Skip to main content
Skip to main content
blyven
blyven

Compliance & Data Protection

How blyven protects your data and meets European regulatory standards.

GDPR Compliance

blyven is fully compliant with the General Data Protection Regulation (GDPR). We process personal data lawfully, transparently, and only for the purposes you expect.

Key GDPR articles we implement

  • Art. 5 — PrinciplesWe follow data minimization, purpose limitation, and accuracy principles. We only collect what's necessary.
  • Art. 6 — Lawful basisWe process data based on your consent and legitimate contract performance. You always know why we process your data.
  • Art. 15–22 — Your rightsAccess, rectification, erasure, portability, and objection — all available to you at any time through your account settings.
  • Art. 25 — Privacy by designPrivacy is built into our architecture from the ground up, not added as an afterthought.
  • Art. 32 — Security of processingEncryption at rest and in transit, access controls, and regular security reviews protect your data.
  • Art. 33/34 — Breach notificationIn the unlikely event of a data breach, we will notify the relevant authorities within 72 hours and affected users without undue delay.

EU AI Act

blyven's use of AI (transcription via OpenAI Whisper) falls under the EU AI Act framework. Here's how we comply:

  • Minimal risk classificationOur AI transcription is classified as minimal risk. It is optional, user-initiated, and does not involve profiling or automated decision-making.

  • Full transparencyWe clearly label AI-generated content. You always know when transcription was created by AI, and you can delete it at any time.

Data Residency

All data is processed and stored exclusively within the European Union. We never transfer your data outside the EU.

Germany

Primary location for recordings, user data, and databases.

Ireland

Backup and redundancy for disaster recovery.

Third-party Processors

We work with trusted sub-processors, all covered by Data Processing Agreements (DPAs) and GDPR-compliant.

Amazon Web Services (AWS)

Cloud infrastructure and data storage. EU regions only.

Clerk

Authentication and user management. Processes email addresses and login credentials.

Stripe

Payment processing. Handles billing information and subscriptions. PCI DSS Level 1 compliant.

OpenAI (Whisper)

Optional AI transcription. Audio is processed and immediately deleted — never used for training.

Your Rights

Under GDPR, you have comprehensive rights over your personal data. We make it easy to exercise them.

  • Right to erasureDelete your account and all associated data permanently. We process deletion requests immediately.
  • Data portabilityExport all your recordings and data at any time. Available as a ZIP download from your account settings.
  • Right of accessRequest a complete copy of all personal data we hold about you. We respond within 30 days.
  • 360-day recovery windowChanged your mind after deleting? We keep your data recoverable for 360 days before permanent deletion. After that, it's gone for good.

For the full details on how we handle your data, see our Privacy Policy.

Read our Privacy Policy