Terms of Service, Privacy & Data Policy
Effective: May 15, 2026 · Manitou Research, Inc.
Terms of Service
These Terms of Service (“Terms”) govern your access to and use of the CrowdScribe platform (“Service”), operated by Manitou Research, Inc.(“we,” “us,” or “our”), a company incorporated and headquartered in the United States. By accessing or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.
Service Description
CrowdScribe is a B2B event transcription and speaker-attribution platform. Event organizers (“Hosts”) use the web portal to create events and invite participants. Designated speakers (“Moderators”) and attendees enroll biometric identifiers—a voiceprint and, optionally, facial images—solely for the purpose of attributing spoken words to a named speaker within a specific event. Recorder phones capture session audio, which is transcribed and attributed in near real time. Attributed transcripts are delivered to Hosts and all biometric data is permanently deleted on a strict schedule after the event concludes.
Eligibility
The Service is intended for use by organizations and their adult representatives. You represent that (a) you are at least 18 years of age; (b) you have the authority to bind your organization to these Terms; and (c) your use of the Service complies with all applicable laws and regulations.
Accounts and Access
Hosts register using a verified email address. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. Notify us immediately at legal@crowdscribe.io if you suspect unauthorized access.
Fees and Billing
Pricing is disclosed at the time of event creation. We reserve the right to update pricing with reasonable advance notice. All fees are in U.S. dollars and non-refundable except as required by law or as expressly stated in a separate agreement.
Intellectual Property
We retain all rights to the CrowdScribe platform, software, and branding. You retain all rights to your event transcripts and any content you provide. You grant us a limited, non-exclusive license to process your content solely to provide the Service as described herein. We do not claim ownership of your transcripts.
Limitation of Liability
To the maximum extent permitted by law, Manitou Research, Inc. shall not be liable for indirect, incidental, special, consequential, or punitive damages arising out of your use of the Service. Our total liability for any claim arising out of or related to the Service shall not exceed the fees paid by you in the twelve months preceding the claim.
Governing Law
These Terms are governed by the laws of the United States and the state in whichManitou Research, Inc. is incorporated, without regard to conflict-of-law principles. Any disputes shall be resolved in the federal or state courts located in that jurisdiction.
Prohibited Uses
The following uses are expressly prohibited and constitute a material breach of these Terms:
HIPAA-Regulated Information. CrowdScribe is NOT a HIPAA-covered entity or business associate. The Service is not designed, certified, or authorized to process Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act. Do not use the Service to record, transcribe, or attribute any conversation involving PHI, medical records, patient identifiers, or any other information regulated under HIPAA. Entering PHI via transcription is a violation of these Terms and may expose you and your organization to regulatory liability.
Classified and National Security Information. The Service is NOT authorized to process, store, or transmit information classified at any level under Executive Order 13526 or any successor order, or any information subject to national security controls. Do not use the Service to record or transcribe sessions involving classified information. Entering classified information via transcription is a violation of these Terms and may constitute a federal crime.
Controlled Unclassified Information (CUI). The Service is NOT authorized to process Controlled Unclassified Information as defined by the National Archives and Records Administration CUI Registry, including but not limited to export-controlled technical data (ITAR/EAR), law enforcement sensitive information, or privacy-protected government records. Entering CUI via transcription is a violation of these Terms.
Other Prohibited Uses. You may not use the Service to: record any individual without their informed consent; violate any applicable wiretapping, eavesdropping, or privacy statute; harass, defame, or discriminate against any person; attempt to reverse-engineer or circumvent any security measure; or resell or sublicense access to the Service without our written authorization.
If you are uncertain whether your use case falls within a prohibited category, contact us at legal@crowdscribe.io before using the Service. We will not be liable for any regulatory violation arising from your prohibited use.
Privacy & Data Policy
Manitou Research, Inc. takes the privacy of event participants seriously. This policy explains what data we collect, why we collect it, how we protect it, and when we destroy it. It is incorporated by reference into the Terms of Service above.
Data We Collect
- Host accounts: email address, organization name, billing information.
- Participant identity: name, email address, and optional role designation, provided by the Host via CSV upload or manual entry.
- Biometric enrollment data: 10–15 facial photographs and a short voice sample collected through the mobile app during enrollment. These are used exclusively to generate a mathematical voiceprint embedding and an Azure Face API identifier scoped to a single event. Raw photographs and audio are not retained after the embedding is generated.
- Session audio: audio captured by designated recorder phones during recorded sessions. Audio is processed for transcription and speaker attribution and then deleted on the schedule below.
- Consent records: timestamped records of each consent action, including IP address, user-agent string, and a cryptographic hash of the exact consent text shown, as required by applicable biometric privacy laws.
- Transcript text: attributed, text-only transcripts generated from session audio. Retained per the schedule below.
How We Use Your Data
- To provide speaker-attributed transcription for your event.
- To send enrollment invitations and consent flows to participants.
- To bill Hosts for completed events.
- To comply with legal obligations, including biometric privacy statutes.
We do not use your data to train machine learning or AI models. Audio, voiceprints, facial images, and transcript text are never used for model development, fine-tuning, benchmarking, or any purpose beyond delivering the transcription service for your specific event.
Biometric Data and Applicable Law
Facial images and voiceprints are regulated biometric identifiers under Illinois BIPA, Texas CUBI, Washington’s biometric privacy statute, and similar state laws. We collect these identifiers only after obtaining written informed consent from each participant, at two points: once at the web-based consent page before app installation, and once within the mobile app before enrollment. Both consent records are stored immutably with a timestamp and a hash of the exact consent text shown.
Data Sharing
We do not sell participant data. We share data only with:
- Microsoft Azure (Face API): facial images and identifiers, used solely for enrollment and recognition within your event’s isolated Person Group.
- Cloud infrastructure providers (Google Cloud): encrypted audio and transcript data processed in transit.
- Stripe: billing information for Host accounts.
- Law enforcement or regulatory authorities, only as required by a valid legal process.
Is My Data Safe?
American company. American servers.
Manitou Research, Inc. is incorporated and headquartered in the United States. All data is stored and processed on servers located within the United States. We do not transfer participant data outside the United States except as required to communicate with Azure Face API (data centers selectable by region; we use U.S. East). We do not store data with vendors headquartered outside the U.S.
We do not train models on your data.
Your audio, voiceprints, facial images, and transcript text are used exclusively to produce your event’s attributed transcript. They are never used for any machine learning or AI training purpose. This is an architectural constraint, not just a policy promise: biometric data is siloed per event and destroyed on a fixed schedule, making it structurally unavailable for any downstream training use.
Per-event isolation.
Every event operates in its own isolated data silo. Voiceprints, facial identifiers, and transcripts from Event A are never accessible to, or queryable by, Event B. This isolation is enforced at the database layer with event-scoped access controls and at the Azure layer through separate Person Groups per event.
Encryption in transit and at rest.
All data is encrypted in transit using TLS 1.2 or higher. Database records, biometric embeddings, and stored audio are encrypted at rest using AES-256.
Data is destroyed, not archived.
Biometric data (voiceprints, facial images, Azure Person identifiers) is permanently and irreversibly destroyed at the end of each event, per the Retention Schedule below. We do not archive biometric data. Session audio is deleted on a short fixed schedule. Only text transcripts are retained, and only for a limited period.
Confidential and proprietary content.
We understand that conference and retreat sessions often contain sensitive business information. That content is yours. We process it only to produce the transcript and have no interest in its substance. Our access controls, audit logging, and short retention windows are designed to minimize exposure time of sensitive discussion content.
Data Retention Schedule
The following schedule governs how long each category of data is retained after an event concludes. “Event end” means the later of the scheduled end time and the time the Host marks the event as ended. A grace window of up to 60 minutes applies before irreversible deletion begins.
| Data Type | Retention Period | Destruction Method |
|---|---|---|
| Facial photographs (raw) | Deleted after embedding generation; not retained beyond enrollment session | Storage blob deletion |
| Azure Face API Person Group & identifiers | Deleted within 60 minutes after event end | Azure Person Group deletion API |
| Voiceprint embeddings (pgvector) | Deleted within 60 minutes after event end | Database row deletion; embedding column nulled |
| Session audio recordings | 7 days after event end | Storage bucket object deletion |
| Location data associated with recordings | 7 days after event end | Database row deletion |
| Text transcripts (attributed) | 90 days after event end | Database row deletion |
| Consent records | 3 years (required by applicable biometric privacy law) | Retained for legal compliance; biometric fields anonymized |
| Billing records | 7 years (U.S. tax law) | Retained for tax compliance; no biometric data included |
Destruction of biometric data is irreversible. Once deleted, we have no ability to recover it. Participants who wish to request earlier deletion may contact the event Host or reach us at legal@crowdscribe.io.
Host Responsibilities & Data Custody Transfer
Transcript Delivery
At the conclusion of an event, the Host receives a PDF transcript with full named speaker attribution. This document is delivered to the Host’s registered email address and made available for download through the CrowdScribe web portal during the 90-day transcript retention window.
Host Data Custody
Upon delivery of the PDF transcript, the Host becomes the data controller for that document and is solely responsible for its storage, security, distribution, and eventual destruction in compliance with applicable law. The Host must:
- Maintain appropriate security controls for any downloaded transcripts containing participant names and attributed speech.
- Distribute transcript copies only to individuals with a legitimate need and only in accordance with the consent participants provided.
- Comply with any applicable privacy, employment, or data protection laws governing the transcript’s contents in the Host’s jurisdiction.
Limitation of CrowdScribe Liability After Data Destruction
Once Manitou Research, Inc. destroys its copies of participant data in accordance with the Retention Schedule above, Manitou Research, Inc. is no longer the data controller for that data and bears no legal responsibility for any copies that may exist in the Host’s possession or that the Host may have shared with third parties. Any obligations arising from the Host’s retention or distribution of transcripts after our destruction event belong solely to the Host.
Hosts are advised to implement their own retention and destruction policies for downloaded transcripts consistent with applicable law, including any biometric privacy statutes in their jurisdiction.
Participant Consent Obligation
Hosts are responsible for ensuring that all individuals whose voices or likenesses are captured have provided informed consent through the CrowdScribe enrollment flow before any session begins. Recording a session before participant enrollment is complete, or enrolling participants without genuine informed consent, is a violation of these Terms and may constitute a violation of applicable wiretapping and biometric privacy laws.
Contact Information
Manitou Research, Inc. is an American company. Questions, data deletion requests, or legal inquiries may be directed to:
Manitou Research, Inc.
2200 Wilson Boulevard, Suite 102-450 Arlington, VA 22201
Email: legal@crowdscribe.io
We aim to respond to all privacy-related inquiries within 10 business days. Requests for biometric data deletion will be processed consistent with the Retention Schedule and applicable law.