The following document goes into effect on May 4, 2025, replacing the prior version (accessible here). Continued use of the Websites and/or Services on or after April 18, 2025 signifies acceptance of the changes.

<div class="gray-line"></div>

Welcome to AssemblyAI! Before accessing or using our Offerings, please read the following Privacy Policy (“<u>Privacy Policy</u>”).

‍

This Privacy Policy is designed to help you understand what personal information we collect and how we use and share that information.

‍

Throughout this Privacy Policy we’ll refer to ourselves as “<u>we,</u>” “<u>us</u>”, “<u>our</u>”, or “<u>AssemblyAI</u>”.  Depending on how you are using our Offerings, we may refer to you as “<u>you”</u>, “<u>your</u>”, “<u>yours</u>”, “<u>User</u>”, “<u>Customer</u>”, or “<u>Visitor</u>". Moreover, when interpreting this Privacy Policy, note that the words “include,” “includes,” and “including” are deemed to be followed by the words “without limitation”. Similarly, the word “or” is not exclusive, and the words “herein,” “hereof,” “hereto,” and “hereunder” refer to this Privacy Policy as a whole.

‍

This Privacy Policy applies to Offerings made available by AssemblyAI. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account with us (if applicable). This Privacy Policy also applies solely to information collected by us. Even if a third-party is affiliated with us through a business partnership or otherwise, we are not responsible for the privacy practices of such third-party. We encourage you to familiarize yourself with the privacy policies of such third-parties to determine how they handle any information they separately collect from or about you.

‍

By using or accessing our Offerings, you are accepting the practices described in this Privacy Policy. We may also update this Privacy Policy (in our sole discretion). Non-material changes (such as clarifications) to this Privacy Policy will become effective on the change date. We will however notify you in advance of any material changes to this Privacy Policy, as appropriate. The date on which the latest update was made will be indicated at the top of this document. As such, we recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Use of our Offerings after a change has been made will signify your acceptance of such change(s).

‍

If you have any questions about our Privacy Policy, how we collect, store, or process your Personal Information, or anything else related to our privacy or security practices, you may contact us anytime (see Contact Us below)!

<div class="gray-line"></div>

1.<span class="indent">&nbsp;</span>DEFINITIONS

1.1<span class="indent"></span>Applicable Law. “<u>Applicable Law</u>” means all data protection laws and regulations applicable to a Party’s Processing of Personal Information or Personal Data under this Privacy Policy.

‍

1.2<span class="indent"></span>CCPA. “<u>CCPA</u>” means the California Consumer Privacy Act of 2018, California Civil Code Section 1798.100, et seq., and, effective January 1, 2023, as amended by the California Privacy Rights Act of 2020 (“<u>CPRA</u>”), and its implementing regulations.

‍

1.3<span class="indent"></span>Customer. "<u>Customer</u>" means any Customer that has entered into an agreement with AssemblyAI to use AssemblyAI's services.

‍

1.4<span class="indent"></span>EU Data Protection Laws. “<u>EU Data Protection Laws</u>” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“<u>GDPR</u>”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); (iv) in respect of the United Kingdom (“<u>U.K.</u>”), the UK GDPR, and (v) in respect of Switzerland, the Federal Act on Data Protection of 19 June 1992 (“<u>FADP</u>”) .

‍

‍1.5<span class="indent"></span>Offerings. “<u>Offerings</u>” means the collection of Websites and Services where AssemblyAI may process your Personal Information, subject to this Privacy Policy.

‍

1.6<span class="indent"></span>Personal Data. “<u>Personal Data</u>” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person or particular household.

‍

1.7<span class="indent"></span>Personal Information. "<u>Personal Information</u>" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person or particular household.

‍

1.8<span class="indent"></span>Services. “<u>Services</u>” refers to AssemblyAI's products, web and mobile applications and services, in each case in whatever format they may be offered now or in the future.

‍

1.9<span class="indent"></span>Visitor. "<u>Visitor</u>" refers to anyone accessing an AssemblyAI website, including our main company website at https://www.assemblyai.com.

‍

1.10<span class="indent"></span>Websites. “<u>Websites</u>” means AssemblyAI's websites (including https://www.assemblyai.com), and any successor URLs, mobile or localized versions and related domains and subdomains, and other content web pages we control and have made accessible to you.

2.<span class="indent">&nbsp;</span>INFORMATION WE COLLECT

‍

3.<span class="indent">&nbsp;</span>RETENTION

In general, we retain Customer data in the typical course, subject to minimum purpose limitation principles. In that, we retain data for the longer of:

• subject to the applicable Customer contract;
• as required by applicable law or industry certification requirement; or
• for the limited purpose for which the data was collected and processed.

‍

To determine the appropriate retention period for Personal Information, we may consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.

‍

For further information on our Customer Data-related retention schedules, please see our Support Documentation.

4.<span class="indent">&nbsp;</span>HOW WE USE PERSONAL INFORMATION

How we use your Personal Information depends on the type of user you are, the Personal Information you provide to us, which Offerings you use, as well as how you use them. In general, we use Personal Information in the following ways, in addition to those noted above:

‍

5.<span class="indent">&nbsp;</span>DISCLOSURE OF YOUR PERSONAL INFORMATION

If, when, and where we disclose your Personal Information also depends on a number of considerations, such as the type of user you are, the Personal Information you provide to us, which Offerings you use, how you use them, or the business purpose for the disclosure. In general, we disclose Personal Information in the following ways, in addition to those noted above:

‍

‍

When disclosing your Personal Information, will take all necessary and reasonable steps to ensure that your data is treated confidentially and securely, in accordance with this Privacy Policy, including that such information not be transferred by us to an organization or a country unless there are adequate controls in place.

6.<span class="indent">&nbsp;</span>SERVICE PROVIDERS

As mentioned earlier, we may employ third-parties (“<u>Service Providers</u>”) to support our business or Offerings, including assisting with evaluating and protecting Offering-related security, processing payments, verifying customers and login information, developing products and services, analyzing our business and services, performing maintenance or audit functions, and providing marketing and business development support services.

‍

If any such Service Provider is given access to your Personal Information, Service Providers are required to agree by contract to expressly limit their use of data we provide, protect your Personal Information, and not disclose or use it for any other purpose than as contracted.

‍

Please visit our trust center for a list of Service Providers, including Service and non-Service related data processors.

7.<span class="indent">&nbsp;</span>YOUR CONTROL, YOUR CHOICES

7.1<span class="indent"></span><u>Communication Preferences</u>.

‍

You have a number of mechanisms available to you to control the Personal Information you share with us, and how we use and disclose the same. For example:

‍

‍

‍7.2<span class="indent"></span><u>Right to Access, Edit, and Remove your Information</u>.

‍

Whenever you use our Offerings, we strive to make sure that the Personal Information is correct. However, if your Personal Information is inaccurate, we will do our best to provide you ways to update it quickly or delete it, unless we have a countervailing reason to keep such information for our legitimate business or other legal purposes. If we are updating your Personal Information, we may ask you to verify your identity before making any changes. We may also reject requests, including those that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be impractical (for instance, requests concerning information residing on backup systems).

‍

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. Because we protect information from accidental or malicious destruction, even after information is deleted from the Services, it may not be immediately deleted from AssemblyAI's servers.

‍

Notwithstanding the above, there are circumstances where we may not be able to remove your Personal Information upon request, in which case we will let you know if we are unable to do so and why.

‍

To request information about, access to, corrections of, or removal of your Personal Information within our Websites or Services, please contact us (see Contact Us below).

8.<span class="indent">&nbsp;</span>SECURITY MEASURES

The security of your Personal Information is important to us. To that end, we maintain a variety of appropriate technical, administrative, physical, and organizational safeguards to protect your Personal Information, and any Customer Data submitted to and processed within our Services. However, no methods of internet transmission, electronic storage, or other security modalities, are completely secure. Therefore, while we strive to use reasonable efforts to protect your Personal Information, we cannot guarantee absolute security.

‍

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and always safeguard your account credentials (e.g., username, password) when using the Services. Furthermore, you are responsible (under our Terms of Services) for maintaining the security of your login credentials, and any personal computing device on which you utilize the Services.

9.<span class="indent">&nbsp;</span>NO CHILDREN UNDER AGED 13

Our Offerings are not intended for children under 13 years of age. No one under age 13 may provide any information to, on, or through our Offerings. We do not knowingly collect personal information from children under 13. If you are under 13, do not for example: use or provide any information on to, on, or through our Offerings, or through any of its features; register on our Websites or set up Services accounts; process any files through our Services; use any interactive or public comment features of our Websites; provide any information about yourself to us, including your name, address, telephone number, email address, or any username you may use; or interact with AssemblyAI in any other way.

‍

If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us (see Contact Us below).

10.<span class="indent">&nbsp;</span>INTERNATIONAL TRANSFER

AssemblyAI is headquartered in the United States and has Service Providers in other countries. Your Personal Information may be transferred for storage and processing to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. By providing your Personal Information through the Services, you acknowledge that you are transmitting your Personal Information to us in the United States and that we may transfer, store, and process your Personal Information in accordance with Applicable Laws, unless otherwise provided for in our Terms of Services, an Order Form, or other agreement with you.

11.<span class="indent" id="EU")>&nbsp;</span>ADDITIONAL INFORMATION FOR EUROPEAN USERS

This section discusses certain rights and information for users whose Personal Data is governed under EU Data Protection Laws.

‍

For purposes of this Section 7, references to Personal Information shall mean Personal Data.

‍

11.1<span class="indent"></span><u>Controller and Processor</u>.

‍

For purposes of European Data Protection Legislation:

‍

‍

11.2<span class="indent"></span><u>Data Protection Officer</u>.

‍

The Data Protection Officer may be reached by emailing the Legal Department at legal@assemblyai.com.

‍

11.3<span class="indent"></span><u>Data Rights</u>.

‍

To the extent provided for by law and subject to applicable exceptions, if you are located in the European Economic Area, United Kingdom, or Switzerland, you have certain rights regarding the processing of their Personal Information. These include:

‍

• Right to Access your Data: requesting a copy of the Personal Information we have about you.
• Right to Rectification/Correction: requesting we change, correct, or update your data in certain cases, especially if it is inaccurate.
• Right to Erasure: requesting we erase all or some of your Personal Information (if we have no legal right to keep using it).
• Right to Data Portability: requesting a copy of the Personal Information you provided to us in a commonly used and machine-readable format, or in some cases to transfer the same to a third-party.
• Right to Object or Restrict Processing: objecting to, or asking us to restrict, processing of your Personal Information under certain circumstances.

‍

For those individuals for whom these rights apply, you can submit requests by contacting us (see Contact Us below).

‍

‍

11.4<span class="indent"></span><u>Cross-Border Data Transfers</u>.

‍

Whenever we transfer your Personal Information to countries not deemed by the European Commission to provide an adequate level of Personal Information protection, the transfer will be based on either use of approved standard contractual clauses or one of the safeguards recognized by the European Commission as providing adequate protection for Personal Information, where required by EU Data Protection Laws.

‍

11.5<span class="indent"></span><u>Lawful Bases for Processing</u>.

‍

We only collect and process your Personal Information when we have a lawful basis for it, pursuant to the Applicable Law.  

‍

Please note that, when your consent is the basis for us to process your Personal Information, you may revoke your consent at any time. Where we rely on our legitimate interests, you have a right to object. If you have questions about the lawful bases upon which we collect and process your Personal Information, please contact our Data Protection Officer (see Contact Us section).

‍

‍

We may also use your Personal Information for new or other reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.

12.<span class="indent">&nbsp;</span>ADDITIONAL INFORMATION FOR CALIFORNIA USERS

Pursuant to the CCPA, natural persons who are California residents have certain rights concerning their Personal Information held by us, as described below.

‍

12.1<span class="indent"></span><u>Personal Information Collection, Use, and Disclosure</u>.

‍

The following table describes (i) the categories of Personal Information (as defined in the CCPA) we may collect about you; (ii) the sources from which that information is collected; and (iii) the business and/or commercial purposes for collecting that information.

‍

We may disclose this information pursuant to the section above entitled Disclosure of your Information. As understood under the CCPA, we do not and will not sell your Personal Information.

‍

‍

12.2<span class="indent"></span><u>Personal Information Collection, Use, and Disclosure</u>

‍

To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Information we collect:

• The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information;
• The right to request correction and/or deletion of your Personal Information; and
• The right to be free from discrimination relating to the exercise of the foregoing privacy rights.
• The right to opt-out of the Sale or Share of your Personal Information (see below)

‍

Exercising your Rights: California residents can exercise the above privacy rights by contacting us per the Contact Us section below.  

‍

Opting out of Sales or Shares of your Personal Information under the CCPA: If you would like to opt-out of shares using cookie identifiers, you can use one of the cookie rejection techniques described in Section 7 (and our Cookie Policy), or adjust your opt-out preferences via the AssemblyAI cookie privacy preference center, accessible when you visit our website. You can opt-out by enabling the Global Privacy Control setting within the browser that you use to access our Services. Learn more at the Global Privacy Control website. Please note that your opt out will be specific to the device and browser you use when you opt out. We do not have actual knowledge that we have sold or shared the personal information of children under the age of 16.

‍

Verification: In order to protect your Personal Information from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information for verification. If we cannot verify your identity, we will not provide or delete your Personal Information.

‍

Authorized Agents: You may submit a request to know or a request to delete your Personal Information through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us.

13.<span class="indent" id="Contact">&nbsp;</span>CONTACT US

To contact us concerning anything raised in this Policy, including exercising rights discussed throughout:

• You may email the Legal Department at legal@assemblyai.com (this also is the contact method for reaching the Data Protection Officer for users located in the European Economic Area, United Kingdom, or Switzerland) or mail us at: 2261 Market Street #4577, San Francisco, California 94114
• You may email the Support Department at support@assembyai.com or submit via our webform.
• Or, for existing Customers, you may submit a Support Ticket via the Service support portals.

‍

If you are located in the European Economic Area, United Kingdom, or Switzerland and believe that we have not been able to assist with your complaint or concern, you also have the right to make a complaint to the data protection authority of your country of residence.