, BleepOn runs it through a pipeline: transcription, profanity detection against your configured word lists, caption generation, and — if you choose — censoring and burn-in. Each step happens on our processing infrastructure or with sub-processors listed below.

Transcripts and generated captions remain tied to your project. You control when they are edited, exported, or deleted. Deleting a project removes the associated media and transcripts from active storage within 30 days, and from backups within 90 days.

We store different categories of data for different periods. In every case, retention is tied to a specific reason — once that reason ends, the data is deleted or anonymized.

Uploaded media & transcripts

Kept for as long as your project exists. Removed within 30 days of project deletion (90 days in backups).

Account data

Kept while your account is active. Deleted within 30 days of account closure, except where law requires retention.

Billing records

Retained for up to 7 years to comply with tax and accounting law.

Server & security logs

Retained for up to 90 days, then rotated.

We use a small number of cookies and similar technologies. These fall into three groups:

• Strictly necessary — session and CSRF cookies that keep you logged in and protect forms. These cannot be disabled without breaking the product.
• Preferences — remember your theme, locale, and UI state.
• Analytics — help us understand how people use BleepOn in aggregate. You can opt out without affecting functionality.

You can manage cookies from your browser at any time. We honor Global Privacy Control (GPC) signals where required by law.

We rely on a short list of trusted sub-processors. Each one receives only the data it needs and is bound by a data processing agreement.

Supabase (PostgreSQL)

Primary database. Stores account data, project metadata, and transcripts.

Google

OAuth sign-in. We receive your name, email, and profile picture when you authorize it.

Stripe

Card processing, subscriptions, and invoicing for most regions.

Paddle

Merchant of record for certain markets — handles tax and global billing compliance.

Lemon Squeezy

Alternative checkout and merchant of record option.

Sanity

Content management for our marketing site and blog. Does not handle user media.

Depending on where you live, you have some or all of the following rights over the personal data we hold about you:

• Access — request a copy of what we store.
• Rectification — ask us to correct data that is wrong or incomplete.
• Erasure — ask us to delete your account and associated data.
• Restriction — ask us to pause processing while a dispute is resolved.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on our legitimate interests.
• Non-discrimination (CCPA) — exercise your rights without being charged a different price or given a lesser service.

BleepOn encrypts data in transit (TLS 1.2+) and at rest. We scope internal access using the principle of least privilege, rotate credentials, and maintain audit logs on sensitive operations. Uploaded media is stored in private buckets with signed, time-limited access URLs.

Because our team and infrastructure operate internationally, your data may be transferred between the EU, the US, and other regions. Transfers outside the EEA rely on Standard Contractual Clauses or equivalent safeguards.

No service can guarantee absolute security. If we become aware of a breach that affects you, we will notify you and the relevant authorities within the timelines required by law.

We update this Privacy Policy when our product, sub-processors, or the law changes. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced by email or an in-app notice at least 14 days before they take effect.

BleepOn is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has given us personal data, contact us and we will delete it.