Privacy Policy
Last updated: June 18, 2026
1. Introduction
This Privacy Policy is intended to inform users of the Hekko service (hereinafter "the Service") about the methods of collection, use, and protection of their personal data, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).
Hekko is committed to protecting the privacy of its users and to processing their personal data in a transparent, fair, and secure manner.
2. Data controller
The data controller is Hekko, operated by Elian Tornikoski, sole proprietor (entrepreneur individuel), registered under SIRET number 106 175 532 00014.
Contact: contact@hekko.ai
3. Data collected
In the context of using the Service, the following data may be collected:
3.1 Identification data
- Email address
- Password (stored in encrypted form)
3.2 Content data
- Audio content provided by the user when using the Service
- Automatically generated text transcriptions
- Notes and enhanced content generated by artificial intelligence
- Folder organization and associated metadata
- Documents you import (PDF, slides, etc.) and their text content
3.3 Technical data
- IP address
- Browser type and version
- Operating system
- Connection and usage data
- Technical cookies necessary for operation
4. Processing of recordings and documents
Audio recordings and the documents you import are used exclusively to generate your course content.
Important: audio files are not retained and are automatically deleted after transcription. Likewise, the files of the documents you import are deleted once your course content has been generated. Only the generated content and the text needed to generate it are kept in your account.
5. Purposes of processing
The collected data is used solely for:
- Providing transcription and note-taking services
- Managing your user account and subscriptions
- Improving the quality and performance of the Service
- Ensuring the security and proper functioning of the platform
- Communicating with you regarding your account or the Service
- Complying with our legal obligations
No data is sold or transferred to third parties for commercial purposes.
6. Legal basis for processing
The processing of your personal data is based on:
- Performance of a contract : for the provision of the Service to which you have subscribed
- Consent : for marketing communications (if applicable)
- Legitimate interest : for improving the Service and security
- Legal obligations : for the retention of certain data
7. Data recipients
Your personal data may be transmitted to the following categories of recipients:
- Our technical subcontractors : hosting, payment processing, AI services (in compliance with the GDPR)
- Competent authorities : in case of legal obligation
We ensure that our subcontractors provide sufficient guarantees regarding data protection. Your data is not used to train artificial intelligence models.
8. Data transfers outside the EU
Some of our subcontractors may be located outside the European Union. In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses, adequacy decisions, etc.) in accordance with the GDPR.
9. Data retention period
Data is retained for the following periods:
| Data type | Retention period |
|---|---|
| Audio recordings | Not retained (immediately deleted after processing) |
| Imported documents (original files) | Deleted after the course content is generated |
| Transcriptions and notes | As long as the account is active; permanently deleted within 30 days after a course or the account is deleted |
| Account data | Permanently deleted within 30 days after the account is deleted |
| Billing data | 10 years (legal obligation) |
| Connection logs | 12 months |
10. Data security
Appropriate technical and organizational measures are in place to ensure the confidentiality, integrity, and security of data:
- Encryption of data in transit (HTTPS/TLS)
- Password encryption
- Hosting on secure servers
- Restricted access to personal data
- Regular backups
- Monitoring and intrusion detection
11. Your rights
In accordance with the GDPR, you have the following rights:
Right of access
You can obtain confirmation that data concerning you is being processed and receive a copy.
Right to rectification
You can request the correction of inaccurate or incomplete data.
Right to erasure
You can request the deletion of your personal data, subject to our legal retention obligations.
Right to restriction of processing
You can request the restriction of the processing of your data in certain cases.
Right to data portability
You can receive your data in a structured and commonly used format.
Right to object
You can object to the processing of your data on legitimate grounds.
Exercising your rights
To exercise your rights, you can:
- Use the features of your personal space (export, deletion)
- Contact us at: contact@hekko.ai
We will respond to your request within one month. This period may be extended by two months in case of a complex request.
12. Cookies
Hekko uses cookies strictly necessary for the operation of the Service:
- Authentication cookies : to maintain your logged-in session
- Preference cookies : to remember your settings (language, etc.)
These cookies are essential and do not require your consent. We do not use advertising or tracking cookies.
13. Minors
The Service is not intended for persons under 16 years of age. We do not knowingly collect personal data from minors under 16.
14. Policy modifications
Hekko reserves the right to modify this Privacy Policy at any time. In the event of a substantial modification, we will inform you by email or through the Service.
15. Contact and complaints
For any questions regarding this Privacy Policy or to exercise your rights, you can contact us:
- By email: contact@hekko.ai
If you believe that your rights are not being respected, you can file a complaint with the CNIL (French National Commission on Informatics and Liberty):
- Website: www.cnil.fr
- Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Hekko
Automatic lecture transcription and note-taking service