Deskribe Privacy Policy

At Deskribe ("we", "us", "our"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we look after your personal data when you visit our website or otherwise work or communicate with us and tells you about your privacy rights and how the law protects you.

1. Important information and who we are

1.1 Purpose of this privacy policy

This privacy policy aims to give you information on how Deskribe collects and processes your personal data through your use of our website, our services, or otherwise when you communicate or interact with us in the course of business.

1.2 Controller / Processor roles

If you are a registered customer of Deskribe, we act as the data controller of personal data about you and your account. We act as a data processor of personal data included in the information you submit to, connect to, or generate through the Deskribe product and services (for example, information from your calendar, emails, and connected accounts). Where we act as processor, the relevant customer (or their organisation) is the controller and you should contact that controller to exercise your rights with respect to such data.

1.3 Contact details

Controller: Antoine Développement inc. Belgique
Registered address: Rue du parc 2, 4432, Alleur
Email: support@deskribe.ai

You have the right to lodge a complaint at any time with your supervisory authority. In Belgium, this is the Gegevensbeschermingsautoriteit / Autorité de protection des données (GBA/APD) (https://www.dataprotectionauthority.be/). We would, however, appreciate the chance to deal with your concerns first, so please contact us.

1.4 Changes to this policy and your duty to inform us

Last updated: 11 November 2025. If you use our website or services after changes to this policy are posted, you agree to those changes. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. The data we collect about you

We may create aggregated, de-identified or anonymised data from the personal data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use and disclose such data for our lawful business purposes, including to analyse, build and improve the services and promote our business, provided it will not identify you.

We may collect, use, store and transfer different kinds of personal data about you:

Contact Data – name, role, email address, phone number.
Financial Data – billing information, bank card details.
Correspondence Data – email correspondence, notes of conversations (where these express an opinion).
Usage Data – information about how you use our website or services.
Technical Data – IP address, login data, browser type and version, time zone setting and approximate location, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access our website or services.

3. How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions – via our products and services, our website, email, phone, meetings or other communications.
Automated technologies or interactions – as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns via cookies and similar technologies. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies.
Third parties or publicly available sources – we may receive Technical Data from analytics providers (e.g., Google Analytics, HubSpot) which may process data outside the EEA.

4. How we use your personal data (legal bases)

We will only use your personal data when the law allows us to. Under the EU GDPR/Belgian law, our legal bases include:

Contract – to perform our contract with you or take steps at your request before entering into a contract (e.g., provide the services, manage billing).
Legitimate interests – where necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., manage our relationship, improve the service, respond to enquiries, prevent abuse).
Legal obligation – where we must comply with a legal or regulatory obligation (e.g., tax and accounting).
Consent – where you have given consent (e.g., certain marketing, cookies where required, optional features). You may withdraw consent at any time.

Please contact us if you need details about the specific legal ground we rely on for a particular processing activity.

5. Data shared with third‑party AI models

5.1 Data shared with AI models

To provide categorisation, prioritisation, drafting and meeting transcription features, our service employs machine learning via third‑party AI providers. We require those providers to use your information only to provide our Service. We do not allow those providers to train their models on your data.

The following data types may be shared with AI models, as necessary for the Service:

Email content and metadata – subject lines, body text, sender/recipient information.
Calendar data – event titles, dates and times.
Audio recording data – participants, dates, times and the content of audio recordings generated by Users which may contain personal data (including third‑party personal data). You must ensure you have obtained all required notices/permissions/consents before recording or sharing such data.

This data is processed solely to deliver the features described and for no other purpose.

5.2 Consent for AI processing

Where required, we seek explicit user consent for AI processing (e.g., on initial setup or when this policy materially changes). You can manage these settings in‑app or by contacting us.

5.3 Third‑party data retention

We maintain zero data retention commitments with our AI provider(s), meaning they do not retain customer API data beyond processing the request.

6. Disclosures of your personal data

We may share your personal data with:

Service providers (processors) – including account management, IT support/backup, hosting, data storage, email management, system administration and language model services. Some may be located outside the EEA.
Analytics / advertising providers – to analyse usage and improve our services, as disclosed in our Cookie Policy.
Corporate transactions – third parties in connection with a sale, merger or acquisition. The new owner may use your personal data as set out in this policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International transfers

If we transfer your personal data outside the EEA (or from the EEA to the UK or other third countries), we will ensure a similar degree of protection by using appropriate safeguards, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
where applicable, transfers to organisations participating in a valid adequacy mechanism (e.g., the EU–US Data Privacy Framework) for the specific transfer.

Please contact us if you want further information on the specific mechanism used for a given transfer.

8. Data security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Access to personal data is limited to personnel and providers who have a business need to know and are subject to confidentiality obligations. We maintain procedures to detect, investigate and respond to personal data breaches and will notify you and the competent supervisory authority where legally required.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including satisfying legal, accounting or reporting requirements. To determine retention, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes of processing and whether those purposes can be achieved by other means, and applicable legal requirements.

Where feasible, we may anonymise personal data so it can no longer be associated with you; we may use such information indefinitely without further notice.

10. Your legal rights (EU/Belgium)

Under the GDPR, you have rights in relation to your personal data, subject to conditions:

Access – request a copy of your personal data.
Rectification – request correction of inaccurate or incomplete data.
Erasure – request deletion of your personal data.
Restriction – request restriction of processing.
Portability – request transfer of your data to you or a third party.
Object – object to processing based on legitimate interests and to direct marketing.
Withdraw consent – where processing is based on consent, withdraw it at any time (this will not affect prior processing).

You will not have to pay a fee to exercise your rights. We may request information necessary to confirm your identity and to respond. We aim to respond within one month (extendable by two months where requests are complex or numerous). You also have the right to lodge a complaint with the GBA/APD.

11. Marketing communications

We may send you service updates and, where permitted, marketing communications. You can opt out at any time by using the unsubscribe link in emails or contacting us. We do not sell your personal data.

12. Children

Our services are not intended for children and we do not knowingly collect data relating to individuals under 16. If you believe a child has provided us personal data, please contact us to request deletion.

13. Contact

Questions, requests or complaints regarding this policy or our privacy practices can be sent to support@deskribe.ai or by post to Rue du parc 2, 4432, Alleur, Belgium.