BioScribe Logo

Privacy Policy

Last updated: April 4, 2026

1. Introduction

BioScribe ("we", "us", or "our") is committed to protecting your privacy and handling personal information in an open and transparent way. This Privacy Policy explains how we collect, use, disclose, and store personal information when you use the BioScribe service to create life-story content and printed books.

This policy is written in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using BioScribe, you agree to the handling of your personal information as described in this policy.

2. Personal Information We Collect

Account and Identity Information

When you create an account, we collect:

  • Full name
  • Email address
  • Account tier and subscription status (Starter, Premium, or Luxe)
  • Stripe customer ID and subscription reference (not your card details)
  • Subscription period dates and renewal preferences
  • Date and time your account was created

Voice Interview and Transcript Data

When you conduct a voice interview using BioScribe, we collect and store:

  • Text transcripts of your voice conversations
  • Call duration (in seconds)
  • Interview session identifiers
  • Internal cost tracking data associated with each session

Important:

BioScribe does not store raw voice recordings. Audio is processed in real time by ElevenLabs (a US-based provider) to generate text transcripts, which we then store.

Life Story Content

The following content you create or that is generated on your behalf is stored in our database:

  • Biography titles and AI-generated biography text
  • Chapter titles and chapter text
  • Section headings (e.g. "Childhood", "Career") and their order
  • Notes and written logs you enter manually, including optional dates
  • Image descriptors associated with chapters

Long-form text content is compressed before storage. It is not encrypted at rest beyond the protections provided by the hosting infrastructure.

Photos and Images

If you upload photos for your biography or book cover, we store:

  • Image files in a private cloud storage bucket (Supabase Storage, hosted on AWS)
  • Storage URLs linking the image to your account

Images are stored in a private bucket and are not publicly accessible.

Payment and Order Information

When you make a purchase or send a gift, we collect and store:

  • Plan name and payment status
  • Stripe session ID and payment intent reference
  • Gift code (if applicable)
  • Recipient name and email address (for gift orders)
  • Sender name and gift message (for gift orders)
  • Subscription duration (for subscription gift types)

Full payment card details are never stored by BioScribe. All card processing is handled by Stripe.

Book Order Customisation

When you order a printed book, we store:

  • Biography title and full biography text (compressed)
  • Book design preferences: cover colour, title font, body font, and book style
  • Reference to the biography and your account

Email and Marketing List

If you join our waitlist or subscribe to marketing communications, we collect:

  • Email address
  • The source from which you signed up (e.g. landing page)
  • Subscription preference (opted in or opted out)

Usage and Analytics Data

We collect internal usage events to understand how the service is used and to diagnose issues. This may include:

  • Event types (e.g. biography generation started, interview completed)
  • Event properties and timestamps
  • Anonymous or pseudonymous identifiers linked to your account
  • Internal system error logs referencing your user ID (for debugging purposes only)

This data is used internally only and is not shared with third parties for advertising purposes.

Automatically Collected Technical Information

When you use BioScribe, we may automatically collect limited technical information, including:

  • Device and browser type
  • Operating system
  • IP address
  • Cookies and similar technologies

This information helps us operate, secure, and improve the service.

3. How We Use Your Information

We collect and use personal information only for purposes reasonably necessary to operate BioScribe, including to:

  • Provide and manage your BioScribe account
  • Generate transcripts and written life-story content using AI services
  • Prepare book layouts and print-ready files
  • Process payments and prevent fraud
  • Communicate with you about your account, orders, or support requests
  • Diagnose errors and improve the service
  • Send marketing communications where you have opted in
  • Meet legal and regulatory obligations

We do not sell your personal information.

4. Disclosure of Personal Information

We may disclose personal information to trusted third parties where reasonably necessary to provide our services.

Service Providers

We share information with the following service providers to operate BioScribe:

  • Supabase — database hosting, user authentication, and file storage. Data is stored in cloud infrastructure operated by Amazon Web Services (AWS).
  • Stripe — payment processing. Stripe handles card details directly; BioScribe only receives non-sensitive references (customer ID, session ID).
  • OpenAI — AI-assisted biography generation. Your interview transcripts and notes are sent to OpenAI to generate written content.
  • ElevenLabs — voice interview processing. Your voice audio is processed by ElevenLabs in real time to generate transcripts.
  • Resend — transactional email delivery (account notifications, order confirmations).
  • Third-party printing partners — your biography text and personalisation choices are shared with printers to produce and ship your physical book.

These providers handle personal information in accordance with their own privacy policies and applicable laws.

Legal Requirements

We may disclose personal information where required or authorised by law, including to comply with legal obligations or respond to lawful requests by authorities.

5. Overseas Disclosure and Your Consent (APP 8)

Important notice — please read carefully

All of our core service providers — including Supabase (database and storage), OpenAI (AI content generation), ElevenLabs (voice processing), Stripe (payments), and Resend (email) — are based in the United States and operate under US law.

Under the Privacy Act 1988 (Cth), specifically Australian Privacy Principle 8 (APP 8), when personal information is disclosed to an overseas recipient, that recipient may not be subject to the same privacy protections as required under Australian law.

By using BioScribe, you expressly consent, for the purposes of APP 8.2(b), to the disclosure of your personal information to these overseas providers. This means:

  • The Australian Privacy Principles may not apply to how these overseas recipients handle your personal information.
  • If an overseas recipient mishandles your personal information, you may not be able to seek redress against that provider under the Privacy Act 1988 (Cth).
  • BioScribe remains your primary point of contact for privacy complaints, but our ability to enforce obligations against overseas providers is limited to contractual remedies.

We take reasonable steps to engage only reputable providers, to review their privacy and security practices, and to enter into data processing agreements where possible. However, we cannot guarantee that all overseas recipients will comply with Australian privacy standards in every circumstance.

If you do not consent to overseas disclosure of your personal information on these terms, you should not use BioScribe.

6. Data Security

We take reasonable steps consistent with APP 11 to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures include:

  • Row-level security (RLS) policies enforced at the database level, ensuring each user can only access their own data
  • Encryption of data in transit (TLS)
  • Private (non-public) storage buckets for uploaded images with per-user access controls
  • Compression of large content before storage
  • Restricted API access using service-role keys in server-side routes only
  • Industry-standard authentication via Supabase Auth (email/password, magic link)

Our database and file storage infrastructure is hosted by Supabase (on AWS). The security of that infrastructure, including physical security and encryption at rest, is managed by Supabase and AWS under their respective security programmes.

No system is completely secure. We cannot guarantee absolute security of information stored or transmitted via our service or its underlying infrastructure.

7. Notifiable Data Breaches

BioScribe is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we become aware of a data breach that is likely to result in serious harm to any individual, we will:

  • Assess the breach as quickly as possible
  • Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable
  • Provide guidance on steps you can take to reduce any risk of harm

Where a data breach originates from an overseas provider (such as Supabase, OpenAI, or ElevenLabs), our notification obligations are triggered once we become aware of the breach, regardless of its source.

8. Data Retention

We retain personal information only for as long as necessary to provide the service and fulfil the purposes outlined in this policy.

You may request deletion of your account and associated personal information. Some information may be retained where required by law or for legitimate business purposes (such as financial records, which we retain for 7 years in accordance with Australian tax law requirements).

9. Your Rights Under Australian Law

Under the Privacy Act 1988 (Cth) and the APPs, you have the right to:

  • Request access to personal information we hold about you (APP 12)
  • Request correction of inaccurate, out-of-date, or incomplete information (APP 13)
  • Request deletion of your account and associated data
  • Make a complaint about how we handle your personal information

Requests can be made by contacting us using the details below. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

10. Children's Privacy

BioScribe is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us and we will take appropriate steps to remove it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes indicates acceptance of the updated policy.

12. Contact Us

If you have questions, requests, or complaints regarding this Privacy Policy or how we handle personal information, please contact us:

Email: privacy@bioscribe.com