Account data. Your email, name, and — if you set one — a profile picture. That's it for required data.
Content data. The videos and screenshots you record, their transcripts, comments, and metadata (duration, size, timestamps).
Usage data. Page views, feature usage, error events. We use this to improve the product. Never sold, never shared with ad networks.
Payment data. Handled by Stripe. We receive a token and the last 4 digits. We never see, store, or log your full card number.
Device data. When you use our desktop or browser extension, we see your OS version and app version. Used for compatibility, not tracking.
To run the service. Your recordings exist in the service because you put them there. We need to store them to give them back to you.
To improve the service. Aggregated, anonymized usage data tells us what to build next. If a button nobody clicks becomes three buttons nobody clicks, that's a problem.
To contact you. Transactional emails — password resets, billing, critical service updates. You can opt out of everything optional.
We do not sell your data. We do not share your data with advertisers. We do not have any advertising business.
Recordings live in AWS S3 (us-east-1 and eu-west-1 by default; enterprise customers can pin region).
Account and metadata live in Postgres clusters behind VPCs. Daily encrypted backups retained 30 days.
Everything at rest is AES-256 encrypted. Everything in transit is TLS 1.3.
See our security page for the full technical detail.
Subprocessors for running the service: AWS (hosting), Stripe (billing), Postmark (transactional email), Mixpanel (product analytics), OpenAI (optional AI features — opt-out at org level).
Legal authorities, only when legally required and only under a valid subpoena. We notify you unless legally prohibited.
If you invite collaborators into a space, they see the content you share with them. That's the whole point.
A full, always-current subprocessor list lives at recordik.app/subprocessors.
Access. One-click export of every video, transcript, comment, and metadata field we have.
Correction. Edit or update any account field. Contact us for anything else.
Deletion. Delete a video — gone in 48h, backups included. Delete your account — full purge within 30 days.
Portability. Exports are in open formats: MP4 for video, SRT/VTT for transcripts, JSON for everything else.
Object & restrict. You can object to any specific processing. Email privacy@recordik.app — we respond within 7 days.
Strictly necessary. Session cookies for login. No way to opt out — without them the app doesn't work.
Analytics. Mixpanel (product analytics). Opt out in Settings · Privacy.
We do not use advertising cookies. We do not use tracking pixels. We do not have any advertising business.
Transcription, summaries, auto-edits, smart reframe — these run on our own infrastructure.
Your content is never used to train third-party models. We do not send your videos to OpenAI, Anthropic, or any other AI company for training.
Optional features (Ask-the-video, translation) may send transcript excerpts to model providers for inference only — not training. Opt out at org level in Settings.
All AI features can be disabled org-wide by an admin. Enterprise customers can demand dedicated inference infrastructure.
We operate globally. EU customer data is stored in eu-west-1 by default. Data may be transferred to US for specific processing — always under Standard Contractual Clauses (SCCs).
DPA with SCCs is available in-product (Settings · Legal) or by request to legal@recordik.app.
Recordik is not for children under 16. We do not knowingly collect data from children. If you believe we have, email privacy@recordik.app and we will delete immediately.
We'll announce material changes in-product and by email at least 30 days before they take effect.
Minor changes (typos, clarifications) will be noted in the version history below.
Every version of this policy is preserved. Diff viewer available at recordik.app/privacy/history.