Privacy Policy
Last updated: February 2026
πͺπΊ All data processing for Spables takes place exclusively on EU servers (Hetzner, Germany). Your voice recordings and data never leave the European Union.
1. Data Controller
Coflnet GmbH, Dorfstr 27a, 84163 Marklkofen, Germany
Email: support@coflnet.com
2. Data We Collect
When using Spables, we process the following data:
- Voice recordings: Audio files you record through the Spables app for transcription into tabular data. Recordings are temporarily saved and encrypted before being sent to our S3/R2 compatible storage. They are processed on EU servers and transcribed using our speech-to-text infrastructure.
- Transcribed text and structured data: The text and table entries generated from your recordings.
- Account data: Email address, authentication tokens (Firebase Auth).
- Integration tokens: API tokens for connecting to third-party services (Excel, Google Sheets, etc.). These are encrypted at rest using AES-256-GCM.
- Server logs: IP address, browser/device type, access timestamps β collected for security and operational purposes only.
Free Plan β AI Training Usage Rights
If you use Spables on the free plan ("No Charge"), you grant Coflnet GmbH a non-exclusive, worldwide, royalty-free license to use your anonymized voice recordings and transcriptions for the purpose of training and improving AI models. This data is anonymized before use and cannot be traced back to you. If you do not wish to grant this license, please choose a paid plan (Pro or Premium).
3. How We Use Your Data
- Service delivery: Transcribing speech to text and structuring it into tables.
- Integration sync: Pushing entries to your configured integrations (Excel, Google Sheets, Nextcloud, etc.).
- Product improvement: Anonymized usage analytics to improve the service (free plan users: also AI training as described above).
- Communication: Responding to support inquiries.
- Legal compliance: Where required by law or court order.
4. Data Processing Location
All Spables data processing takes place on servers within the European Union (primarily Hetzner, Germany). Voice recordings are processed on EU infrastructure. We do not transfer your data outside the EU for processing purposes.
5. Third-Party Services
We use the following third-party services:
- Firebase β Authentication only
- Cloudflare β CDN and website hosting
- Hetzner β EU server infrastructure
When you configure integrations (Google Sheets, Nextcloud, etc.), data is sent to those services according to their respective privacy policies.
6. Data Retention & Export
Voice recordings are temporarily saved and encrypted before being sent to our S3/R2 compatible storage. By default, they are not stored beyond the transcription process unless you are on the free plan (in which case anonymized copies may be retained for AI training). However, you can enable a per-table setting to store recordings for 10 years.
Structured table data is retained as long as your account is active. You can export records in full month intervals for your own archival and delete records for that month.
You can delete your account directly in the app. Deleting an account will create a full data export (encrypted at rest) with a Time-To-Live (TTL) of 30 days and send a download link to your attached email address. You can also manually request this full data export up to 2 times per month.
7. Your Rights (GDPR)
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request deletion of your data
- Restrict or object to processing
- Data portability
- Lodge a complaint with a supervisory authority (Bayerisches Landesamt fΓΌr Datenschutzaufsicht)
To exercise your rights, contact support@coflnet.com.
8. Cookies
Spables uses only essential cookies required for authentication and session management. We do not use tracking or advertising cookies.
9. Data Security
All data transmission is encrypted via TLS. API tokens are encrypted at rest using AES-256-GCM with keys derived via PBKDF2. Audio recordings are encrypted before being stored in our S3/R2 compatible object storage using the same AES-256-GCM standard. Data exports are also encrypted at rest before being made available for download. Access to production systems is restricted and audited.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via the app or website. Continued use of Spables after changes constitutes acceptance of the revised policy.