TAK! TEXT is registered in the Netherlands and operates under EU law — that's the starting point. Beyond the EU, the picture varies. The United States has broad lawful-access frameworks like the CLOUD Act and FISA Section 702, which allow data held by US providers to be compelled, sometimes before a court decision. A large share of Telegram transcription bots, in turn, are built by Russian-speaking developers for Russian-speaking users — operators in that ecosystem can be subject to strict local data-retention laws and direct-access regimes that require traffic to be piped to government services. And in several other countries, the privacy framework around online services is still vague enough that there is no clear answer to "who can request your data, and on what grounds." Here's what that means in practice for your recordings.
Not marketing — architecture. Security is built into how the service works.
TAK! TEXT is a Dutch company. Data is protected under GDPR — the strictest personal-data law in the world. Direct legal requests from non-EU authorities are not honored under EU jurisdiction; cross-border access requires Mutual Legal Assistance Treaty (MLAT) channels, which are reviewed by a Dutch court — a process that takes months and can be refused if the request doesn't meet EU standards. For comparison: the US CLOUD Act lets US authorities compel data from US-based companies, sometimes before a court decision; jurisdictions with strict local-storage or direct-access regimes (and jurisdictions with no clearly established privacy framework at all) carry their own, often broader, exposure. EU law is the best available framework for data protection.
Audio and video files are deleted immediately after processing — the bot never stores them. Transcript text is deleted automatically after 24 hours. Once deleted, the data cannot be recovered. Even a request from any authority would find nothing to hand over.
Recordings and transcripts are not used to train AI models. We do not train our own models on user data, and we do not permit speech-recognition providers to do so. We do not sell, share, or analyze transcript content. Our only revenue source is subscriptions.
Concrete measures — not vague "we care about your security" platitudes.
Every component of the service — application, database, temporary storage — runs in Hetzner data centers in Germany. Hetzner holds ISO/IEC 27001 certification (valid through September 2028), BSI C5 Type 2 (since December 2025), and is audited annually by TÜV Rheinland. The most recent audit (February 2026) found no deviations.
All data is transmitted over an encrypted channel (TLS 1.2+). During the retention window (up to 24 hours), transcript text is encrypted at rest. Audio and video files are deleted immediately after processing and are not stored on servers.
The speech-recognition providers we work with comply with GDPR requirements. We proactively opt out of allowing user data to be used for AI model training. Audio is transmitted to providers exclusively for recognition and is not retained on their servers after processing.
You can request deletion of all data associated with your account, including your Telegram account identifier, registration date, subscription history, and settings. Send requests to privacy@taktext.com. Response within 30 days. Supervisory authority: Autoriteit Persoonsgegevens (Netherlands).
What it really means, in practice, where the service that handles your recordings is registered. Specific laws below are examples — the row labels themselves describe the category.
| TAK! TEXT Netherlands, EU |
Bot under US-style cloud-law regimes |
Bot under broad or unclear privacy jurisdictions |
|
|---|---|---|---|
| Local data-retention laws e.g. mandatory storage on local soil for long periods |
Not applicable — EU framework, no general retention mandate for this service | Not applicable as such, but other US lawful-access tools may apply | Often applicable. In some countries (for example, Russia's Yarovaya Law) operators must store user data on local servers for extended periods |
| Direct provider-access regimes e.g. mandatory lawful-interception tapping at the hosting provider |
Does not apply. Access to data on EU servers requires a court order | Does not apply in this form | Often applies. Russia's SORM system, for example, gives the FSB direct access at the provider; similar regimes exist in other countries |
| Broad lawful-access requirements e.g. data compelled before, or without, a regular court decision |
Not applicable. EU access goes through a court | Applies. The CLOUD Act can compel data from US providers; FISA Section 702 allows warrantless surveillance of non-residents | Often applies. Many regimes permit administrative access without a court |
| Unclear privacy jurisdiction e.g. no clearly established data-protection law for online services |
GDPR applies. Clear rights and obligations for users and operators | Generally clear, but fragmented (federal + state-level laws) | Frequently the case. In many countries the privacy framework around such services is still vague |
| User notification when their data is requested | Required under GDPR (with limited exceptions) | May be delayed or restricted by court order | Not guaranteed |
| Audio storage after processing | Deleted immediately | Depends on the service | Depends on the service |
Full list — on the FAQ page →
Audio files are deleted immediately after processing — they are not stored on servers. Transcript text is retained for up to 24 hours so AI tools can run on it, then deleted automatically and irreversibly. Transcript content is not part of any support workflow and is never used for any purpose other than delivering the service.
TAK! TEXT is registered in the Netherlands and is not subject to non-EU legal regimes directly. To obtain data, a non-EU authority would have to file a request through Mutual Legal Assistance Treaty (MLAT) channels, which is reviewed by a Dutch court. In practice this takes months, and the court can refuse if the request doesn't meet EU standards. Beyond that, audio isn't stored and transcripts are deleted after 24 hours — there's effectively nothing to hand over.
So that AI tools work. Summary, translation, and Q&A all run on the stored transcript. Without it those features are technically impossible. After 24 hours the text is deleted automatically and irreversibly. The message with the transcript stays in your chat with the bot on Telegram — but the data is gone from our servers.
In some jurisdictions — yes. SORM (the Russian "System for Operative Investigative Measures"), for example, obliges providers to install equipment giving the FSB direct access to data, and the hosting provider may not even know a seizure has occurred. TAK! TEXT servers are located in Germany (Hetzner Online GmbH). Hetzner is not subject to non-EU legal regimes. Access to data on Hetzner servers requires a German court order.
Individual processing operations (transcription, AI tools) may be performed by connected providers, including outside the EU, on the basis of a Data Processing Agreement (DPA) and Standard Contractual Clauses (SCCs). Full list — in the privacy policy.
TAK! TEXT does not connect to your chats and has no access to your contacts. The bot only processes files you forward to it. Audio is deleted immediately, text after 24 hours. The message containing the transcript stays only in your chat with the bot on Telegram — it's not on TAK! TEXT servers. For additional safety we recommend deleting the chat with the bot once you have the information you need.
That said, despite every safeguard we apply, we don't recommend forwarding genuinely critical information to our bot — or to any other online service.
Hetzner Online GmbH (TAK! TEXT's hosting provider) is certified under ISO/IEC 27001 (information security, valid through September 2028), BSI C5 Type 2 (cloud security, since December 2025), and EMAS/ISO 14001 (environmental management). Technical and organizational measures are audited annually by TÜV Rheinland. TAK! TEXT has signed a Data Processing Agreement (DPA) with Hetzner under Article 28 GDPR.