Privacy Policy
Last updated: May 31, 2026
1. Introduction
At BlurtWorks, we prioritize your data privacy. This Privacy Policy details how we collect, store, and secure your personal credentials and encrypted synchronization data. We process all records in compliance with GDPR and CCPA regulations.
2. Data We Collect
We collect the minimum amount of data required to authenticate your profile and manage subscription licensing:
- Account Information: Email address and profile display names provided during signup.
- Licensing Diagnostics: CPU, disk, MAC address, and mother-board hash values to enforce the 3-device hardware concurrent activation limits.
- Billing Metadata: Customer billing tokens generated by Stripe. We do not store credit card details directly on our servers.
- Zero-Knowledge Payload Data: Ciphertext sync envelopes (transcripts and media files) encrypted with your user-derived DEK keys. We cannot read or parse these files.
3. Storage & Infrastructure
Our infrastructure is hosted on secure managed cloud providers:
- Database and authentication frameworks are processed via our own secure, self-hosted PostgreSQL database using Prisma ORM and NextAuth.js.
- Encrypted file media is stored inside private, egress-free Cloudflare R2 buckets using signed access URLs.
- Transactional emails are routed using Resend SMTP infrastructure.
4. Your Rights (GDPR / CCPA)
Under global privacy rules, you possess the right to:
- Right of Portability: Export all transcripts and associated account diagnostics directly from the user dashboard.
- Right to Erasure (Deletion): Cascade-delete your profile, licenses, support tickets, and purge all active ciphertext files from Cloudflare R2 immediately.