Privacy Policy

Last updated: 15 June 2026 · Effective date: 15 June 2026

This Privacy Policy explains how Bence Borbély (the "Operator", "we", "us"), operating the WiseGPT service at wisegpt.app, collects, uses, stores, and protects your personal data. It applies to all users of the website and the Service.

We are subject to the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). If you have any questions, contact us at support@wisegpt.app.

Contents

Data We Collect
How We Use Your Data
Lawful Bases for Processing
Content You Submit
Cookies and Local Storage
Third-Party Processors
International Data Transfers
Data Retention
Your Rights Under GDPR
Children's Privacy
Changes to This Policy
Contact and Supervisory Authority
Open Source Notices

1. Data We Collect

1.1 Account data

When you register, we collect your first name, last name, email address, date of birth, and chosen subscription plan. Email/password accounts are stored in AWS Cognito. Google sign-in accounts are stored in our own database, linked to your Google account identifier.

1.2 Payment and billing data

When you subscribe to Premium, Stripe collects and processes your full payment card details. We never see or store your full card number. We store only:

The last four digits of your card, expiry date, and cardholder name (for display purposes in your profile).
Your billing address (if provided).
A Stripe customer ID to link your account to Stripe's records.
A payment history (date, amount, description) for each charge or refund.

1.3 Usage data

We record the following for each extraction job you run:

Timestamp of the job, its status, and which content tab was used (YouTube, Media, Document, Webpage, or Text).
Number of analysis patterns selected.
Monthly and total extraction counts linked to your account.

We do not log your IP address or browser fingerprint in relation to extraction jobs.

1.4 Extraction results

The structured output of each extraction (summaries, ideas, quotes, etc.) is cached as a JSON file on our server and linked to your account history. You can view and delete these results at any time from your profile.

1.5 Technical / server logs

Our web server may generate standard server logs that include IP addresses, request paths, HTTP status codes, and timestamps. These logs are used solely for diagnosing errors and monitoring service health and are not used for tracking individual users. Logs are rotated and deleted automatically after a short retention period.

2. How We Use Your Data

Data used	Purpose
Name, email, date of birth, plan	Create and manage your account
Email, encrypted session token	Authenticate you on each visit
Submitted content, job records, result cache	Provide the extraction Service
Monthly extraction count	Enforce plan limits (Free: 10/month)
Stripe customer ID, billing address, payment history	Process subscription payments
Job records, payment history, card last 4 digits	Show your usage history and billing
Extraction result text sent to OpenAI API	Fix grammar / translate outputs (Premium feature)
Name, email, content of your message	Respond to support enquiries
Server logs, account activity	Detect abuse and protect the Service
Date of birth (not used for any other purpose)	Verify minimum age eligibility

We do not use your data for advertising, sell it to third parties, or use it for automated profiling or decision-making that produces legal or similarly significant effects on you.

3. Lawful Bases for Processing

Under GDPR Article 6, we process your data on the following lawful bases:

Contract performance (Art. 6(1)(b)) — Processing your account data, running extraction jobs, enforcing plan limits, and handling payments are all necessary to deliver the Service you signed up for.
Legitimate interests (Art. 6(1)(f)) — Server logging and abuse detection are necessary to protect the integrity of the Service. We have balanced these interests against your rights and concluded that they do not override your fundamental privacy interests.
Legal obligation (Art. 6(1)(c)) — We retain payment records for as long as required by applicable tax and accounting law (see Section 8).

4. Content You Submit

When you use WiseGPT, you may submit various types of content for analysis:

YouTube URLs — We retrieve the publicly available transcript for the video via the YouTube transcript API. We do not download or store the video itself. The transcript may be cached temporarily to avoid re-fetching.
Uploaded files (video, audio, PDF, documents) — Files are uploaded to our server, processed (transcribed and/or text-extracted), and then deleted automatically once processing is complete. Raw uploaded files are never stored long-term.
Web page URLs — We fetch the text content of the page at the time of submission. We do not store the raw page content; only the extracted result is cached.
Pasted text — Processed immediately; only the extracted result is retained. The raw input text is not stored.

For audio and video files requiring transcription, the audio is processed locally on our server using an on-device speech-recognition model (Faster Whisper). Audio is not sent to any third party for transcription.

If you use the translation feature, the text of your extraction result is sent to the OpenAI API for processing. OpenAI does not use API-submitted data to train its models (see OpenAI API Data Usage Policy).

5. Cookies and Local Storage

Session cookie

We set a single session cookie after you log in. It contains an encrypted version of your identity (name, email, plan) and a refresh token used to keep you logged in without requiring a password on every visit. This cookie is essential for the Service to function; the site cannot operate without it. It expires when your Cognito session expires or when you log out.

Local storage (theme preference)

We store your chosen colour theme (light, dark, or system) in your browser's localStorage. This data never leaves your device and is not transmitted to our servers.

We do not use analytics cookies, advertising cookies, or any third-party tracking scripts.

6. Third-Party Processors

We share your data with the following processors only to the extent necessary to operate the Service:

Processor	Purpose	Data shared	Location
Amazon Web Services (Cognito)	User identity, authentication, email verification	Name, email, date of birth, plan, password hash	USA (us-west-2)
Amazon Web Services (EC2)	Server hosting for all application data	All data stored in our database and file cache	USA (us-west-2)
Stripe, Inc.	Payment processing, subscription management	Email, billing address, full card details (handled by Stripe directly)	USA
OpenAI, LLC	Grammar correction and translation of extraction results	Extraction result text (when you use these features)	USA
Google LLC	Sign-in via Google (OAuth 2.0); YouTube transcript retrieval	Google account ID, name, email (on sign-in)	USA

We do not share your data with any other third parties except as required by law.

7. International Data Transfers

All third-party processors listed above are based in the United States. Transfers of your personal data from the EU to the USA are carried out under the EU–US Data Privacy Framework (DPF) (Commission Implementing Decision (EU) 2023/1795), under which Amazon, Stripe, OpenAI, and Google have certified their compliance. Where DPF certification is not available for a specific transfer, we rely on Standard Contractual Clauses (SCCs) as the appropriate safeguard.

You may obtain a copy of the relevant safeguards by contacting us at support@wisegpt.app.

8. Data Retention

Data	Retention period
Uploaded files (video, audio, documents)	Deleted immediately after processing completes
Extraction results (JSON cache)	Until you delete them or close your account
Transcript cache	Until the associated extraction result is deleted
Job records and usage statistics	Until you close your account
Account data (name, email, DOB, plan)	Until you request deletion or close your account
Payment history	5 years from the date of each transaction (Hungarian accounting law)
Server logs	Up to 30 days, then deleted automatically
Session cookie	Until you log out or the token expires

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights. To exercise any of them, email us at support@wisegpt.app. We will respond within 30 days.

Right of access (Art. 15) — Request a copy of the personal data we hold about you.
Right to rectification (Art. 16) — Ask us to correct inaccurate or incomplete data. You can also update your name and date of birth directly in your profile settings.
Right to erasure (Art. 17) — Request deletion of your account and personal data. We will delete all data except what we are legally required to retain (e.g. payment records).
Right to restriction of processing (Art. 18) — Ask us to pause processing of your data in certain circumstances.
Right to data portability (Art. 20) — Request your personal data in a structured, machine-readable format.
Right to object (Art. 21) — Object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right not to be subject to automated decisions (Art. 22) — We do not make automated decisions that produce legal or similarly significant effects on you.

You also have the right to withdraw consent at any time where we rely on consent as a lawful basis (we currently do not, but will notify you if this changes).

10. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us at support@wisegpt.app and we will delete the data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the new policy takes effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

12. Contact and Supervisory Authority

For any privacy-related questions or to exercise your rights, contact us at:
Email: support@wisegpt.app
Operator: Borbély Bence, European Union

If you are not satisfied with our response, you have the right to lodge a complaint with your national data-protection supervisory authority. In Hungary, the competent authority is:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Website: www.naih.hu
Email: ugyfelszolgalat@naih.hu

EU residents may also contact the supervisory authority of their own EU member state of residence or place of work.

13. Open Source Notices

WiseGPT uses the following open-source software. We are required by their respective licences to reproduce the copyright notice and licence text below.

Fabric

WiseGPT uses Fabric to run AI analysis patterns on content.
Source: github.com/danielmiessler/fabric

MIT License Copyright (c) Daniel Miessler Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.