Hugin's vow is short: your audio is yours, your transcripts are yours, and leaving is one click. This page is the long-form version of that vow — what we collect, why, how long we keep it, and how to make us forget.
Who's responsible
The data controller for Hugin is João Diniz, an individual based in Portugal. For any privacy matter — questions, requests, or complaints — write to privacy@hugin.ink.
Hugin is not required to appoint a Data Protection Officer under Article 37 GDPR at its current scale. If that changes, this section will be updated.
What we collect
We try to collect as little as possible. The categories are:
- Account data. Email, name (optional), hashed password (or your Google account ID if you sign in with Google), account creation date, and email-verification status.
- Audio you give us. The YouTube URL or audio file you submit for transcription. The source file is held only as long as needed to produce the transcript, then deleted.
- Transcripts & marginalia. The text we produce from your audio, plus chapters, summaries, key quotes, and recall cards drawn from it. These stay in your library until you delete them.
- Usage records. The hours you've transcribed this month (so we can enforce quota), the jobs you've run, and basic metadata (duration, source, status).
- Billing data. If you're on Pro, Stripe holds your card details. We hold only your Stripe customer ID and subscription state — we never see your card number.
- Session & technical data. A session cookie that keeps you signed in, your last login timestamp, and minimal request metadata (IP-derived country at most — full IP addresses are not stored long-term).
- Error telemetry. When something breaks, the browser or server may send Sentry a stack trace and a request context. IPs are scrubbed; we never include passwords, transcripts, or audio content in error reports.
Why we're allowed to (legal basis)
| What | Why | GDPR basis |
|---|---|---|
| Account data | To create and maintain your account | Art. 6(1)(b) — contract |
| Audio & transcripts | To deliver the service you asked for | Art. 6(1)(b) — contract |
| Usage records, quota | To enforce tier limits and prevent abuse | Art. 6(1)(b) — contract; Art. 6(1)(f) — legitimate interest |
| Billing data | To process payments and meet tax obligations | Art. 6(1)(b) — contract; Art. 6(1)(c) — legal obligation |
| Session cookie | To keep you signed in across pages | Strictly necessary — no consent required |
| Error telemetry (Sentry) | To diagnose crashes and keep the service working | Art. 6(1)(f) — legitimate interest (service quality) |
How long we keep it
- Account data: for as long as your account exists. Within 30 days of deletion, removed from active systems.
- Source audio file: deleted automatically once transcription completes (typically within minutes; never longer than 24 hours).
- Transcripts & marginalia: stored until you delete them or close your account.
- Usage records: aggregated monthly; raw job records pruned after 12 months.
- Billing records: retained for as long as legally required. In Portugal, invoices are typically retained for ten years for tax purposes.
- Backups: rolling 30-day window; deleted records age out within that window.
- Error telemetry (Sentry): Sentry's retention defaults apply (typically 30 to 90 days depending on plan).
Who else sees it (processors)
We use a small number of carefully chosen processors. Each is bound by a data-processing agreement (Article 28 GDPR) limiting what they may do with your data to providing the service we hired them for.
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Groq (Whisper) | Speech-to-text transcription | Your audio file (transiently — not retained by Groq beyond the request) | United States |
| Stripe | Payment processing (Pro tier only) | Email, billing details, subscription state | EU + United States (Stripe is DPF-certified) |
| YouTube (Google) | Audio extraction from public YouTube URLs you submit | The URL itself; no Hugin-side personal data is sent to YouTube | Global (per Google's infrastructure) |
| Sentry | Error telemetry | Anonymised stack traces, request metadata, scrubbed IP. No passwords, no transcripts, no audio. | EU region |
| Hosting & storage provider | Running the application, storing transcripts and backups | All categories above | EU |
We do not use your audio or your transcripts to train machine-learning models. We do not sell or rent your personal data, and we don't share it with advertisers — Hugin runs no advertising.
Your rights, including erasure
Under the GDPR you have the following rights:
- Access (Art. 15) — ask for a copy of your data.
- Rectification (Art. 16) — ask us to fix anything wrong.
- Erasure / "right to be forgotten" (Art. 17) — ask us to delete your account and data.
- Restriction (Art. 18) — ask us to pause processing while you dispute something.
- Portability (Art. 20) — export your library in a portable format.
- Objection (Art. 21) — object to legitimate-interest processing (e.g. Sentry telemetry).
- Withdraw consent — where any processing relies on consent, withdraw it at any time (does not affect prior lawful processing).
Two ways to act on these rights.
- Self-service (fastest). Most rights are exercisable from Account → The promise: export your library with "Take everything with you," delete your account with "Delete the keep" (the Danger zone). Account deletion removes your transcripts, marginalia, and subscription in one step.
- By email. Write to privacy@hugin.ink with the right you want to exercise and the account email it relates to. We aim to respond within 30 days (Art. 12(3) GDPR).
Cookies & local storage
Hugin sets only what's needed to keep the service working. There are no advertising cookies, no third-party tracking cookies, and no analytics cookies. The browser-side notice on your first visit explains this in one line; the full inventory is below.
| Name | Purpose | Type | Duration |
|---|---|---|---|
hugin.session_token |
Keeps you signed in | Essential (first-party) | Up to 30 days; expires sooner if you sign out |
hugin.session_data |
Session state used by better-auth | Essential (first-party) | Up to 30 days |
localStorage hugin.sidebar.*, hugin.reading.*, hugin.cookie-notice.seen |
UI preferences (sidebar, reading progress, dismissed notice) | Essential (first-party, not transmitted) | Until you clear browser storage |
| Sentry beacon | Error telemetry (no cookie set; one HTTPS request per error) | Essential — legitimate interest (service quality) | Per request |
| Stripe Checkout cookies | Set only on the Stripe-hosted checkout/portal pages, never on hugin.ink | Essential — managed by Stripe under its own policy | Stripe-managed |
Because we use no advertising or third-party analytics cookies, Hugin does not gate access behind a consent banner. We do show a first-visit notice so you know what's running. If we ever add an analytics tool, we will not load it until you opt in.
Security
Passwords are hashed with industry-standard algorithms (we never store them in plain text). All traffic to hugin.ink is HTTPS-only. Access to production data is restricted to the operator and audited. If a breach affects you, we will notify you and the relevant supervisory authority as required by Articles 33 and 34 GDPR.
Children
Hugin is not directed to children under 16. We do not knowingly create accounts for them. If you believe a child has signed up, write to privacy@hugin.ink and we will delete the account.
International transfers
Some of our processors (notably Groq for transcription, and Stripe for payments on certain flows) are based in the United States. Where personal data is transferred outside the EU/EEA, we rely on the EU Commission's Standard Contractual Clauses (SCCs) and/or the EU–US Data Privacy Framework where the processor is certified. You can request a copy of the relevant transfer mechanism at any time.
Changes to this policy
We may update this policy when the service changes, when the law changes, or when we get something wrong and need to fix it. Material changes are surfaced by email or a banner before they take effect. The "in effect" date at the top of this page tells you which version you're reading.
Contact & complaints
Privacy & data rights: privacy@hugin.ink
General: hello@hugin.ink
If you believe we've mishandled your data, you have the right to lodge a complaint with a supervisory authority. In Portugal that's the Comissão Nacional de Protecção de Dados (CNPD). EU residents may also complain to the supervisory authority of their country of residence.
See also: Terms of Service.