Back to home

Privacy Policy

Last updated: January 21, 2025

1. Introduction

This Privacy Policy is intended to inform users of the Hekko service (hereinafter "the Service") about the methods of collection, use, and protection of their personal data, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).

Hekko is committed to protecting the privacy of its users and to processing their personal data in a transparent, fair, and secure manner.

2. Data controller

The data controller for personal data is Hekko.

Contact: contact@hekko.ai

3. Data collected

In the context of using the Service, the following data may be collected:

3.1 Identification data

  • Email address
  • Password (stored in encrypted form)

3.2 Content data

  • Audio content provided by the user when using the Service
  • Automatically generated text transcriptions
  • Notes and enhanced content generated by artificial intelligence
  • Folder organization and associated metadata

3.3 Technical data

  • IP address
  • Browser type and version
  • Operating system
  • Connection and usage data
  • Technical cookies necessary for operation

4. Processing of audio recordings

Audio recordings are used exclusively for the purpose of generating a transcription and associated notes.

Important: Audio files are not retained and are automatically deleted after transcription processing. Only the text transcriptions and generated notes are kept in your account.

5. Purposes of processing

The collected data is used solely for:

  • Providing transcription and note-taking services
  • Managing your user account and subscriptions
  • Improving the quality and performance of the Service
  • Ensuring the security and proper functioning of the platform
  • Communicating with you regarding your account or the Service
  • Complying with our legal obligations

No data is sold or transferred to third parties for commercial purposes.

6. Legal basis for processing

The processing of your personal data is based on:

  • Performance of a contract : for the provision of the Service to which you have subscribed
  • Consent : for marketing communications (if applicable)
  • Legitimate interest : for improving the Service and security
  • Legal obligations : for the retention of certain data

7. Data recipients

Your personal data may be transmitted to the following categories of recipients:

  • Our technical subcontractors : hosting, payment processing, AI services (in compliance with the GDPR)
  • Competent authorities : in case of legal obligation

We ensure that our subcontractors provide sufficient guarantees regarding data protection.

8. Data transfers outside the EU

Some of our subcontractors may be located outside the European Union. In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses, adequacy decisions, etc.) in accordance with the GDPR.

9. Data retention period

Data is retained for the following periods:

Data typeRetention period
Audio recordingsNot retained (immediately deleted after processing)
Transcriptions and notesAs long as the account is active or until deleted by the user
Account dataAccount lifetime + 3 years after deletion
Billing data10 years (legal obligation)
Connection logs12 months

10. Data security

Appropriate technical and organizational measures are in place to ensure the confidentiality, integrity, and security of data:

  • Encryption of data in transit (HTTPS/TLS)
  • Password encryption
  • Hosting on secure servers
  • Restricted access to personal data
  • Regular backups
  • Monitoring and intrusion detection

11. Your rights

In accordance with the GDPR, you have the following rights:

Right of access

You can obtain confirmation that data concerning you is being processed and receive a copy.

Right to rectification

You can request the correction of inaccurate or incomplete data.

Right to erasure

You can request the deletion of your personal data, subject to our legal retention obligations.

Right to restriction of processing

You can request the restriction of the processing of your data in certain cases.

Right to data portability

You can receive your data in a structured and commonly used format.

Right to object

You can object to the processing of your data on legitimate grounds.

Exercising your rights

To exercise your rights, you can:

  • Use the features of your personal space (export, deletion)
  • Contact us at: contact@hekko.ai

We will respond to your request within one month. This period may be extended by two months in case of a complex request.

12. Cookies

Hekko uses cookies strictly necessary for the operation of the Service:

  • Authentication cookies : to maintain your logged-in session
  • Preference cookies : to remember your settings (language, etc.)

These cookies are essential and do not require your consent. We do not use advertising or tracking cookies.

13. Minors

The Service is not intended for persons under 16 years of age. We do not knowingly collect personal data from minors under 16.

14. Policy modifications

Hekko reserves the right to modify this Privacy Policy at any time. In the event of a substantial modification, we will inform you by email or through the Service.

15. Contact and complaints

For any questions regarding this Privacy Policy or to exercise your rights, you can contact us:

If you believe that your rights are not being respected, you can file a complaint with the CNIL (French National Commission on Informatics and Liberty):

  • Website: www.cnil.fr
  • Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

Hekko
Automatic lecture transcription and note-taking service