Privacy Policy

1. Data Controller

The data controller for data processing on this website is:

Jörg Harm
Meleuner Str. 40
70569 Stuttgart
Germany

Email: [E-Mail geschützt]

2. Collection and Storage of Personal Data

2.1 When Visiting the Website

When you access our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until automated deletion:

• IP address of the requesting computer (anonymized; the last 2 bytes are replaced with 0)
• Date and time of access
• Name and URL of the retrieved file
• Website from which access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer

The aforementioned data is processed for the following purposes:

• Ensuring a smooth connection to the website
• Ensuring comfortable use of our website
• Evaluation of system security and stability

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

2.2 During Registration and Use of the Service

Registration is required to use SpokenEdit. During registration, we collect the following data:

• Full name
• Email address
• Password (stored encrypted)

This data is required for contract fulfillment and the provision of our service (Art. 6 (1) (b) GDPR).

During use of the service, the following additional data is processed:

• Uploaded audio files and their metadata
• Created markers, comments, and feedback
• Project and workspace data
• Usage data (e.g., last activity)

3. Disclosure of Data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

• You have given your explicit consent (Art. 6 (1) (a) GDPR)
• The disclosure is necessary for contract fulfillment (Art. 6 (1) (b) GDPR)
• There is a legal obligation for the disclosure (Art. 6 (1) (c) GDPR)
• The disclosure is necessary for the establishment, exercise, or defense of legal claims (Art. 6 (1) (f) GDPR)

4. Cookies

We use cookies on our website. These are small files that your browser automatically creates and stores on your device.

We use only technically necessary cookies:

• Session cookie: For authentication and session management
• Theme cookie: For storing your display preferences (light/dark mode)

These cookies are strictly necessary for the operation of the website and are set based on Art. 6 (1) (f) GDPR.

5. Web Analytics (Matomo)

We use Matomo (formerly Piwik), an open-source software for statistical analysis of visitor access, on our website. Matomo is operated on our own infrastructure (self-hosted at analytics.spokenedit.com) – no data is transmitted to third parties.

5.1 Processing without Cookies

Matomo is configured so that no cookies are set. Tracking is entirely cookie-free. No cookie consent banner is required for analytics purposes.

5.2 Data Collected

The following data is collected:

• Anonymized IP address (the last 2 bytes are removed)
• Pages visited and time of access
• Referrer URL (where the visit came from)
• Browser and operating system used
• Screen resolution and device type
• Country/region (based on the anonymized IP address)

5.3 Legal Basis

Processing is based on our legitimate interest in statistical analysis of user behavior to optimize our service (Art. 6 (1) (f) GDPR). Through the cookie-free configuration and IP anonymization, the impact on your rights is reduced to a minimum.

5.4 Right to Object (Opt-out)

You can object to data collection by Matomo at any time by enabling the “Do Not Track” setting in your browser. Matomo automatically respects this setting.

Alternatively, you can disable tracking directly here:

6. External Services

6.1 Hosting

This website is hosted by ALL-INKL.COM – Neue Medien Münnich (Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany). When you visit our website, the server automatically records the data listed in Section 2.1 in server log files.

All content uploaded by users (audio files, marker data, project data) is stored on ALL-INKL.COM servers in Germany. No data is transferred to third countries.

The use of ALL-INKL.COM is based on Art. 6 (1) (f) GDPR (legitimate interest in reliable provision of our website) and on a data processing agreement pursuant to Art. 28 GDPR.

For more information about data protection at ALL-INKL.COM, please refer to the ALL-INKL.COM Privacy Policy.

6.2 Local Resources

All fonts and styling resources (CSS/JavaScript) are loaded locally from our servers. No data is transferred to external CDN providers such as Google Fonts.

This means your IP address is not transmitted to third parties when you visit our website.

6.3 Payment Processing (Paddle)

For processing paid subscriptions, we use the payment service provider Paddle.com Market Limited (15 Briery Close, Great Oakley, Corby, Northamptonshire, NN18 8JG, United Kingdom). Paddle acts as the "Merchant of Record" and is the contractual seller for paid subscriptions. Paddle handles all payments, invoicing, sales tax collection, and refunds in its own name.

During the payment process, the following data is transmitted to Paddle:

• Email address
• Payment data (e.g., credit card details, PayPal ID) – these are processed exclusively by Paddle and are not shared with us
• Transaction data (amount, timestamp, selected plan)
• IP address and device information (for fraud prevention)

The legal basis for data transmission to Paddle is Art. 6 (1) (b) GDPR (contract fulfillment). The processing is necessary to provide the paid service you have selected.

Paddle sets its own cookies exclusively within the Paddle checkout iframe on Paddle's domain. These cookies are not covered by our cookie policy as they are not set on our domain.

For more information about data protection at Paddle, please refer to Paddle's Privacy Policy.

7. Email Communication

7.1 Transactional Emails

We send emails for the following purposes:

Account & Security

• Registration confirmation
• Welcome email after successful email verification
• Password reset
• Confirmation of an email address change (sent to the new address)
• Security notice for an email address change (sent to the previous address)

Collaboration & Review

• Workspace and project invitations
• Review link sent to external reviewers
• Notification when a review is completed (sent to project members)
• Notification when a chapter is approved (sent to project members)

Subscription & Data Management

• Subscription cancellation confirmation
• Notice of upcoming audio file deletion for free plan users (14 days in advance)
• Audio file expiry warning for free plan users (3 days in advance)
• Event ticket expiry warning
• Notification when an event account has expired
• Notification after the grace period has ended and data has been deleted

These emails are required for contract fulfillment (Art. 6 (1) (b) GDPR).

7.2 Contact Form & Feedback

When you use our contact form or the beta feedback feature, your email address is transmitted to us along with your message so that we can respond to you. Processing is based on your consent and our legitimate interest in responding to your enquiry (Art. 6 (1) (a) and (f) GDPR). Your data will be used exclusively for processing your request and deleted thereafter.

7.3 Marketing Emails

If you consent to receiving marketing emails during checkout via our payment provider Paddle, we may occasionally send you product updates and offers by email.

Legal basis: Art. 6 (1) (a) GDPR (consent).

You may withdraw your consent at any time — via the unsubscribe link included in every marketing email or by contacting us at our email address. Your consent status and the timestamp of the last change are stored by us (accountability obligation pursuant to Art. 7 (1) GDPR).

8. Your Rights

You have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

You can delete your user account at any time in the settings. All data associated with your account will be irrevocably deleted.

You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

9. Data Security

We use the widely used SSL (Secure Socket Layer) method in combination with the highest encryption level supported by your browser during the website visit.

Passwords are stored exclusively encrypted (hashed) and cannot be viewed by us.

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.

10. Storage Duration

We store personal data only as long as necessary for the fulfillment of the purposes for which they were collected or as required by statutory retention obligations.

After deletion of your user account, your personal data will be completely removed from our systems within 30 days, unless statutory retention obligations prevent this.

11. Data Processing on Behalf (Art. 28 GDPR)

Where we process personal data on behalf of our users (e.g. audio files containing voices of narrators, markers and comments from team members), we act as a data processor within the meaning of the GDPR.

For this processing, we provide a Data Processing Agreement (DPA) that governs the rights and obligations of both parties pursuant to Art. 28 GDPR.

12. Updates to this Privacy Policy

This privacy policy is currently valid as of February 2026.

Due to the further development of our website and offerings or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed at any time on this website.