Privacy Policy

Overview

Yentl is a source-anchored speech and media analysis tool. This Privacy Policy explains what data is processed, by whom, on what legal basis, and what rights you have. In v1, Yentl is guest-first and saves sessions locally in your browser, not in an account-backed server library. API requests may temporarily process audio, media, transcript text, claims, sources, and analysis so the app can work.

Processors (subprocessors)

Yentl uses the following named processors. There are no unnamed third parties:

• Deepgram— Processes audio for transcription, including live audio and uploaded or linked media. For EU/EEA users, Yentl routes traffic to Deepgram's EU endpoint (api.eu.deepgram.com) where technically feasible. Deepgram is a US-based processor covered by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). See Deepgram Privacy Policy.
• Anthropic— Processes transcript text for fact-checking, bias/fallacy analysis, and source citation. Anthropic is a US-based processor. Yentl's use of Anthropic's commercial API is covered by Anthropic's Data Processing Agreement (DPA) and SCCs (auto-incorporated in Commercial ToS since January 1, 2026). See Anthropic Privacy Policy.
• Vercel — Hosts the Yentl web application and routes API requests via Vercel AI Gateway. Vercel may also temporarily handle uploaded media or media URLs during transcription workflows. Vercel operates a global edge network (US/EU/global). Vercel maintains a DPA and SCCs for EU data subjects. See Vercel Privacy Policy.

Full subprocessor details are available at /subprocessors.

Lawful basis for processing (GDPR)

For EU/EEA users, Yentl's processing is based on:

• GDPR Art. 6(1)(a) — Consent: You give explicit consent before any recording begins (via the session consent gate).
• GDPR Art. 9(2)(a) — Explicit consent for special-category data: Audio may incidentally contain special-category data (health, political views, religion, sexual orientation, ethnicity). Explicit consent is obtained before processing begins.

You may withdraw consent at any time by ending your session. Withdrawal does not affect the lawfulness of processing already completed.

Data retention

Saved sessions in v1 are browser-local. If you use the Save button, the session snapshot is stored in this browser's IndexedDB so it can appear in the local saved sessions library. Clearing site data, changing browsers, or using another device can remove or hide those saves. Yentl does not provide account-backed session history or cross-device sync in this v1 build.

Yentl server routes may temporarily process media, transcript text, and analysis while a request runs. Deepgram, Anthropic, Vercel, and any deployment-specific auth provider may retain API request or account metadata per their own retention policies. Refer to their respective privacy policies for details.

Cross-border data transfers

Yentl uses processors based in the United States. Cross-border transfers are covered by:

• EU-US Data Privacy Framework (DPF) — where the processor is DPF-certified (Deepgram).
• Standard Contractual Clauses (SCCs) — for all US-based processors (Deepgram, Anthropic, Vercel), as incorporated into their respective DPAs.
• UK International Data Transfer Agreement (IDTA) — for UK data subjects.
• For EU/EEA audio traffic: Deepgram EU endpoint (api.eu.deepgram.com) is used to keep audio processing within the EEA where technically feasible.

Your rights under GDPR

EU/EEA data subjects have the following rights:

• Right of access (Art. 15) — request a copy of personal data held about you.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure(Art. 17) — request deletion of your data (“right to be forgotten”).
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to restriction (Art. 18) — restrict processing in certain circumstances.
• Right to object (Art. 21) — object to processing based on legitimate interests.
• Right to lodge a complaint — with your national supervisory authority (e.g., CNIL in France, ICO in the UK, DPC in Ireland).

Note: Because Yentl v1 session saves are local to your browser, most saved-session access, erasure, and portability actions are handled by your local library, exports, or browser site-data controls. To exercise rights regarding request metadata or processor-handled data, email privacy@yentl.it.

California residents — CCPA notice

California residents have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know, delete, and opt out of the sale of personal information. Yentl does not sell personal information. Yentl supports Global Privacy Control (GPC) signals — see globalprivacycontrol.org.

Quebec — Law 25 acknowledgment

Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Bill 64) applies to processing of Quebec residents' personal information. Yentl's guest-first, browser-local save model minimizes account-backed personal data retention consistent with Law 25 data minimization principles.

Contact

For privacy questions, data-rights requests, processor questions, or consent and retention concerns, email privacy@yentl.it or use the contact page.