Orpheus
Menu
Use cases Pricing Blog Docs Sign in
English
English 中文
Get API key

Privacy Policy

Last updated: April 24, 2026

Orpheus ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Orpheus AI audio platform and related services (collectively, the "Service").

This policy is intended to describe our current product and operating practices. It is not a guarantee that every privacy or deletion workflow is already self-service in every product path.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your email address. If you use third-party sign-in (such as Google OAuth), we obtain your email and basic profile information from that provider.
  • Payment Information: Payments for paid services are processed through PCI DSS-compliant third-party payment processors. We do not directly store your credit card number. Payment processing is governed by the processor's own privacy policy.
  • Audio Data: Audio and video files you upload, record, or submit via the API.
  • Communications: Messages you send to us via email or other channels.

1.2 Information Collected Automatically

  • Usage Data: API call counts, audio duration processed, feature usage, and error logs.
  • Device and Browser Information: Browser type and version, operating system, and screen resolution.
  • IP Address: Used for rate limiting, security protection, and approximate geolocation determination. We do not use IP addresses for precise location tracking.
  • Cookies and Similar Technologies: Please refer to our Cookie Policy.

1.3 Information We Do Not Collect

  • We do not collect your real name, phone number, or address (unless you voluntarily provide it).
  • We do not collect biometric data through the Service. Audio is converted to text after processing; no voiceprints are extracted.
  • We do not knowingly collect information from children under the age of 16.

2. How We Use Your Information

PurposeLegal Basis
Providing the Service: processing audio, generating transcriptions, subtitles, and translationsPerformance of contract
Billing and account management: processing payments, managing subscriptionsPerformance of contract
Improving the Service: analyzing usage patterns, fixing bugs, optimizing performanceLegitimate interest
Security and compliance: detecting fraud, preventing abuse, protecting safetyLegitimate interest / Legal obligation
Communications: service updates, security alerts, support messagesPerformance of contract / Consent
Legal compliance: meeting legal requirements, responding to legal processLegal obligation

3. Audio Data Processing

3.1 Unregistered Users (Free Tools)

Audio submitted by unregistered users through the free web tools:

  • Audio is processed in real time in memory by our cloud-based AI engine
  • Transcription results are stored temporarily so the browser can retrieve the result
  • Anonymous demo content follows the retention policy configured for the public demo path
  • IP addresses are used for rate limiting (5 demos per day, 3 per minute) and are not linked to audio content

3.2 Registered Users

Data from registered users:

  • Uploaded audio files are stored in encrypted cloud storage
  • Transcription results and metadata are stored in an encrypted database
  • Self-service deletion controls are being rolled out across product surfaces
  • You may contact us to request account-level deletion or erasure while self-service account deletion is being completed

3.3 API Users

Audio submitted via the API:

  • Synchronous requests: audio is processed in memory without persistent storage
  • Asynchronous tasks: audio is stored in cloud storage until the task is completed, then handled according to our retention policy
  • Task metadata (status, duration, billing) is retained in our database

3.4 AI Model Training

By default, your audio data and transcription content are not used to train AI models.

Currently, Orpheus uses pre-trained third-party AI models for audio processing and does not perform custom model training by default. Third-party providers process content to provide the Service under their applicable terms and our configured product settings. If we introduce Orpheus model training capabilities in the future, we will:

  • Provide clear opt-in/opt-out settings
  • Use your data only after obtaining your explicit consent
  • Provide advance notice in our Terms of Service and Privacy Policy

4. Data Sharing

We never sell your personal data. We may share your information only in the following limited circumstances:

4.1 Service Providers (Data Processors)

We may disclose personal data to the following categories of service providers who work on our behalf:

  • Cloud Infrastructure and AI Providers: Provide computing, data storage, content delivery, and AI inference services. Your audio data is processed in the cloud and handled according to our retention policies and provider configuration.
  • Payment Processors: We use PCI DSS-compliant third-party payment processors to handle payments. We do not directly store your credit card number. Payment processing is governed by the processor's own privacy policy.
  • Authentication Services: Provide account registration, sign-in, and session management functionality.

These providers process your data only to the extent necessary to perform services on our behalf and are bound by contractual obligations to protect your data. For a list of the specific sub-processors we currently use, please contact [email protected].

4.2 Legal Requirements

We may disclose your information when required by law, court order, or a lawful request from a law enforcement authority.

4.3 Business Transfers

In the event of a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of the transaction. We will notify you of any such transfer and, where applicable, provide you with an opportunity to opt out.

5. Data Security

We employ industry-standard technical and organizational measures to protect your data:

  • Encryption in Transit: All data is transmitted via TLS 1.2+ / HTTPS
  • Encryption at Rest: Data at rest is encrypted in cloud storage
  • API Key Security: API keys are stored using SHA-256 hashing; original keys are unrecoverable
  • Access Controls: Principle of least privilege; only authorized personnel may access production systems
  • Workspace Isolation: Each user's data is logically isolated from other users
  • Security Reviews: Regular security reviews and dependency updates are conducted

While we make every effort to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

Data TypeRetention Period
Unregistered user audio/transcriptionsTemporary retention according to the public demo policy
Registered user files and transcriptionsRetained according to the plan and product path retention policy
Account informationRetained while the account is active, and afterward as needed for legal, billing, fraud-prevention, and security obligations
Billing and transaction recordsRetained as required by law (typically 3-7 years)
Server logs90 days (for security and debugging)
Anonymous aggregate analyticsIndefinitely (contains no personal information)

7. Your Rights

Depending on the data protection laws applicable in your jurisdiction (including, but not limited to, the GDPR and China's Personal Information Protection Law), you may have the following rights:

  • Right to be Informed: To know how we collect and use your data (this policy serves that purpose)
  • Right of Access: To request a copy of the personal data we hold about you
  • Right to Rectification: To request correction of inaccurate or incomplete personal data
  • Right to Erasure ("Right to Be Forgotten"): To request deletion of your personal data
  • Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format
  • Right to Restrict Processing: To request restriction of processing of your data in certain circumstances
  • Right to Object: To object to processing based on legitimate interests
  • Right to Withdraw Consent: To withdraw consent you have previously given at any time
  • Right Not to Be Subject to Automated Decision-Making: Not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects

To exercise any of these rights, please email [email protected]. We will respond within the timeframe required by applicable law.

If you believe we have not adequately addressed your request, you have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction.

8. International Data Transfers

Orpheus uses globally distributed cloud infrastructure to provide the Service. Your data may be transferred to and processed on servers located outside your country or region. Our infrastructure operates across multiple regions worldwide, and data may be processed across multiple jurisdictions to provide optimal performance and availability.

For data transferred from the European Economic Area (EEA) or the United Kingdom, we rely on Standard Contractual Clauses (SCCs) or other applicable data transfer mechanisms to ensure compliance.

9. Children's Privacy

The Service is not directed at children under the age of 13 (in the United States) or 16 (in other jurisdictions). We do not knowingly collect personal information from children below these ages. If we discover that we have collected such information, we will promptly take steps to delete the relevant data. If you believe your child has provided us with personal information, please contact us.

10. Additional Rights for California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know the categories and sources of personal information we collect
  • The right to request deletion of your personal information
  • The right not to be discriminated against for exercising your privacy rights
  • The right to opt out of the "sale" of personal information (we do not sell personal information)

11. Additional Notice for Users in China

If you are a user in the People's Republic of China, we process your personal information in accordance with the Personal Information Protection Law (PIPL), the Cybersecurity Law, and the Data Security Law of the People's Republic of China.

  • We process your personal information only with your consent or as otherwise permitted by law
  • Cross-border data transfers comply with applicable Chinese laws and regulations
  • You have the right to access, copy, correct, and delete your personal information

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We recommend that you review the privacy policy of every third-party website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated policy will be posted on this page with an updated "Last updated" date. For material changes, we will notify you by:

  • Displaying a prominent notice within the Service
  • Sending a notification to your registered email address

We encourage you to review this policy periodically for the latest information.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy, please contact us:

Email: [email protected]

We will make every effort to respond promptly and within the timeframe required by applicable law.