BETA50% off your first event through June 20 · Get started · Questions?

Terms of Service, Privacy & Data Policy

Effective: May 15, 2026  ·  Manitou Research, Inc.

Terms of Service

These Terms of Service (“Terms”) govern your access to and use of the CrowdScribe platform (“Service”), operated by Manitou Research, Inc.(“we,” “us,” or “our”), a company incorporated and headquartered in the United States. By accessing or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.

Service Description

CrowdScribe is a B2B event transcription and speaker-attribution platform. Event organizers (“Hosts”) use the web portal to create events and invite participants. Designated speakers (“Moderators”) and attendees enroll biometric identifiers—a voiceprint and, optionally, facial images—solely for the purpose of attributing spoken words to a named speaker within a specific event. Recorder phones capture session audio, which is transcribed and attributed in near real time. Attributed transcripts are delivered to Hosts and all biometric data is permanently deleted on a strict schedule after the event concludes.

Eligibility

The Service is intended for use by organizations and their adult representatives. You represent that (a) you are at least 18 years of age; (b) you have the authority to bind your organization to these Terms; and (c) your use of the Service complies with all applicable laws and regulations.

Accounts and Access

Hosts register using a verified email address. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. Notify us immediately at legal@crowdscribe.io if you suspect unauthorized access.

Fees and Billing

Pricing is disclosed at the time of event creation. We reserve the right to update pricing with reasonable advance notice. All fees are in U.S. dollars. Refunds and cancellations are governed by the Refunds & Cancellations section below.

Intellectual Property

We retain all rights to the CrowdScribe platform, software, and branding. You retain all rights to your event transcripts and any content you provide. You grant us a limited, non-exclusive license to process your content solely to provide the Service as described herein. We do not claim ownership of your transcripts.

Limitation of Liability

To the maximum extent permitted by law, Manitou Research, Inc. shall not be liable for indirect, incidental, special, consequential, or punitive damages arising out of your use of the Service. Our total liability for any claim arising out of or related to the Service shall not exceed the fees paid by you in the twelve months preceding the claim.

Governing Law

These Terms are governed by the laws of the United States and the state in whichManitou Research, Inc. is incorporated, without regard to conflict-of-law principles. Any disputes shall be resolved in the federal or state courts located in that jurisdiction.

Refunds & Cancellations

We want you to feel confident scheduling an event without worrying about being stuck with a charge if your plans change. The schedule below applies to every paid event. Free-tier events have nothing to refund.

TimingRefund
More than 24 hours before the scheduled event start time100% refund, less payment processing fees
Within 24 hours of the scheduled event start time, before the event begins50% refund, less payment processing fees
After the event has startedNo refund, except for documented technical failures or unusable transcript quality — in which case 100% refund, less payment processing fees

What “payment processing fees” means

Our payment processor retains a per-transaction fee that we do not get back when we issue a refund. As of this writing that fee is approximately 2.9% of the transaction amount plus 30¢ per transaction. We deduct that amount from every refund — not as a penalty, but because we have already paid it and cannot recover it on your behalf. The deducted amount will be shown on your refund receipt.

Quality-failure refunds

If a session’s transcript is unusable due to a technical failure on our side — for example, transcription returns nothing because of a service outage, or audio chunks failed to upload — email legal@crowdscribe.io within 30 days of the event end with the event name and a short description. We’ll review the audit log on our side and issue a full refund (less processing fees) if the failure is confirmed.

Issues that are not grounds for a quality refund include: poor audio quality due to your recording environment (e.g., a recorder phone left across the room from speakers), participants who chose not to enroll a voiceprint (their speech will be transcribed but labeled “Unidentified speaker”), and accuracy limitations of automated transcription on overlapping speech, heavy accents, or specialized vocabulary.

How to request a refund

Email legal@crowdscribe.io with the event name, the date, and the reason for the refund. We aim to respond within 3 business days. Approved refunds are processed back to the original payment method within 5–10 business days, depending on your bank.

What deletion doesn’t change

The biometric retention schedule and our deletion obligations run independently of refund timing. Even if a refund is denied or partial, biometric data is still destroyed on the schedule documented in the Retention Schedule section. Refunds and deletion are separate processes.

Prohibited Uses

The following uses are expressly prohibited and constitute a material breach of these Terms:

HIPAA-Regulated Information. CrowdScribe is NOT a HIPAA-covered entity or business associate. The Service is not designed, certified, or authorized to process Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act. Do not use the Service to record, transcribe, or attribute any conversation involving PHI, medical records, patient identifiers, or any other information regulated under HIPAA. Entering PHI via transcription is a violation of these Terms and may expose you and your organization to regulatory liability.

Classified and National Security Information. The Service is NOT authorized to process, store, or transmit information classified at any level under Executive Order 13526 or any successor order, or any information subject to national security controls. Do not use the Service to record or transcribe sessions involving classified information. Entering classified information via transcription is a violation of these Terms and may constitute a federal crime.

Controlled Unclassified Information (CUI). The Service is NOT authorized to process Controlled Unclassified Information as defined by the National Archives and Records Administration CUI Registry, including but not limited to export-controlled technical data (ITAR/EAR), law enforcement sensitive information, or privacy-protected government records. Entering CUI via transcription is a violation of these Terms.

Other Prohibited Uses. You may not use the Service to: record any individual without their informed consent; violate any applicable wiretapping, eavesdropping, or privacy statute; harass, defame, or discriminate against any person; attempt to reverse-engineer or circumvent any security measure; or resell or sublicense access to the Service without our written authorization.

If you are uncertain whether your use case falls within a prohibited category, contact us at legal@crowdscribe.io before using the Service. We will not be liable for any regulatory violation arising from your prohibited use.

Privacy & Data Policy

Manitou Research, Inc. takes the privacy of event participants seriously. This policy explains what data we collect, why we collect it, how we protect it, and when we destroy it. It is incorporated by reference into the Terms of Service above.

Data We Collect

  • Host accounts: email address, organization name, billing information.
  • Participant identity: name, email address, and optional role designation, provided by the Host via CSV upload or manual entry.
  • Biometric enrollment data: 10–15 facial photographs and a short voice sample collected through the mobile app during enrollment. These are used exclusively to generate a mathematical voiceprint embedding and a secure facial-recognition identifier scoped to a single event. Raw photographs and audio are not retained after the embedding is generated.
  • Session audio: audio captured by designated recorder phones during recorded sessions. Audio is processed for transcription and speaker attribution and then deleted on the schedule below.
  • Consent records: timestamped records of each consent action, including IP address, user-agent string, and a cryptographic hash of the exact consent text shown, as required by applicable biometric privacy laws.
  • Transcript text: attributed, text-only transcripts generated from session audio. Retained per the schedule below.

How We Use Your Data

  • To provide speaker-attributed transcription for your event.
  • To send enrollment invitations and consent flows to participants.
  • To bill Hosts for completed events.
  • To comply with legal obligations, including biometric privacy statutes.

We do not use your data to train machine learning or AI models. Audio, voiceprints, facial images, and transcript text are never used for model development, fine-tuning, benchmarking, or any purpose beyond delivering the transcription service for your specific event.

Biometric Data and Applicable Law

Facial images and voiceprints are regulated biometric identifiers under Illinois BIPA, Texas CUBI, Washington’s biometric privacy statute, and similar state laws. We collect these identifiers only after obtaining written informed consent from each participant, at two points: once at the web-based consent page before app installation, and once within the mobile app before enrollment. Both consent records are stored immutably with a timestamp and a hash of the exact consent text shown.

Data Sharing

We do not sell participant data. We share data only with the categories of vendors listed below, each bound by a written processing agreement requiring them to handle data solely on our instructions and on the schedule defined in this policy. All vendors operate in U.S.-region facilities.

  • Specialized face-recognition vendor: facial images and the resulting identifiers, used solely for enrollment and recognition within your event’s isolated identity group.
  • Cloud infrastructure provider: encrypted audio and transcript data while in transit and at rest.
  • Payment processor: billing information for Host accounts only.
  • Law enforcement or regulatory authorities, only as required by valid legal process.

Is My Data Safe?

American company. American servers.

Manitou Research, Inc. is incorporated and headquartered in the United States. All data is stored and processed on servers located within the United States. Every third-party vendor we use is contractually required to keep your data inside U.S.-region facilities. We do not transfer participant data outside the United States.

We do not train models on your data.

Your audio, voiceprints, facial images, and transcript text are used exclusively to produce your event’s attributed transcript. They are never used for any machine learning or AI training purpose. This is an architectural constraint, not just a policy promise: biometric data is siloed per event and destroyed on a fixed schedule, making it structurally unavailable for any downstream training use.

Per-event isolation.

Every event operates in its own isolated data silo. Voiceprints, facial identifiers, and transcripts from Event A are never accessible to, or queryable by, Event B. This isolation is enforced at every layer of our stack: the database, the recognition vendor, and our internal access controls all scope every record to a single event.

Encryption in transit and at rest.

All data is encrypted in transit using TLS 1.2 or higher. Database records, biometric embeddings, and stored audio are encrypted at rest using AES-256.

Data is destroyed, not archived.

Biometric data (voiceprints, facial images, vendor-side recognition identifiers) is permanently and irreversibly destroyed at the end of each event, per the Retention Schedule below. We do not archive biometric data. Session audio is deleted on a short fixed schedule. Only text transcripts are retained, and only for a limited period.

Confidential and proprietary content.

We understand that conference and retreat sessions often contain sensitive business information. That content is yours. We process it only to produce the transcript and have no interest in its substance. Our access controls, audit logging, and short retention windows are designed to minimize exposure time of sensitive discussion content.

Data Retention Schedule

The following schedule governs how long each category of data is retained after an event concludes. “Event end” means the later of the scheduled end time and the time the Host marks the event as ended. An operational grace window of up to 72 hours applies before irreversible deletion begins. The grace window exists so we can re-process an event if an attribution or transcription bug is discovered after the fact; once it elapses, deletion runs automatically.

Data TypeRetention PeriodDestruction Method
Facial photographs (raw)Deleted after embedding generation; not retained beyond enrollment sessionStorage blob deletion
Vendor-side face recognition identifiersDeleted within 72 hours after event endVendor identity-group deletion API
Voiceprint embeddingsDeleted within 72 hours after event endDatabase row deletion; embedding column nulled
Session audio recordings7 days after event endStorage bucket object deletion
Location data associated with recordings7 days after event endDatabase row deletion
Text transcripts (attributed)
Once you download a copy, it’s yours to keep — see Transcript Ownership.
90 days after event end (our copy)Database row deletion of our copy; downloaded copies are unaffected
Consent records3 years (required by applicable biometric privacy law)Retained for legal compliance; biometric fields anonymized
Billing records7 years (U.S. tax law)Retained for tax compliance; no biometric data included

Destruction of biometric data is irreversible. Once deleted, we have no ability to recover it. Participants who wish to request earlier deletion may contact the event Host or reach us at legal@crowdscribe.io.

Host Responsibilities & Data Custody Transfer

Transcript Delivery

At the conclusion of an event, the Host receives a PDF transcript with full named speaker attribution. This document is delivered to the Host’s registered email address and made available for download through the CrowdScribe web portal during the 90-day transcript retention window.

Transcript Ownership

The transcript of your event is yours. Once you download the PDF or JSON, it’s your document — yours to keep, share, archive, or use however your organization normally handles meeting records. We don’t claim any ownership over it.

Our copy of that same transcript stays in CrowdScribe for the 90-day retention window above, after which we permanently delete it from our systems. The deletion of our copy is automatic; it doesn’t affect your downloaded copy.

Because the downloaded document is on your storage and inside your security perimeter, decisions about who sees it and how long you keep it are yours. We’d recommend treating it like any other meeting record that contains participant names — store it securely, share it only with people who need it, and follow whatever retention policy your organization already has for similar materials.

Limitation of CrowdScribe Liability After Data Destruction

Once Manitou Research, Inc. deletes its copies of participant data per the Retention Schedule above, we no longer hold or have access to that data. We’re not in a position to respond to requests about, or take responsibility for, copies that exist outside our systems — including transcripts you previously downloaded or forwarded. That doesn’t mean the Host is on the hook for everything; it just means we can’t answer for data we no longer possess.

If you’re subject to specific privacy laws that govern meeting records — for example, biometric statutes in IL, TX, or WA, or sector-specific rules in your industry — those continue to apply to any copies you retain. We suggest treating downloaded transcripts the same way you treat other participant-identifying meeting records you produce.

Participant Consent Obligation

Hosts are responsible for ensuring that all individuals whose voices or likenesses are captured have provided informed consent through the CrowdScribe enrollment flow before any session begins. Recording a session before participant enrollment is complete, or enrolling participants without genuine informed consent, is a violation of these Terms and may constitute a violation of applicable wiretapping and biometric privacy laws.

Subprocessors

We use a small number of trusted third-party services to operate CrowdScribe. Each is contractually bound to confidentiality and data-handling terms consistent with our Privacy Policy, and each either does not retain customer data beyond the brief processing window required for its function, or holds it only under the same retention schedule we describe in this document.

We publish the identities of our infrastructure subprocessors below. The specific identities of our specialized AI providers (transcription and text-analysis) are disclosed under a mutual NDA + Data Processing Agreement. Enterprise buyers, security teams, and counsel can request the full list and execute the DPA by emailing legal@crowdscribe.io. We typically turn these around in under a week.

SubprocessorPurposeData sharedJurisdictionPrivacy policy
Specialized AI transcription providerHigh-accuracy AI re-transcription of session audio segments flagged as low-confidence by our primary engine (“polish pass”). Host can disable per event in event settings.Audio segments + their text context. No-training agreement in place; brief processing-window retention.United StatesNDA + DPA
Specialized AI text-analysis providerExtracts vocabulary keyterms from host-uploaded context documents (websites, brochures, agendas) to bias transcription toward in-domain terminology. Triggered only when a host explicitly uploads a context document.Plain text of the host-uploaded context document. No customer audio or biometric data. No-training agreement in place.United StatesNDA + DPA
SupabaseDatabase, authentication, and file storage. Primary data store for all customer data.All customer data (event metadata, participant info, voiceprint embeddings, transcripts, audio chunks).United States (AWS US-East)Link
Google Cloud RunHosting environment for our application servers (the gateway). Processes audio in real time for transcription and speaker attribution.Customer audio + biometric embeddings during processing. No persistent storage; ephemeral compute only.United States (us-east4)Link
Microsoft Azure Face APIOptional face-recognition matching when a host enables face capture for their event. Most events are audio-only and do not invoke Azure.Face frames for enrolled participants in face-capture events only. Per-event Azure PersonGroup is deleted at event end with verification.United StatesLink
MailgunTransactional email delivery (invitations, deletion confirmations, cost-overage alerts).Participant + host email addresses, names, and email body content.United StatesLink
StripePayment processing for paid events.Host name, email, billing address, payment method (held by Stripe; we never see card numbers).United StatesLink
VercelHosting environment for the web dashboard and marketing site. Static assets and edge functions only; does not handle audio or biometrics.HTTP request metadata only.United StatesLink

We will provide at least 30 days' notice before adding or replacing a subprocessor that materially changes how customer data is handled. Last updated: 2026-05-22.

Enterprise & Data Processing Agreements

Manitou Research, Inc. executes Data Processing Agreements (DPAs) and mutual Non-Disclosure Agreements (NDAs) for enterprise customers, security teams, and counsel conducting vendor diligence. A signed DPA covers:

  • The full identity of every subprocessor, including our specialized AI providers
  • Each subprocessor’s role, data shared, jurisdiction, and applicable certifications
  • Our retention and deletion commitments, restated in DPA-standard form
  • Incident-notification timelines (typically ≤ 72 hours for confirmed personal-data incidents)
  • Audit rights and security-review documentation

We accept the customer’s standard DPA template if reasonable, or we’ll provide ours. Mutual NDA is available as a standalone instrument if preferred before a full DPA is in place. Our typical turnaround from initial request to signed DPA is under a week.

Email legal@crowdscribe.io with the subject line “DPA request” and include your organization, the use case, and any specific disclosure requirements your security team has flagged.

CrowdScribe does not currently hold a third-party SOC 2 or ISO 27001 attestation. Both are on our roadmap; we’ll disclose progress and provisional reports under NDA on request. In the interim, our security posture is documented in this Privacy & Data Policy and in the Subprocessors list above, both of which we keep current.

Contact Information

Manitou Research, Inc. is an American company. Questions, data deletion requests, or legal inquiries may be directed to:

Manitou Research, Inc.

2200 Wilson Boulevard, Suite 102-450 Arlington, VA 22201

Email: legal@crowdscribe.io

We aim to respond to all privacy-related inquiries within 10 business days. Requests for biometric data deletion will be processed consistent with the Retention Schedule and applicable law.