Privacy Policy
Date of Last Revision: 8th August 2025
This Privacy Policy describes how Ai-Media Technologies Ltd (together with its subsidiaries and affiliated companies “AI-Media,” “we”, “our” or “us”) collects, stores, uses and discloses the following types of personal data:
Customer Data: data that we collect, process and manage on our customers’ behalf, as part of Ai-Media’s automatic captioning and translation solutions (“LEXI Toolkit“) and in accordance with use of our real-time solution platforms (“Platforms“) which relate to identifiable individuals (“personal data” and “data subjects,” respectively) who: (a) are registered by our customer’s account administrator as end-users of the Platforms; schedule sessions, meetings or other forums for transcription, captioning, synthetic voice translation and use of the LEXI Toolkit (“Sessions”); upload or stream audio or video files (“User Content”) they wish to have transcribed, translated or voice translated, as well as related preparation materials; or otherwise interact with our Platforms for such purposes; (b) are invited by or on behalf of a customer and/or via email to input User Content or access LEXI output via our Platform (“Authorized Users”); or (c) are mentioned or appear in User Content and transcripts in a way that enables their identification, or whose name, address, encrypted voice print, and other such identifying details may be needed to ensure their correct and consistent transcription, speaker recognition, translation and synthetic voice translation.
AI-Media User Data: contact, contractual and billing details concerning our customers’ internal Authorized Users who directly engage with Ai-Media concerning their organizational account, and users of the Platforms on behalf of such customers, e.g., the account administrators and users, billing contacts and authorized signatories on behalf of the customer; as well as the customer’s business needs and preferences, as identified to us or recognized through our engagement with them (“Users” and “User Data” respectively).
AI-Media Website, CRM & Potentials: data relating to our customers, freelancers, partners, visitors to our website (ai-media.tv), participants at our events, prospective customers, and others who otherwise interact with our website, online ads and promotions, content, emails, integrations or communications under our control (“Sites” and collectively with our Platforms, the “Services“).
AI-Media Data: personal data pertaining to our current, former, and prospective clients and business partners, individuals in the context of shareholder communications and meetings, associated corporate actions and regulatory matters, contractors or agents, job applicants and other individuals that otherwise communicate or interact with us.
Biometric Information: a subset of “sensitive personal data” consisting of a person’s physiological, biological, or behavioral characteristics that allow or confirm unique identification. Under Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifiers or Biometric Information Act (Texas CUBI), and Washington’s Biometric Privacy Act (BPA), this includes “voiceprints” or “voiceprint templates” derived from voice recordings.
Voice Recordings: raw audio files provided, or to which you provide consent for the provision and use, with any voice-driven features of the Services.
Voiceprint Template / Voice Embedding: a digital representation (“template”) of your unique vocal characteristics (e.g., fundamental frequency, spectral features, embeddings) derived from voice recordings. These are considered Biometric Information under applicable statutes and legislation.
You are not legally required to provide us with any category of personal data and may do so (or avoid doing so) at your own free will. If you do not wish to provide us with your personal data, or to have it processed by us or any of our Service Providers (defined below), please avoid any interaction with us including visiting our Sites or using our Services. If you are a user of the Services on behalf of any of our customers, we suggest that you contact your account administrator with any questions.
1. Important Information
We may update this Privacy Policy from time to time by posting a new version at our website www.ai-media.tv . If we make material changes to this Privacy Policy, we will endeavour to provide notice of such changes, such as by posting notice on our Website or emailing registered users. You should check these pages periodically to review any changes.
If you have any questions about this Privacy Policy or our treatment of the personal information you provide us, please write to us by email at . To report a cyber security incident or if you have any concerns regarding cyber security and Ai-Media, please write to us by email at .
2. Information we Collect
Customer Data: Our Services provide our customers with a real-time transcription, translation, synthetic voice translation and captioning solutions, based on the combination of machine learning technologies and human reviewers’ expertise. This may involve the processing of personal data on behalf of our customers and in accordance with our data processing addendum and other commercial agreements with them. To the extent applicable by law, our customer will be deemed the ‘data controller’ (e.g., under the EU GDPR, UK GDPR, and similar laws) or ‘business’ (under the CCPA or similar laws) of Customer Data; and Ai-Media will be deemed the ‘data processor’ or ‘service provider’ when processing such data on a customer’s behalf and in accordance with our agreements with them. Where it is receiving Services, each customer is solely responsible for determining whether and how they wish to use the Services for processing their Customer Data and User Content, and for establishing an appropriate legal basis for such processing activities.
AI Media User Data. User Data we collect and generate includes some or all of the following types of personal data:
- User account information, including email address and, when applicable, hashed password;
- Profile and contact information, such as name, workplace, position, email and phone number, and additional information submitted by a customer or User;
- Platform usage information, such as connectivity, technical and aggregated usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, locale and language settings used), activity logs, session recordings, and the cookies installed or utilized on their device; and
- Direct interactions and communications with us, including recordings and transcripts of your calls and emails with us, e.g., for user enablement, support and training purposes.
While AI-Media may process some User Data on its customers’ behalf, we also use it for our own purposes, as described in Section 3 below. Accordingly, to the extent applicable – our customer will be deemed the ‘data controller’ or ‘business’ with respect to such data which is processed strictly on their behalf; while Ai-Media will also be deemed an independent and separate ‘data controller’ or ‘business’ with respect to such data where it is processed for our own purposes. With respect to those portions or copies of User Data that we process on behalf of our customer – we will also be deemed a ‘data processor’ or ‘service provider’, as further explained in Section 10 below.
AI-Media Website, CRM & Event Data. We collect and generate the following types of personal data concerning our website visitors, customers, freelancers and potential users, contractors, customers and partners:
- Website usage information, such as connectivity, technical and aggregated usage data, such as user agent, IP addresses, device data (like type, OS, device id, browser version, locale and language settings used), activity logs, session recordings, and the cookies and pixels installed or utilized on their device;
- Information concerning our customers and vendors, such as contact and business details, contractual and billing details, our communications with such customers and vendors, as well as any needs, preferences, attributes and insights relevant to our potential engagement; and
- Direct interactions and communications with us, including recordings and transcripts of your calls, emails, form submissions and chats with us, e.g., for customer support, feedback, training purposes, etc.
Cookies and Navigation Information. We may collect information automatically (via cookies, pixels and similar tools) related to your use the Services (some of which pay be considered personal information). For example, we may collect:
- information about your computer, mobile phone or device, such as your IP address, geographical location, browser type, referral source (i.e., the website that led you to our Services), app identifier, advertising ID, and other identifiers, browser type, device type, domain name;
- information about the links you click, pages you view or your other activities within the Services, including the dates and times you access our Services and the duration of your access; and
- we may also use pixels in HTML emails to understand whether individuals read the emails we send to them. Read about how we use cookies on the Cookie Notices that appear on the websites for Ai-Media, Ai-Live, Ai-Media Blog, EEG Cloud.
Generally, we use “cookies” or similar technologies to administer our websites, analyse trends, track users’ movements as you navigate around our websites, retarget ads to people who have visited our website and to gather demographic and general information about our user base.
We also use cookies to help you personalise your online experience. For example, if you personalise pages on our websites, or register for Services, a cookie helps us to recall your specific information on subsequent visits. When you return to the same website, the information you previously provided can be retrieved, so you can easily use the customized features. Our Websites do not currently recognize browser “do not track” settings; however, you can update your preferences for cookies on our Websites via the pop up window that confirms your cookie preferences on your first visit to the Website.
Location Information. We may derive your location data based upon the IP address of the device you use to access the Services. With your permission, we may also collect device geolocation geolocation information if you use our mobile applications
Content and Metadata. We may collect and process audio content and video content, as well as associated metadata.
Other Information. We record customer service calls where a valid purpose is available and consent has been provided, in accordance with governing laws. In addition, we may derive certain insights about you based on the other personal information we have collected about you.
Voice Recordings and Biometric Information. We collect and process Biometric Information -specifically, voice data – in two forms:
Raw Voice Recordings (Identifiable Voice Data)
- Audio captured with User Content when voice-driven feature are included within the Services (e.g. speaker recognition with LEXI Toolkit).
- Stored in an identifiable form (hashed and linked to User Data) for up to 30 days.
- We collect raw voice recordings only after you have provided explicit, written consent. Consent is stored with Customer Data.
De-identified Voiceprint Templates / Voice Embeddings (Biometric Templates)
- After the 30-day window, we strip all direct identifiers from raw recordings creating a “de-identified voiceprint.”
- These templates remain regulated as Biometric Information under BIPA, Texas CUBI, and Illinois BPA until they are permanently deleted.
- Retained for up to three (3) years from your last interaction, or sooner if no longer needed.
Important: At no point do we transmit or store your raw voice recording to any third party unless explicitly required for a Service feature you have consented to (e.g., cloud-based speech recognition). Any third party receiving raw recordings or templates must handle them under the same strict privacy terms described in this Policy.
2.1 Information We Receive from Third Parties
We may receive personal information from our enterprise and institutional clients, regarding their Authorised Users, which generally includes name, contact details, title and role, and relevant professional information. In addition, if you purchase our Services through a reseller or distributor, we may receive information from that reseller or distributor associated with your purchase. We also may enhance or update the personal information we have about you, with information obtained from data brokers, publicly available sources and social media platforms. We may collect device identifier and other information from third-party platforms and mobile applications that you use when accessing our Services.
We may collect raw voice data through various techniques. Raw voice data play in integral role in speech recognition and natural language processing built within the LEXI Toolkit. The machine learning models we employ within the LEXI Toolkit interpret complex patterns in speech to identify different speakers in a conversation. The analysis of raw voice data involves converting spoken language into text, train machine learning models for classification, enhance clarity and identify key attributes like pitch, frequency and tempo.
In addition, we may collect information about how individuals interact with us or comment about us or the Services through social media. If you take advantage of a third-party or affiliate offer through the Services, we may receive certain information from that third party about your interaction with them. Lastly, if you are a job applicant or candidate, we may collect and receive your name, contact information, background and qualifications from recruiters and agencies that assist us in locating candidates. If you are a contract worker we may receive similar information from the companies or agencies who provide us with contract workers.
3. Data Uses
In providing the Services, AI-Media processes Customer Data, User Content and the personal data contained in it, on our customer’s behalf, in accordance with their reasonable instructions and as further stipulated in our data processing addendum and other commercial agreements with such customers. Ai-Media also uses Customer Data for its own purposes of improving its Services, Platforms, LEXI Toolkit and technology.
We use AI-Media User Data, and AI-Media Website, CRM & Potentials Data, as necessary for the performance of our Services (“Performance of Contract”); to comply with our legal and contractual obligations (“Legal Obligations”); and to support our legitimate interests in developing, providing, maintaining and improving our Services, Platforms and LEXI Toolkit e.g., in understanding how our Services are used and how our campaigns (including recruiting campaigns) are performing, and gaining insights which help us dedicate our resources and efforts more efficiently; in marketing, advertising and selling our Services or recruiting freelancers or engaging vendors and suppliers; providing customer service and technical support; and protecting and securing our customers, users, viewers, visitors, partners, vendors, suppliers and ourselves and our Services (“Legitimate Interests”).
Specifically, we use AI-Media User Data and AI-Media Website, CRM & Potentials Data for the following purposes:
- to facilitate, operate, and provide our Services (Performance of Contract, Legitimate Interests);
- to authenticate the identity of Users and to allow them to access and use our Services (Performance of Contract, Legitimate Interests);
- to authenticate the identity of freelancers, vendors and suppliers to allow them to access our Platforms and provide to us services (Performance of Contract, Legitimate Interests);
- to train and provide service-related insights to relevant members of our staff (Legitimate Interests);
- to provide our customers and Users with assistance and support (Performance of Contract);
- to gain a better understanding on how individuals use and interact with our Sites and Services, and how we could improve their and others’ user experience, and continue improving our products, offerings and the overall performance of our Services, Platforms and LEXI Toolkit (Legitimate Interests);
- to facilitate and optimize our marketing campaigns, recruitment, vendors, suppliers, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. Such activities allow us to highlight the benefits of using our Services, and thereby increase your engagement and overall satisfaction with our Services. This includes contextual, behavioural and interests-based advertising based on your activity, preferences or other data available to us (Legitimate Interests, Consent);
- to contact our customers, Users, partners, agents, vendors and suppliers, and our customers’ authorized users (on the customer’s behalf) with general or personalized service-related messages; and our customers, Authorized Users and potential users, staff, vendors and suppliers with promotional messages that may be of specific interest to them (Performance of Contract, Legitimate Interests, Consent);
- to facilitate, sponsor and offer certain events, contests and promotions (Performance of Contract; Legitimate Interests, Legal Obligation);
- to support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity (Performance of Contact, Legitimate Interests, Legal Obligation);
- to create aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our business partners may use to provide and improve our respective services, or for any other purpose (Legitimate Interests);
- to comply with our contractual and legal obligations and requirements, and maintain our compliance with applicable laws, regulations and standards (Performance of Contract; Legitimate Interests; Legal Obligation); and
- to process raw voice recordings to generate de-identified voiceprint templates and/or embeddings. Any use of de-identified biometric templates or User Content for research and development is strictly for the purposes we have disclosed; we do not re-link them to individuals after de-identification (“Compliance with Biometric Laws“).
If you apply for employment with us, we may also collect information about you for the purpose of considering your application including your qualifications and resume as well as reference information from your nominated referees.
If you are an individual contractor to us, we may also collect information relevant to your engagement with us including qualifications, work history, resume, reference information from your nominated referees, bank details, feedback from supervisors and training records.
We do not generally require you to disclose any sensitive information (e.g. details of race, religious belief, sexual orientation or membership of a trade union) to us. If you do provide us with sensitive information for any reason, you consent to us collecting that information and using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the relevant law.
In addition to the types of personal information identified above, we may collect personal information as otherwise required by law.
4. Data Location
We and our authorized Service Providers (defined below) maintain, store and process personal data in the United States of America, Europe, the United Kingdom (UK), Australia, and other locations, as reasonably necessary for the proper performance and delivery of our Services, or as may be required by law; provided that Customer Data and User Content may only be processed in such locations as permitted in our data processing addendum and other commercial agreements with such customer.
While privacy laws may vary between jurisdictions, AI-Media and its affiliates and Service Providers (defined below) are each committed to protecting personal data in accordance with this Policy, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data may be transferred. In particular, Customer Data and User Content processed on behalf of our customers may only be processed in such locations as permitted in our data processing addendum and other commercial agreements.
For data transfers from the European Economic Area or the UK to jurisdictions which are considered by the European Commission and the UK Secretary of State to be offering an ‘Adequate’ level of protection for the personal data of their respective residents, we rely on such “Adequacy” as the lawful basis for these transfers. For similar transfers to jurisdictions which are not considered by these bodies to be offering an ‘Adequate’ level of data protection, we and the relevant data exporters and importers enter into Standard Contractual Clauses as approved by the European Commission and the UK Information Commissioner’s Office (ICO), as applicable.
5. Data Retention and Deletion
In connection with providing the Services, we retain Customer Data and User Content on our customer’s behalf, in accordance with their reasonable instructions and as further stipulated in our data processing addendum and other commercial agreements with such customer. We also retain Customer Data and de-identified User Content for the purposes of improving our Services and technology, including machine learning by our automatic speech recognition engine.
We retain AI-Media User Data and AI-Media Website, CRM & Potentials Data for as long as it is reasonably necessary in order to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy.
Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you.
Retention of Identifiable Voice Recordings & Transcription Data (0 – 30 Days)
- Purpose: To allow you to access transcripts, verify accuracy and provide quality assurance.
- Storage: raw voice data and any corresponding transcription data that contains direct identifiers are encrypted at rest and accessible only by a minimal set of authorized personnel.
Deletion Timeline
- 30 Days After Recording Date: We purge all direct identifiers from raw recordings, raw recordings transform into de-identified voiceprint templates; transcripts with identifiers are moved to “non-identifiable” storage.
- Earlier Deletion on Request: if you withdraw consent or request deletion before 30 days, we will delete raw voice recordings and any identifiable transcripts within 30 days of your request.
Retention of De-identified Voiceprint Templates (Biometric Data)
- Purpose: enable continuous improvement of our machine learning models, provide voice recognition within specified Services, and conduct aggregated analytics.
- Duration:
- Retained for up to three (3) years from your last interaction, or sooner if no longer needed (whichever is earlier), in compliance with Illinois BIPA, Texas CUBI, and the BPA.
- After three years of inactivity or once internal teams confirm “no longer needed” for any legitimate business purpose, these templates are permanently and securely deleted.
- Deletion on Request:
- If you request deletion of all your data, we will:
- immediately delete any remaining identifiable recordings and associated identifiable transcripts.
- initiate permanent deletion of de-identified voiceprint templates within 30 days or earlier if no legitimate business use remains.
- If you request deletion of all your data, we will:
Biometric Information and Consent
Under Illinois BIPA (740 ILCS 14/10), Texas CUBI (Texas Business & Commerce Code § 503), and Washington’s Biometric Privacy Act (RCW 19.375), “Biometric Information” includes “a record of an individual’s voiceprint” and any digital representation of a voice. In our Service, “Biometric Information” means:
- Raw Voice Recordings
- Voiceprint Templates, Embeddings, or any numeric/graphical representation derived from those recordings (e.g., spectral features, vector metrics).
Why We Collect Biometric Information
- Speaker Recognition & Personalization: To generate tailored transcriptions.
- Research & Model Training: To improve speech recognition, creating a better user experience over time.
How We Obtain Consent
Affirmative, Written Consent Required Before Collection: before collecting any voice recording, we will ensure you are aware:
- Which Biometric Information is collected (raw recording; derived voiceprint).
- Why it is being collected (Services, Security, R&D).
- How long it will be stored (30 days for identifiable recordings; up to 3 years for de-identified templates).
- How you can withdraw consent and the consequences of doing so.
Withdrawing Consent
- What Happens on Withdrawal:
- We immediately cease collecting any new voice recordings or Transcription Data.
- Any identifiable voice recordings and transcription data still within the 30-day window are permanently deleted within 30 days of withdrawal.
- De-identified voiceprint templates are deleted within 30 days if no longer needed for any legitimate business purpose.
- We will confirm deletion in writing (email).
Third Party Service Providers
These providers:
- Process data only on our instructions.
- Are contractually obligated to maintain confidentiality and cybersecurity measures at least as stringent as ours.
- Are prohibited from using personal, transcription, or biometric data for any purpose other than providing the contracted service.
- We may share aggregated, truly de-identified datasets (no linkage keys remain) with industry partners strictly for research on voice analytics. All data shared in this manner is irreversibly de-identified (no way to re-link to an individual).
We may disclose Biometric Information if required by law (e.g. court order, subpoena), or if necessary to:
- Protect national security or public safety.
- Investigate fraud, security incidents, or unauthorized use of the Service.
- Defend our legal rights or those of our users.
6. Data Sharing
Legal Compliance: Except as stipulated otherwise in our data processing addendum and other commercial agreements with our customer, we may disclose or allow securities exchange, government and law enforcement officials access to personal data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our Services.
Service Providers: We engage selected third-party companies, sub-processors and individuals to perform services complementary to our own. Such service providers include content review, transcription, voice recognition and translation services, synthetic voice translation, hosting and server co-location services, sub-processing, communications and content delivery networks, API integrations, media hosting and streaming services, data and cyber security services, billing and payment processing services, fraud detection, investigation and prevention services, web analytics, data enrichment, email and communication distribution, monitoring services, call, session or activity recording and analysis services, remote access services, performance measurement, data optimization and marketing services, social and advertising networks, content providers, email, voicemails, support and customer relation management systems, and our legal, financial and compliance advisors (collectively, “Service Providers“). These Service Providers may have access to your personal data, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such limited purposes as determined in our lawful agreements with them.
Partnerships: We engage selected business and channel partners, resellers, distributors and providers of professional services related to our Services, which allow us to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences for our potential and existing customers and users. In such instances, we may share relevant contact, business and usage details with the respective partner, to allow them to engage with those customers and users for such limited purposes. If you directly engage with any of our partners, please note that any aspect of that engagement which is not directly related to the Services and directed by Ai-Media is beyond the scope of Ai-Media’s Legals and this Policy, and may therefore be governed by the partner’s terms and privacy policy.
Customers and other Users: Customer Data is typically shared and is available to Authorized Users belonging to such customer’s account, as well as to Authorized Users such data was shared with by said Users. Ai-Media User Data is shared with the administrator of the customer’s account to which such User belongs (including data and communications concerning such User’s account). In such cases, sharing this data means that the administrator(s) or other Users of the same account may access it on behalf of the customer, and will be able to monitor, process and analyze the personal data contained therein.
Please note that AI-Media is not responsible for and does not control any further disclosure, use or monitoring by or on behalf of the customer, that itself acts as the ‘data controller’ of such data (as further described in Section 10 below).
Service Integrations: You may choose to use a third-party service to upload User Content and related preparation materials to the Platforms and download or stream captioned User Content or transcripts (provided that such integration is supported by our Services). The provider of this integrated third-party service may receive certain relevant data about or from your User account on the Platform or share certain relevant data from your account on the third-party provider’s service with our Services, depending on the nature and purpose of such integration. This could include User Data and User Content. Note that we do not receive or store your passwords for any of these third-party services (but do typically require your API key in order to integrate with them).
Recipients, where needed to Protect Rights and Safety: We may share personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of Ai-Media, any of our users or customers, or any members of the general public.
Ai-Media Subsidiaries and Affiliated Companies: We may share personal data internally within our group, for the purposes described in this Policy. In addition, should Ai-Media or any of its affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, personal data may be shared with or transferred to the parties involved in such an event. If we believe that such change in control might materially affect your personal data then stored with us, we will notify you of this event and the choices you may have via email or a prominent notice on our Services.
For the avoidance of doubt, Ai-Media may share User Data, and Website, CRM & Potentials Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous.
If you post information to public parts of our websites or to our, or public social media pages, you acknowledge that such information (including your personal information and/or Biometric Data) may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
7. Information About Children
We do not knowingly collect personal data from children and do not wish to do so. We encourage parents and legal guardians to monitor their children’s internet use and help enforce our Policy. If you believe that a child has provided personal information to our website, please contact and we will endeavour to delete that information from our databases. Where consent is granted by the child’s parent or legal guardian, we will verify consent in accordance with applicable legislation (e.g., Children’s Online Privacy Protection Act).
8. Communications
We may contact you with information regarding our Services or, where you are business partner, your engagement with our Platforms and Services. For example, we may send customers, Users and Authorized Users email reminders of upcoming Sessions, and performance review requests after the event. We may also send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices). Our customers, and other Authorized Users on the same customer account, may also send you notifications, messages and other updates regarding their or your use of the Services.
You can typically control your communications and notifications settings from your Authorized User profile settings within the Platform when available, or otherwise in accordance with the instructions included in the communications sent to you. Please note that you will not be able to opt-out of receiving certain service communications which are integral to your use (like password resets or billing notices)
Ai-Media may use your personal information to market products and services to you or to inform you of any special offers, discounts or other information which are considered to be of interest to you. If you do not wish to receive future marketing, promotional or sales material from Ai-Media, you may use the unsubscribe link provided in contact information, or you may contact Ai-Media at any time by sending an email to with the subject “Unsubscribe”. Ai-Media will, as soon as reasonably practicable after receiving your request, remove your contact details from its marketing database.
9. Data Security
We and our hosting services implement systems, applications and procedures to secure your personal data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that our Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse. To learn more, please visit our Trust Centre.
We implement and maintain industry standard technical, administrative, and physical safeguards to protect your data, including:
- Encryption: all data— Customer Data, User Content, raw Voice Recordings, de-identified templates, transcription data, and usage logs – is encrypted both in transit (TLS 1.2+ / HTTPS) and at rest (AES-256).
- Access Controls & Logging: only a minimal, role-based subset of employees may access identifiable voice data or identifiable transcription data. All access to Personal Information, Biometric Information, and Transcription Data is logged and audited by our security team.
- Secure De-identification Process: Voice Recordings are de-identified in a secure environment; transcripts containing personal information are subject to the retention and destruction within this Policy.
- Vulnerability Management & Penetration Testing: third-party penetration tests; any identified vulnerabilities are remediated within 30 days.
- Incident Response Plan: A documented security incident response playbook governing notifications, root cause analysis, and remediation steps.
Note: No system can be 100 % secure. If you suspect any unauthorized access or misuse of your data, please contact us immediately at cyber..
10. Data Breach Notification
We adhere to all applicable breach notification laws:
U.S. Requirements
- General U.S. Law: we will notify affected individuals “as soon as practicable” and no later than 30 days after confirming a security breach that materially compromises personal information, Transcription Data containing direct identifiers, or Biometric Information.
- State-Specific Rules: additional notice to California residents if their personal information, identifiable transcription data, or biometric data is compromised. If biometric templates or voiceprints are breached, we will notify affected Illinois residents promptly and coordinate with the Illinois Attorney General if required.
EU & GDPR Requirements
For EU residents, if a breach affects personal data (including any Personal Information or transcription containing identifiers), we will notify the relevant Data Protection Authority within 72 hours of becoming aware of the breach and inform affected individuals without undue delay. Notifications will include:
- Description of the breach, including date/time discovered and date/time occurred (if known).
- Types of data involved (e.g., “voiceprint template,” “text transcript containing name,” “email address”).
- Steps taken to contain and remediate.
- Recommendations for users to protect themselves (e.g., reset passwords, monitor accounts).
- Contact information for questions and further assistance.
11. Your Rights & Choices
European Union (GDPR): If you reside in the EU, you have:
- Right of Access: request a copy of any personal data we hold about you (including Account Information, transcription data, and biometric templates).
- Right to Rectification: request correction of inaccurate or incomplete data.
- Right to Erasure (“Right to Be Forgotten”): request deletion of personal data (including transcription data containing direct identifiers and biometric templates) when no longer necessary or if you withdraw consent.
- Right to Restrict Processing: temporarily halt processing under certain circumstances (e.g., accuracy contested).
- Right to Data Portability: receive your data (e.g., your account information and non-identifiable usage logs) in a structured, machine-readable format.
- Right to Object: object to our processing of your data for direct marketing or legitimate interest.
- Right to Withdraw Consent: withdraw any previously granted consent (e.g., for voice recordings).
To exercise these rights, contact us at . We will respond within 30 days (plus one 30-day extension if needed).
California (CCPA): If you are a California resident, you may:
- Know What We Collect: request disclosure of categories of personally identifiable information, Transcription Data, or Biometric Information we have collected, used, or disclosed in the past 12 months.
- Request Deletion: ask us to delete your personal, transcription, or biometric data, subject to certain exceptions (e.g., completing a transaction, detecting security incidents).
- Opt Out of Sale of Data: although we do not “sell” Personal Information, Transcription Data, or Biometric Information as defined by CCPA, you can request a “Do Not Sell My Personal Information” if you believe we are sharing for cross-context advertising or similar.
- Non-Discrimination: we will not discriminate against you for exercising any CCPA rights (e.g., by lowering service quality or charging different prices).
Submit a request via . We will verify your identity (e.g. email verification) and respond within 45 days (may extend another 45 days with notice).
Illinois (BIPA), Texas (CUBI), and Washington BIPA: if you reside in Illinois, Texas, or Washington, you have additional rights regarding Biometric Information:
- Right to Informed Written Consent: we will obtain your detailed, written consent before collecting any biometric data (see Section 4).
- Right to Disclosure: you may request a description of what biometric data (voiceprint templates) we have collected, how it is used and stored, and any third parties with whom it is shared.
- Right to Receive Copies: you may request a copy of any biometric identifiers or templates we hold about you.
- Right to Deletion: you may request that we delete all biometric data if no longer needed for the purpose it was collected (e.g., you have not used the Service in 3 years).
To exercise these rights, email with subject “Biometric Data Request” and specify which right you wish to exercise. We will comply within 30 days, or sooner if required by state law.
Please note that when you ask us to exercise any of your rights under this policy or applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of personal data related to others and to ask you to provide further information to better understand the nature and scope of data that you request to access. This would typically include information such as the e-mail address used to identify you in our systems (in which case we might require additional verification steps to ensure that you have access to that e-mail). Such additional data, along with details and correspondence related to your request, will be then retained by us for legal and compliance purposes.
12. Data Controller / Processor
Certain data protection laws and regulations, such as the EU General Data Protection Regulation (GDPR), UK GDPR or the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.
Ai-Media is the “data controller” (or “business”) of Ai-Media Website, Ai-Media Data, CRM & Event Data. With respect to such data, we assume the responsibilities of data controller (solely to the extent applicable under law), as set forth in this Privacy Policy. In such instances, our Service Providers processing such data will assume the role of “data processor”.
Ai-Media is both a “data controller” and “data processor” (or “business” and “service provider”, respectively) of Customer Data. Where we process on behalf of our customer (who is the “data controller” of such data; and our Service Providers who process such Ai-Media Customer Data on our behalf are the “sub-processors” of such data), we are a ‘processor.’ Where we process such data for our own processes, namely to improve the Services and our technology, we are a ‘controller.’
Ai-Media is both a “data controller” and “data processor” (or “business” and “service provider”, respectively) of Ai-Media User Data. Such data is processed by Ai-Media for its own purposes, as an independent ‘controller’; while those certain portions of it which are included in Customer Data will be processed by us on our customer’s behalf, as a ‘processor’.
Accordingly, where it is providing the Services, Ai-Media processes User Content and Customer Data in accordance with our customer’s reasonable instructions and as further stipulated in our data processing addendum and other commercial agreements with such customer. Each customer, as the controller (or business) of their Customer Data, is solely responsible for meeting any legal requirements applicable to data controllers or businesses. This includes establishing a legal basis for proceeding and providing adequate notice to data subjects whose data may be contained in Customer Data – including sufficient reference to the processing of their personal data via the Services, and any other information necessary to comply with all applicable privacy and data protection laws; and to obtain all approvals and consents from such individuals as required under such laws.
13. Categories of Personal Information Under the CCPA
While our collection, use and disclosure of personal information varies based upon our relationship and interactions with you, in this section we describe, generally, how we have collected and disclosed personal information about consumers in the prior 12 months (from the date of last revision).
Categories of Personal Information Collected and Disclosed. The table below identifies the categories of personal information (as defined by the CCPA) we have collected about consumers, as well as how we have disclosed such information for a business purpose. For more information about the business and commercial purposes for which we collect, use and disclose personal information, please see the Purposes of Collection and Processing and the Disclosure of Personal Information sections above.
Personal Information Collected | May We Disclose this Information? | Categories of Third Parties to Whom We May Disclose this Information | |
Categories | Description | ||
Identifiers | Includes direct identifiers, such as name, alias user ID, username, account number or unique personal identifier; email address, phone number, address and other contact information; IP address and other online identifiers. | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • relevant business customer (for enterprise users) • resellers and distributors |
Customer Records | Includes personal information, such as name, account name, user ID, contact information, education and employment information, payment information that individuals provide us in order to purchase or obtain our products and services. | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • internet service providers • operating systems and platforms • relevant business customer (for enterprise users) |
Commercial Information | Includes records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • resellers and distributors |
Audio, Video and Electronic Data | Includes audio, electronic, visual, thermal, olfactory, or similar information such as photographs and images (e.g., that you provide us) and call recordings (e.g., of customer support calls). | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • internet service providers • operating systems and platforms • business customer/client • resellers and distributors |
Usage Data | Includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites, mobile apps and other services, and our marketing emails and online ads. | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • advertising networks • data analytics providers • social networks • internet service providers • operating systems and platforms • relevant business customer (for enterprise users) • resellers and distributors |
Geolocation Data | Includes precise location information about a particular individual or device. | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries |
Professional Information | Includes professional and employment-related information (such as current and former employer(s) and position(s), business contact information and professional memberships). | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • relevant business customer (for enterprise users) • resellers and distributors |
Education Information | Information about an individual’s educational history (such as the schools attended, degrees you were awarded, and associated dates). | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • business customer (for enterprise users) • resellers and distributors |
Protected Classifications | Includes characteristics of protected classifications under applicable laws, such as disability information and health conditions (e.g., which we may collect in order to make available appropriate accommodations for events and other activities), information we collect or receive from personnel as part of our diversity and inclusion program. | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries |
Inferences | Includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities or aptitudes. For example, we may create profiles of your likely interests so that we may send you more relevant marketing emails. | YES | • service providers
• advisors and agents • government entities and law enforcement • affiliates and subsidiaries • resellers and distributors |