BackDorvik

Privacy Policy

Last updated: July 14, 2026. Dorvik is operated by LumiLife Tech UG (haftungsbeschränkt), Berlin, Germany. This policy explains how we handle your data under the EU GDPR and international privacy standards.

1. Who we are

The data controller is LumiLife Tech UG (haftungsbeschränkt), Rykestraße 36, 10405 Berlin, Germany. Email: info@lumilife.app. For Dorvik-specific privacy requests, contact privacy@dorvik.app.

2. What Dorvik does

Dorvik is an AI note taker. You record or upload audio; our processing pipeline transcribes the audio, generates a summary, key points, action items and (on request) translations, then stores the resulting text in your private account.

3. Data we process

  • Account data — email address, hashed password, timestamps.
  • Audio recordings — captured only while you actively record or upload. Sent to our transcription pipeline and automatically deleted immediately after the transcript is produced.
  • Transcripts & AI outputs — text, summaries, key points, action items, translations. Stored in your private, row-level-secured workspace.
  • Technical logs — minimal request/error logs used only to keep the service running and secure.

4. Legal basis (GDPR Art. 6)

  • Contract (Art. 6(1)(b)) — to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — security, abuse prevention, service reliability.
  • Consent (Art. 6(1)(a)) — for optional cookies and marketing communications.
  • Legal obligation (Art. 6(1)(c)) — tax and bookkeeping records.

5. Processors & sub-processors

We use vetted providers under EU-approved data-processing agreements:

  • Supabase (database, storage, auth) — EU region.
  • OpenAI & Google Gemini (AI transcription and processing) — API calls only, no training on your data.
  • Cloudflare (hosting & edge) — traffic routing and DDoS protection.

Audio is deleted right after transcription; only your text content is retained inside your workspace.

6. International transfers

Where data leaves the EEA, transfers are protected by the European Commission's Standard Contractual Clauses (SCCs) and additional technical safeguards (encryption in transit and at rest).

7. Security

  • TLS 1.2+ encryption in transit, AES-256 at rest.
  • Row-Level Security (RLS) — every row is scoped to the authenticated user; no other user can read your notes.
  • Least-privilege service roles, encrypted secrets, audit logs.
  • Audio auto-deletion after transcription minimises retained sensitive data.

8. Retention

Transcripts remain until you delete them or close your account. Deleting a transcript removes it immediately and permanently.

9. Your rights (GDPR & international)

  • Access, rectification, deletion, restriction, portability, objection.
  • Withdraw consent at any time.
  • Lodge a complaint with your supervisory authority (in Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit).
  • US/California residents: rights under the CCPA/CPRA — request access, deletion, opt out of "sale" (we do not sell data).

Send requests to privacy@dorvik.app. We respond within 30 days.

10. Children

Dorvik is not directed at children under 16 and we do not knowingly collect their data.

11. Changes

We will notify significant changes by email or in-app notice.