← Back to RoyalScribe

Privacy Policy and Recording Consent Guide

Last updated: April 7, 2026

Short Version

RoyalScribe is a desktop application that runs entirely on your machine. We do not collect, store, or process your meeting audio, transcripts, or notes. Your data stays on your computer. Period.

However: you are legally responsible for ensuring you have consent to record any conversation using RoyalScribe. Many U.S. states require all-parties consent before recording a conversation. See the Recording Consent Guide below.

Company Information

RoyalScribe is operated by RoyalScribe LLC, a company registered in the United States.

Contact: hello@royalscribe.co

What We Collect

We collect nothing related to your meetings, notes, or audio recordings. The RoyalScribe application operates entirely offline and locally. No data leaves your machine.

On this website, we may collect:

  • Waitlist emails — If you voluntarily sign up for our waitlist using the form on this site. We only store your email address for the purpose of notifying you about product updates and launch. You can request deletion at any time.
  • Basic site analytics — Netlify may collect anonymized, aggregated usage data (page views, browser type, referring URL) for site performance monitoring. This data is not tied to your identity and is not sold to third parties.

Audio and Data Processing

All audio capture, transcription, and summarization happens locally on your device. RoyalScribe does not:

  • Upload your audio to any server
  • Send your transcripts or notes to the cloud
  • Process your data on third-party infrastructure
  • Use your data to train AI models
  • Share, sell, or anonymize your data

Local Storage

Everything is stored on your local hard drive. Your transcripts, summaries, and meeting recordings are files on your computer, under your control. You can export, delete, or modify them at any time.

Third-Party Services

RoyalScribe is a local-first application. It does not integrate with cloud services, third-party APIs, or external processing pipelines for your meeting data.

Your Rights

Since your data never leaves your machine, you have complete control over it. For waitlist data collected through this website, you have the right to:

  • Request a copy of the data we hold about you
  • Request deletion of your waitlist record
  • Unsubscribe from any communications

Contact us at hello@royalscribe.co.

Why This Matters

RoyalScribe captures and processes audio from your meetings and conversations. In many jurisdictions, it is illegal to record a private conversation without consent. The laws vary by country and by U.S. state. As the user of RoyalScribe, you alone are responsible for complying with applicable recording consent laws.

We provide this guide for informational purposes only. It is not legal advice. If you have questions about your specific situation, consult an attorney.

United States: One-Party vs. All-Party Consent States

U.S. federal law and most states follow a one-party consent rule: recording is legal as long as at least one participant in the conversation (you) consents. However, a significant number of states require all parties (also called "two-party" or "multi-party") to consent before a conversation is recorded.

States that currently require all-party consent for recording private conversations:

  • California — Cal. Penal Code §632. All parties must consent to recording a confidential communication.
  • Connecticut — Conn. Gen. Stat. §53a-189.
  • Delaware — Del. Code Ann. tit. 11, §1335.
  • Florida — Fla. Stat. §934.03. Felony to intercept or record without all-party consent.
  • Illinois — 720 ILCS 5/14-2. Eavesdropping statute requires all-party consent.
  • Louisiana — La. Rev. Stat. §15:1303.
  • Maryland — Md. Cts. & Jud. Proc. Code §10-402.
  • Massachusetts — Mass. Gen. Laws ch. 272, §99. Among the strictest — all-party consent for any recording.
  • Michigan — Mich. Comp. Laws §750.539b.
  • Montana — Mont. Code Ann. §45-8-213.
  • Nevada — NRS 200.650 (one-party for in-person, all-party for phone — check both scenarios).
  • New Hampshire — N.H. Rev. Stat. §570-A:2.
  • Oregon — ORS 165.540. Generally all-party, but with exceptions depending on reasonable expectation of privacy.
  • Pennsylvania — 18 Pa. C.S. §5704.
  • Vermont — 13 V.S.A. §2605.
  • Washington — RCW 9.73.030. All-party consent for private conversations.

Note: State laws change and are frequently litigated. The list above reflects our understanding as of April 2026 and is not authoritative. Verify current law with a licensed attorney in your state.

Federal Wiretap Act

Under the federal Electronic Communications Privacy Act (ECPA), 18 U.S.C. §§2510–2522, interception of wire, oral, or electronic communications without consent is prohibited. Most states have their own parallel statutes that may be stricter than federal law.

What This Means for RoyalScribe Users

If you are in a one-party consent state, you may legally record a conversation you participate in without notifying others. However, even in one-party states, it is often considered best practice to inform participants that a conversation is being recorded.

If you are in an all-party consent state, you must obtain consent from every participant before recording. Recording without consent may be a crime (misdemeanor or felony, depending on the state) and expose you to civil liability.

If a participant is in a different state from you, the laws of both states (and potentially federal law) may apply. The safest approach is to obtain consent from all participants regardless of location.

International Considerations

RoyalScribe is developed in the United States, but the privacy obligations vary significantly worldwide. If you use RoyalScribe from outside the U.S., you remain responsible for ensuring your recording activities comply with your local jurisdictions' laws. Below is a non-exhaustive guide to key jurisdictions.

European Union and EU AI Act

The General Data Protection Regulation (GDPR) applies to all processing of personal data of individuals located in the EU. An audio recording capturing a person's voice constitutes personal data under the GDPR. Key obligations:

  • Lawful basis required: You must have a valid legal basis for processing (recording, transcribing, summarizing). The most common bases for audio recording are consent (Article 6(1)(a)) or legitimate interest (Article 6(1)(f)). However, where a reasonable expectation of privacy exists, consent is generally the only viable basis.
  • Information obligation: Participants whose conversations are being recorded must be informed (Articles 13–14 GDPR), including who is recording, the purpose of the recording, and the legal basis.
  • Data minimization and storage limitation: Recordings should be kept only as long as necessary for the stated purpose and then securely deleted.
  • Data subject rights: Individuals have the right to access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), data portability (Article 20), and objection (Article 21).
  • Penalties: GDPR fines can reach up to €20 million or 4% of annual global turnover, whichever is higher.

The EU AI Act (Regulation (EU) 2024/1689), which entered into force in 2024 and phases in through 2026, governs the use of AI systems. RoyalScribe's AI-assisted transcription and summarization features may fall under the AI Act's scope. Key implications:

  • Transparency obligation (Article 50): Users must inform individuals when they are interacting with or being processed by an AI system, unless it is obvious from the context.
  • Audio recording and biometric requirements: If RoyalScribe performs speaker identification (voice biometrics), this may trigger biometric data processing rules under GDPR Article 9(1), which requires explicit consent or another specific legal basis under Article 9(2).
  • EU representative: If you are a controller or processor not established in the EU but offer goods or services to individuals in the EU, you may be required to designate a representative under GDPR Article 27.

Summary: In the EU, you should obtain consent from all participants before recording, inform them of AI processing, and comply with GDPR data subject rights and AI Act transparency requirements.

United Kingdom (UK GDPR and Data Protection Act 2018)

Post-Brexit, the UK has its own version of the GDPR (“UK GDPR”) which largely mirrors the EU GDPR but operates independently. Key points:

  • Recording: The Regulation of Investigatory Powers Act 2000 (RIPA) Part I, Chapter III governs interception of communications. For private conversations, one-party consent is generally sufficient, but processing the recorded data may trigger UK GDPR obligations.
  • ECHR Article 8: The European Convention on Human Rights enshrines the right to respect for private and family life. This has been incorporated into UK law via the Human Rights Act 1998 and may be relevant where recordings capture private conversations.
  • Investigatory Powers Act 2016: Provides additional restrictions on interception of telecommunications, though these primarily apply to public telecommunications providers rather than private recording devices.
  • Information Commissioner's Office (ICO): The UK regulator enforces both UK GDPR and data protection rules. The ICO has published guidance on covert audio recording, emphasizing that hidden recording should be exceptional and proportionate.

Canada (PIPEDA and Criminal Code)

  • Criminal Code Section 183: Criminalizes interception of private communications without consent of at least one party (“one-party consent”). However, provincial privacy laws may impose stricter requirements.
  • PIPEDA (Personal Information Protection and Electronic Documents Act): Governs collection, use, and disclosure of personal data in the course of commercial activity. Audio recordings containing identifiable voices constitute personal information under PIPEDA.
  • Provincial laws: British Columbia's PIPA, Alberta's PIPA, and Quebec's Law 25 (modernized private-sector privacy law effective September 2023) impose additional requirements. Quebec Law 25 is among the strictest in Canada, requiring privacy impact assessments for any system transferring personal data outside the province and mandatory breach reporting.
  • Cross-border transfers: Canadian federal and some provincial laws require that personal data remain in Canada unless specific safeguards are in place.

Australia

  • Federal law: The Telecommunications (Interception and Access) Act 1979 (Cth) governs interception of telecommunications. One-party consent applies to telephone conversations.
  • State and territory wiretapping laws: Vary by jurisdiction. For instance:
    • New South Wales: Surveillance Devices Act 2007 (NSW) — Section 7 prohibits recording private conversations without consent of all parties.
    • Victoria: Surveillance Devices Act 1999 (Vic) — Section 3 prohibits recording private conversations without all-parties consent.
    • Queensland: Invasion of Privacy Act 1971 (Qld) — Section 43 requires all-party consent for recording private conversations.
    • Western Australia, South Australia, ACT, Northern Territory: Similar all-party consent requirements under their respective surveillance device legislation.
    • Tasmania: Listening Devices Act 1991 (Tas) requires at least one-party consent.
  • Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs): If you are an “APP entity” (generally, organizations with annual turnover over AUD 3 million), you must comply with the APPs when collecting, using, and disclosing personal information, which includes audio recordings and transcripts containing identifiable information.

Japan

  • Act on Prohibition of Unauthorized Wiretapping (Law No. 137 of 1999): Unauthorized wiretapping of telecommunications is prohibited. However, recording a conversation you participate in is generally legal under Japanese law.
  • Act on Protection of Personal Information (APPI): Requires reasonable care when handling personal data of individuals in Japan. Audio recordings and transcripts containing names or identifiable information are personal data under APPI.
  • Cross-border data transfers: Transfers of personal data outside Japan may require the recipient country to have a privacy protection system equivalent to APPI standards, with exceptions for specific circumstances.

South Korea

  • Personal Information Protection Act (PIPA): One of the world's strictest data protection laws. All personal data collected for business purposes requires consent.
  • Communications Privacy Protection Act: Requires consent of all interlocutors for recording telephone conversations. In-person recording without all-party consent may violate PIPA Article 15 (collection) and can result in damages claims under Article 39.
  • Penalties:PIPA violations can result in administrative fines up to 3% of annual global revenue and criminal penalties including imprisonment.

Brazil (LGPD)

  • Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018): Brazil's comprehensive data protection law requires a lawful basis for processing personal data, including audio recordings containing voices or other identifiable information.
  • Civil Code Article 10: Prohibits disclosure of intimate information without consent, which may apply to recorded conversations.
  • National Data Protection Authority (ANPD): Enforces LGPD. Fines can reach up to 2% of the company's revenue in Brazil (capped at BRL 50 million per violation), and may include restrictions on data processing.

India

  • Digital Personal Data Protection Act, 2023 (DPDPA): India's new data protection law, which came into force in 2024, requires verifiable, explicit consent before processing personal data of Indian individuals. Audio recordings capturing identifiable voices constitute personal data under the DPDPA.
  • Information Technology Act, 2000 (Section 43A): Requires organizations handling sensitive personal data to implement reasonable security practices.
  • Indian Evidence Act, 1872: Recorded conversations may be admissible in court, but illegally obtained recordings (e.g., recorded without consent where required) may face exclusionary challenges.
  • Penalties: DPDPA violations can result in fines up to INR 250 crore (≈USD 30 million) per violation.

China

  • Personal Information Protection Law (PIPL, 2021): China's comprehensive data protection law requires consent for processing personal information, which includes voice recordings and transcribed text containing identifiable information.
  • Cybersecurity Law (2017) and Data Security Law (2021): Impose additional obligations on network operators and “important data” handlers.
  • Cross-border data transfers:PIPL requires security assessments, standard contractual clauses, or certification for transfers of personal information outside China. The Cyberspace Administration of China (CAC) enforces these requirements strictly.
  • Penalties:PIPL violations can result in fines of up to RMB 50 million or 5% of annual revenue.

South Africa

  • Protection of Personal Information Act (POPIA): South Africa's data protection law, fully effective since July 2021. Requires consent or another justifying reason for processing personal information, including audio recordings.
  • Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA): Governs interception of communications. One-party consent is the baseline, but additional restrictions apply to business communications.

United Arab Emirates and GCC Countries

  • UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection: Requires consent for processing personal data. The UAE's Cybercrime Law (Federal Decree-Law No. 34 of 2021) criminalizes recording private conversations without consent.
  • DIFC and ADGM: The Dubai International Financial Centre and Abu Dhabi Global Market have their own data protection regimes (the DIFC Data Protection Law 2020 and ADGM Data Protection Regulations 2021), which broadly align with the GDPR and may impose stricter requirements.
  • Saudi Arabia: The Personal Data Protection Law (PDPL, 2021, amended 2023) requires consent for processing personal data and has strict cross-border transfer restrictions.

Other Notable Jurisdictions

  • Singapore: The Personal Data Protection Act (PDPA) requires consent for collection, use, and disclosure of personal data. Voice recordings are considered personal data.
  • New Zealand: The Privacy Act 2020 (replacing the Privacy Act 1993) includes a “reasonable expectation of privacy” test for audio recording. Recording without consent may breach Information Privacy Principle 1 (collection of personal information).
  • Mexico: Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) requires consent for processing personal data, including audio recordings.
  • Argentina: The Personal Data Protection Law No. 25,326 requires consent for processing personal data and has strict restrictions on international data transfers.

Best Practices

Regardless of your jurisdiction, we recommend:

  1. Notify participants at the start of any recording: "I'm using RoyalScribe to take notes for this meeting. Is everyone okay with that?"
  2. Get explicit consent where required, or where in doubt, get it anyway.
  3. Store recordings securely on your own device. Do not share transcripts or recordings with unauthorized parties.
  4. Delete recordings when they are no longer needed. You have full control of your data on your own machine.
  5. Do not use RoyalScribe to secretly record conversations where participants have a reasonable expectation of privacy and have not consented.

RoyalScribe's Position

RoyalScribe is a tool. It does not automatically notify participants of recording, does not record consent, and cannot determine your legal obligations. We provide this information to help you make informed decisions, but:

  • We do not provide legal advice.
  • We do not monitor or enforce compliance with recording laws.
  • You assume full responsibility for your use of RoyalScribe in accordance with applicable law.

Updates to This Guide

We will attempt to keep this guide current as laws change. However, the list of states and their requirements may not always reflect the most recent legislative or judicial developments. Always verify with a qualified attorney.

Cross-Border Data Transfers

RoyalScribe is a local-first application. All audio, transcripts, summaries, and notes are processed exclusively on your device and stored exclusively on your hard drive. RoyalScribe does not transfer your data across borders or to any server. We do not use cloud infrastructure for audio processing, transcript generation, or summary creation.

If you export, share, or transfer recordings, transcripts, or summaries generated by RoyalScribe, you are solely responsible for ensuring that such transfers comply with applicable data transfer laws in your jurisdiction, including:

  • EU/UK: Standard Contractual Clauses, adequacy decisions, or Binding Corporate Rules (GDPR Chapter V / UK GDPR Chapter V)
  • South Korea (PIPA): Pre-consent for international transfers where required
  • China (PIPL): Security assessment, standard contract filing, or certification through CAC
  • Australia: APP 8 reasonable steps to ensure recipient compliance with the Australian Privacy Principles
  • Argentina/LFPDPPP: Adequacy or appropriate safeguards for international data transfers
  • Brazil (LGPD): Standard contractual clauses, global corporate rules, or specific authorization from ANPD
  • India (DPDPA): The DPDPA does not specifically restrict cross-border transfers, but government notification may impose restrictions on transfers to certain countries

Data Retention

As a local-first application, RoyalScribe does not impose any technical retention limits. However, under the GDPR, UK GDPR, EU AI Act transparency obligations, and similar international frameworks, you should adopt a data retention policy that aligns with the principle of storage limitation. We recommend:

  • Retaining recordings and transcripts only as long as they serve the purpose for which they were created
  • Deleting recordings when they are no longer needed for meeting notes or legal evidence
  • Maintaining a record of when and why data is collected, how long it is retained, and the legal basis for processing
  • Conducting periodic reviews and deletions of outdated recordings and transcripts

Your Rights Under International Privacy Laws

Depending on your jurisdiction, you may have the following rights regarding meeting recordings and transcripts created using RoyalScribe:

  • Right of access: You may request access to personal data collected by you using RoyalScribe (GDPR Article 15, UK GDPR, PIPEDA, LGPD, etc.)
  • Right to erasure (“right to be forgotten”): You may request that personal data be deleted when it is no longer necessary (GDPR Article 17, UK GDPR, LGPD, South Korea PIPA Article 35)
  • Right to portability: You may request a copy of personal data in a structured, machine-readable format (GDPR Article 20, PIPEDA, South Korea PIPA)
  • Right to restriction: You may request that processing of personal data be suspended under certain conditions (GDPR Article 18, UK GDPR)
  • Right to object: You may object to processing of personal data under certain circumstances (GDPR Article 21, UK GDPR, LGPD)
  • Withdrawal of consent: You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal (GDPR Article 7(3), UK GDPR, LGPD, PIPEDA, DPDPA India)

Changes to This Policy

If this policy changes, we will update the date above and notify existing waitlist subscribers.