UniFlow Trans
Last updated · April 17, 2026

Privacy Policy

UniFlow Trans is built around a simple idea: your audio shouldn't have to leave your computer for us to help you transcribe and translate it. This policy explains, in plain English, what data we touch, where it goes, and what control you have over it.

1. Who we are

UniFlow Trans is operated by Shanghai Logic Origin Intelligent Technology Co., Ltd (上海逻辑原点智能科技有限公司; brand: Logic Origin / 逻辑原点), registered at 1013 Quxi Road, Huangpu District, Shanghai, China (“we”, “us”). This policy covers the UniFlow Trans desktop application, the uniflowtrans.com website, and the web dashboard.

For any privacy question, write to legal@uniflowtrans.com. We answer every message.

2. What we collect

You give us directly

  • Email address and password (for authentication)
  • Display name, if you set one
  • Payment card details — handled by our payment processor; we never see or store your full card number

We collect automatically

  • Minutes of transcription used (for metering)
  • Minutes of translation used (free, but counted for capacity planning)
  • Session count and approximate timestamps
  • IP address at sign-in (for fraud prevention)
  • App version and macOS version (for bug triage)

What we do NOT collect

  • Your audio recordings — they stay on your Mac
  • The text of your transcripts — only counts, not content
  • The content of your AI chat questions or answers
  • The list of apps you recorded from, or what Zoom meeting you were in

3. How we use your information

We use the minimal data we collect only to run the service:

  • Authenticate you when you sign in
  • Meter your usage against the credits you've purchased
  • Send transactional emails (purchase receipts, password resets, security alerts)
  • Investigate bugs when you report them
  • Detect abuse (e.g., stolen credit card chargebacks)

We do not use your data to train any AI model. We do not sell or rent your data. We do not send marketing emails unless you explicitly opt in.

4. Your audio stays on your Mac

This is the most important thing to understand: the audio you record never leaves your computer in the direction of our servers.

Where the audio lives

Recordings are saved locally in ~/Library/Application Support/transcription-app/transcriptions/ as .webm files alongside the transcript JSON. They remain there until you delete them (or delete the app, which leaves the files behind for your control).

What goes over the network

For real-time transcription, audio streams directly from your Mac to Deepgram's servers via a short-lived (10-minute) token we sign for you. Deepgram transcribes the audio and sends text back. Your audio is not proxied through our servers. Deepgram's retention policy for streaming audio applies; see their privacy notice.

What stays entirely local

  • The .webm audio file saved after recording
  • Replay in the app — streams from the local file
  • AI chat about a recording — the transcript text (not audio) is sent to Gemini/OpenAI; the audio is never uploaded

5. Third-party services

UniFlow Trans relies on a small set of sub-processors to operate. Each processes only the minimum data we send them:

Deepgram (speech-to-text)

Receives your audio stream during live transcription. Governed by Deepgram's privacy policy. We send them audio and receive text back; your account identity is not forwarded.

Google Cloud Translation (translation)

Receives the transcript text (not audio) for translation. Proxied through our `translate` Edge Function, which strips personal identifiers before forwarding.

Google Gemini (fallback translation + AI chat)

Receives transcript text as fallback when Google Translate fails, and receives your AI chat prompts. Proxied through `translate` and `ai-chat` Edge Functions respectively.

OpenAI (optional AI chat)

Receives AI chat prompts when you select a GPT model. Proxied through our `ai-chat` Edge Function. OpenAI's zero-retention policy for API requests applies.

Creem (payments)

Handles all payment processing. Sees your card details, billing address, and purchase amount. We receive only a confirmation webhook and a payment method reference.

Supabase (authentication + metadata storage)

Stores your email, password hash, credit balance, usage counters, and order history. Hosted in the EU. Row-level security prevents any user from reading another user's data.

Email delivery

Supabase Auth uses an external mail provider to send transactional emails (verification, password reset). No marketing content is sent.

6. Cookies & local storage

On uniflowtrans.com we set a session cookie for login and a preference cookie for your chosen language (en / zh). We do not use advertising cookies or third-party analytics trackers.

The desktop app uses macOS's electron-store to remember local preferences (language, audio device choice, window size). These never leave your machine.

7. Data retention

  • Account profile: kept while your account is active; deleted within 30 days of account deletion
  • Credits & order history: kept for 7 years for tax/accounting obligations
  • Usage log (minute counts): kept for 24 months
  • Sign-in IP logs: kept for 90 days
  • Admin audit log: kept for 24 months
  • Audio recordings: not applicable — we never hold them

8. Your rights

Depending on where you live, you may have legal rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Export your data in a portable format
  • Object to processing or withdraw consent
  • Lodge a complaint with your local data-protection authority

To exercise any of these, visit /data-controls or email legal@uniflowtrans.com. We respond within 30 days.

9. How we protect your data

  • TLS 1.2+ for all traffic between your device and our servers
  • Bcrypt password hashing via Supabase Auth
  • AES-256-GCM encryption for third-party API keys stored in our database
  • Row-level security: each user can only read their own records
  • Admin actions logged to an immutable audit trail
  • Principle of least privilege for team access to production

10. International transfers

Our primary Supabase instance is hosted in the EU (Frankfurt). When you use the app from outside the EU, your metadata crosses borders. We rely on standard contractual clauses and, where applicable, the EU–US Data Privacy Framework.

Deepgram, Google, OpenAI, and Creem operate globally; see their respective privacy notices for their sub-processors and regions.

11. Children

UniFlow Trans is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, email legal@uniflowtrans.com and we'll delete the account.

12. Changes to this policy

We may update this policy as the product evolves. If the change is material (e.g., a new sub-processor, new data collection, change in retention), we will notify you by email at least 14 days before it takes effect. The “Last updated” date at the top of this page always reflects the most recent revision.

13. Contact us

Privacy-specific questions or requests: legal@uniflowtrans.com. For general support: support@uniflowtrans.com. For a formal data-protection inquiry, include “Data Protection Request” in the subject.