Privacy Policy for Stenoly

Welcome to Stenoly! (hereinafter «Stenoly», «we» or «us»). Stenoly uses advanced artificial intelligence (AI) to transcribe speech, enabling doctors and other professional groups to quickly record essential information and save time in their daily work.

We are dedicated to protecting your privacy and processing personal data in a secure and lawful manner. This privacy policy explains how we collect, use, and protect your personal data when you use our services.

The responsibility for processing personal data when using Stenoly.no is regulated by the General Data Protection Regulation (GDPR) and the Personal Data Act. Stenoly AS is the data controller for personal data processed through our services.

Stenoly is not the data controller or data processor for any patient health information that is processed in connection with the medical professional's use of Stenoly.no. This responsibility rests with the individual doctor or professional.

We collect the following types of personal data:

• Customer information: Including name, email address, phone number.
• Audio data: Audio data collected via your microphone or computer.
• Technical information: IP address, device type, browser, operating system.
• Communication data: Email correspondence, support inquiries.

We process personal data for the following purposes:

• Provide and improve our services: To deliver and improve Stenoly.
• Customer service: To respond to inquiries and provide support.
• Security: To detect and prevent security threats.
• Legal obligations: To comply with applicable laws and regulations.

The processing of personal data is based on the following grounds:

• Contract: Processing is necessary to fulfill a contract with you, cf. GDPR Article 6 (1) (b).
• Legitimate interest: To improve our services and ensure security, cf. GDPR Article 6 (1) (f).
• Consent: For specific purposes where we request your consent, cf. GDPR Article 6 (1) (a) and Article 9 (2) (a).
• Legal obligation: To comply with legal requirements, cf. GDPR Article 6 (1) (c).

We do not share your personal data with third parties, unless:

• To fulfill a contract: When necessary to deliver our services.
• With your consent: When you have given us permission.
• Legal requirements: When we are required to share information in accordance with law.

We use the following subprocessors:

• Signicat – secure authentication with BankID and Buypass
• Intercom - for communication with users
• Amplitude – analysis of service usage
• Google Analytics – tracking and reporting of traffic
• Google Workspace – email services
• Google Tag Manager – management of tracking codes
• Microsoft Azure – platform for audio transcription and AI
• Amazon S3 – data storage
• Fiken – accounting and invoicing
• Sentry – debugging and error reporting

We store personal data for as long as necessary for the purposes for which they were collected, or to comply with legal obligations. When the data is no longer necessary, it will be deleted or anonymized.

You have the right to:

• Access: To obtain access to your personal data.
• Rectification: To request correction of inaccurate data.
• Erasure: To request deletion of your data.
• Restriction: To request restriction of processing.
• Data portability: To receive your data in a structured format.
• Object: To object to processing when based on GDPR Article 6 (1)(f).
• Consent: You can withdraw consent to processing of personal data that you have given to us.

To exercise your rights, contact us at erling@stenoly.no.

We have implemented necessary security measures to ensure that your personal data is processed in a secure manner that safeguards the confidentiality, integrity, and availability of the data. The security measures shall also protect the data against unauthorized or unlawful processing, and reduce the risk of loss, accidental alteration, unauthorized disclosure or access.

We may update this privacy policy at any time to reflect changes in our privacy practices. We encourage you to regularly review the policy to stay informed about how we collect, use, and protect your information. Significant changes will be communicated via our services or directly to you.

Stenoly is committed to protecting the privacy of our users and has therefore appointed a data protection officer. The data protection officer is responsible for ensuring that all processing of personal data occurs in accordance with applicable privacy legislation, including GDPR.