LiveInterpret.AI ← back

Privacy Policy

Version 1.0, published 2026-07-12. This policy covers the LiveInterpret.AI platform (liveinterpret.app) and the OpenChurch instance at live.openchurch.cz, both operated by Ondřej Plevka, sole trader (OSVČ), IČO 88181782, registered seat Nad úžlabinou 445/20, 108 00 Praha 10 – Malešice, Czech Republic ("we", "the Operator"). See the Legal Notice for full identification and contact. All primary infrastructure is hosted in the EU.

Our two roles

For personal data contained in event speech and transcripts, the organization running the event (the church, conference, or host) is the controller and we act as its processor under the Data Processing Addendum. For the account, billing, and website data we handle to run the service, we are the controller. For events on live.openchurch.cz that we host ourselves, we are the controller for those events.

Listeners (the audience)

No accounts, no tracking. Listening requires no registration; audience pages set no cookies and we do not use advertising or analytics trackers. Operational metrics (listener counts, connection health) are aggregated and contain no identity. Audience audio is received, translated, and discarded in transit; the service does not store event audio. Transcript text is stored only where archiving is enabled (see below).

Organizations (churches / event hosts)

We process: contact details from access requests and sign-up (name, e-mail, message); operator account names and credentials (passwords are stored only as salted hashes); linked sender-device names; and usage and billing records (language-minutes, credits, payments via Stripe). Legal basis: performance of the contract with your organization (Art. 6(1)(b)) and our legitimate interest in operating, securing, and billing the service (Art. 6(1)(f)).

Speech content and AI processing

Live audio is streamed to our EU servers and forwarded to our translation model provider, Google (Gemini API), for real-time processing. Under our paid-tier API terms, Google does not use this audio or its transcripts to train or improve its models (per Google's Gemini API / Cloud Data Processing terms for paid services). Translation is generated by an automated model; we do not review event content.

Transcript archiving and retention

Optional archiving stores caption text only (never audio) on our EU servers. It is off by default for organizations created on LiveInterpret.AI and must be switched on per organization. The live.openchurch.cz instance keeps archiving on for its own events. Archived transcripts are kept for the retention window the organization configures; if none is set they are retained until the organization deletes them or closes its account. Because transcripts can contain sensitive content (see below), we recommend organizations set a retention window (dashboard → settings) so old transcripts are purged automatically.

Special-category data (religious content)

Speech at religious or similar events may reveal beliefs and therefore special-category data under Art. 9 GDPR. The organization running the event is responsible for the lawful basis for capturing, translating, and (if enabled) archiving its event audio — for example the public and voluntary nature of a worship service, or explicit consent where required. For events we host on live.openchurch.cz, we are responsible for that basis.

Children

The service is provided to organizations and their events, not directed at children, and audience pages collect no personal data from anyone. We do not knowingly collect personal data from children through account sign-up. Where an event's audience includes minors, the organizing organization is responsible for any notices or consents its own context requires.

International transfers

Our primary hosting, storage, and payment processing use EU-based infrastructure and entities. Real-time translation uses Google's Gemini API (developer API) on a paid (billed) plan, under which Google does not use the data to train or improve its models. Google processes this data on a global basis, which may include processing outside the EEA, under Google's Gemini API terms. An EEA data-residency option for this translation model is not currently available (the model is not yet offered on Google Vertex AI); we will reassess residency if Google releases it there. Transactional e-mail (Resend) and edge/DNS/CDN services (Cloudflare) may also process limited data outside the EEA under the EU Standard Contractual Clauses (Art. 46 GDPR) in their data processing agreements.

Subprocessors

ProviderPurposeRegion / safeguard
Google (Gemini API, developer API, paid tier)real-time speech translationglobal processing per Google's Gemini API terms; no training on paid-tier data
Hetzner Online GmbHhosting and computeGermany (EEA)
Cloudflare, Inc.DNS, TLS, CDN/proxy and bot protection (liveinterpret.app)global edge; EU SCCs
Stripe (Stripe Payments Europe, Ltd.)payments and tax calculationEU entity for EU customers
Resendtransactional e-mail (sign-in, account)US; SCCs

A current subprocessor list is available on request. We announce material changes to organizations in advance (see the DPA).

Cookies

We use only strictly-necessary cookies: lt_session (HttpOnly operator-dashboard session), lt_grant (short-lived, one-time sign-in hand-off), the control-plane admin session, and — on liveinterpret.app only — Cloudflare's security/bot-management cookies (e.g. __cf_bm). We set no analytics, advertising, or cross-site tracking cookies, and audience pages set no cookies at all, so no consent banner is required.

Data retention

Billing and invoicing records are kept as required by Czech accounting and tax law. Access requests and sign-up messages are deleted on request once handled. Operator accounts and sender devices are deleted when the organization removes them or closes its account. Transcripts follow the retention rules above. Backups roll off on their own cycle.

Your rights

You have the GDPR rights of access, rectification, erasure, restriction, portability, and objection. For event/transcript data where your organization is the controller, contact your organization; we will assist it as its processor. Contact us via the request form on the homepage, by e-mail at [email protected], or the postal address in the Legal Notice. You may lodge a complaint with the Czech supervisory authority, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7.

Security

TLS on all connections; hashed operator passwords; per-organization isolation; per-device revocable sender credentials; audit logging of control actions; EU-only primary hosting; and access limited to the Operator. See the DPA for the processor security measures.

Changes

We may update this policy; material changes are announced to the contact e-mail on file and reflected in the version line above.

Reviewed for accuracy against the live platform on 2026-07-12. This document is prepared by the Operator and is not legal advice; independent Czech/EU counsel should confirm it before general availability.