Privacy Policy
Last updated: 23 May 2026 · Version: Beta 1.0
1. Who we are
Data controller: Gavin Douglass-Cookman
Pestalozzistraße 68, 10627 Berlin, Germany
Contact: privacy@daisegni.com
Phone: +49 152 59561371
We are the data controller responsible for the personal data collected through this Service, within the meaning of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). For any questions about this policy or to exercise your data rights, contact us at the address above.
Data Protection Officer. We are not required to appoint a Data Protection Officer under Art. 37 GDPR or § 38 BDSG.
2. What data we collect and why
2.1 Account data
| Data | Why | Legal basis | | ------------------ | ------------------------------------- | ------------------------------------------------------------------------------------------------- | | Email address | Authentication and account management | Performance of contract (Art. 6(1)(b) GDPR) — the provision of the Service is itself the contract | | Name (if provided) | Personalisation | Performance of contract (Art. 6(1)(b) GDPR) |
2.2 Coaching session data
| Data | Why | Legal basis | | --------------------------- | -------------------------------------------------------------- | --------------------------------------------------- | | Audio recordings you upload | Transcription, AI analysis, playback, and clip access | Explicit consent (Art. 9(2)(a) + Art. 6(1)(a) GDPR) | | Transcripts | Produced from your recordings; displayed as part of your notes | Explicit consent (Art. 9(2)(a) + Art. 6(1)(a) GDPR) | | Coaching notes | AI-generated structured analysis of coaching content | Explicit consent (Art. 9(2)(a) + Art. 6(1)(a) GDPR) | | Clip timestamps | Identifying playable moments within recordings | Explicit consent (Art. 6(1)(a) GDPR) |
Voice and biometric data. Audio recordings of identifiable individuals constitute voice data and may, when processed for transcription and speaker identification, constitute biometric data under Art. 9 GDPR. We process such data only on the basis of your explicit consent (Art. 9(2)(a) GDPR) and only where you have confirmed that any third parties whose voices appear in the recording have also consented to this processing.
Incidental special-category data. Coaching content may incidentally include other special-category data — for example, health information discussed in relation to a vocal injury, or religious material in sacred repertoire. You provide explicit consent under Art. 9(2)(a) GDPR for such incidental processing as part of the overall consent to upload and process coaching recordings.
Note on third-party voices. Recordings you upload may contain the voice of your coach or other third parties. Our Terms of Service require you to obtain their consent before uploading. We process that voice data in our capacity as data controller and have our own independent obligations to those individuals, including honoring their deletion requests. Third parties whose voice appears in a recording may contact us at privacy@daisegni.com to request deletion of their personal data. Please note that we and you are likely joint controllers (Art. 26 GDPR) for that voice data: you are responsible for obtaining and holding consent; we are responsible for its secure processing and for responding to data subject rights requests.
2.3 Search and usage data
| Data | Why | Legal basis | | --------------------------------- | ------------------------------------------ | --------------------------------------------------------------- | | Search queries | Enabling semantic search across your notes | Consent (Art. 6(1)(a) GDPR) | | Vector embeddings of your notes | Powering the search function | Consent (Art. 6(1)(a) GDPR) | | Usage events and session metadata | Product analytics | Consent (Art. 6(1)(a) GDPR), obtained via cookie consent banner | | Error reports and logs | Diagnosing and fixing bugs | Legitimate interest (Art. 6(1)(f) GDPR) |
Legitimate interests assessment (error logs). We process error logs to diagnose bugs and maintain service security. We have assessed that this serves a genuine operational need, that the processing has minimal impact on users (identifiers are stripped from logs where possible), and that it does not override your interests or fundamental rights.
Cascading deletion on consent withdrawal. If you withdraw consent for coaching session processing, we will delete the associated recordings, transcripts, coaching notes, and vector embeddings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
3. How long we keep your data
| Data type | Retention period | | ------------------------------ | --------------------------------------------- | | Account data | Until you delete your account | | Audio recordings | Until you delete the session or your account | | Transcripts and coaching notes | Until you delete the session or your account | | Vector embeddings | Deleted when the associated notes are deleted | | Usage and analytics events | 12 months | | Error logs | 90 days | | Database backups | 30 days (point-in-time recovery) |
Inactive accounts. If your account has been inactive for 24 consecutive months, we will notify you by email and, if no response is received within 30 days, delete your account and all associated data.
You can delete a session — including its recording, transcript, and notes — at any time from within the app. To delete your account and all associated data, contact us at privacy@daisegni.com.
4. Who we share your data with
We do not sell your data. We share data only with the processors listed below, under data processing agreements, strictly to provide the Service.
| Processor | Location | What they process | Transfer basis | | ---------------- | --------------------------------------------------- | --------------------------------------------------------- | ----------------------------------------------------------------------------- | | Supabase | Frankfurt, Germany (storage); US (corporate entity) | Audio files, transcripts, notes, account data, embeddings | Standard Contractual Clauses (verify DPA at supabase.com) | | AssemblyAI | EU endpoint used | Audio recordings (transcription) | Standard Contractual Clauses (verify EU-only data handling in AssemblyAI DPA) | | PostHog | EU Cloud (eu.i.posthog.com) | Usage events and analytics | EU — no transfer | | Anthropic | United States | Coaching transcripts (AI analysis) | EU-US Data Privacy Framework | | Vercel | United States / EU edge | Web application routing and serving | Standard Contractual Clauses (Module Two) | | Sentry | United States | Error reports | EU-US Data Privacy Framework | | Voyage AI | United States | Coaching notes (embedding generation) | Standard Contractual Clauses | | Better Stack | Czech Republic / EU | Application logs | EU — no transfer (verify with Better Stack DPA) | | Google LLC | United States | Sign-in events, email (Google OAuth) | EU-US Data Privacy Framework |
Details of the transfer mechanism for each processor are available on request at privacy@daisegni.com.
AI training. Under Anthropic's commercial API terms, customer inputs are not used to train Anthropic's models by default. We have not opted into any data-sharing arrangement that would enable model training on your data.
5. Cookies and tracking
We use cookies and similar technologies on this Service. Under § 25 TTDSG, non-essential cookies require your prior consent.
| Cookie type | Purpose | Consent required | | ------------------------------- | -------------------------------------------- | ------------------------ | | Session cookies (Supabase Auth) | Keeping you logged in | No — essential | | PostHog analytics cookies | Product usage analytics and session tracking | Yes — via consent banner |
When you first use the app, a consent banner will ask you to accept or decline analytics cookies. PostHog analytics are not activated until you accept. You may withdraw this consent at any time via the cookie settings link in the footer.
We do not use advertising cookies, social media tracking pixels, or cross-site tracking technologies.
6. Your rights under GDPR
| Right | What it means | | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | | Access | Request a copy of the data we hold about you | | Rectification | Ask us to correct inaccurate data | | Erasure | Ask us to delete your data | | Restriction | Ask us to limit how we process your data | | Portability | Receive your data in a machine-readable format | | Object | Object to processing based on legitimate interest | | Withdraw consent | Withdraw consent at any time; this does not affect the lawfulness of prior processing | | No automated decisions | Dai Segni does not make legal or significant automated decisions about you. AI-generated notes are informational only and require your review. |
Contact us at privacy@daisegni.com to exercise any of these rights. We will respond within one month as required by GDPR Art. 12.
If you are not satisfied with our response, you can complain to the Berlin data protection authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)
Friedrichstr. 219, 10969 Berlin · datenschutz-berlin.de
7. Data security
- All data is stored in Supabase (Frankfurt) with encryption at rest and in transit
- Row-Level Security (RLS) ensures your data is accessible only to your account
- Audio files are stored in private storage buckets not accessible without a signed URL
- All connections use HTTPS/TLS
- We do not log audio file content or URLs in error-tracking systems
- We apply pseudonymisation to log data where possible
Data breaches. If we become aware of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the Berlin DPA within 72 hours (Art. 33 GDPR) and notify you without undue delay where required by Art. 34 GDPR. If you believe your data has been compromised, contact us immediately at privacy@daisegni.com.
8. Children
The Service is not directed at anyone under 18. We do not knowingly collect personal data from children. If you believe a child's data has been provided to us, contact us at privacy@daisegni.com and we will delete it promptly.
9. Changes to this Policy
We will notify you by email at least 30 days before material changes take effect. The current version is always at /legal/privacy. Continued use of the Service after that date constitutes acceptance of the revised policy.
Before the Service moves to a paid model, this policy will be updated to cover billing data and Stripe as a processor.
10. Contact
privacy@daisegni.com
Gavin Douglass-Cookman
Pestalozzistraße 68, 10627 Berlin, Germany
+49 152 59561371