We built Earwig for journalists, documentary makers, and researchers. Your audio, your transcripts, your data — they belong to you. We process what we need to deliver the service and nothing more. We chose our infrastructure specifically for sensitive, source-protected work.
Who we are
Earwig is run by Harry Winteringham (sole trader, trading as HW Studio), based in the United Kingdom. For UK GDPR purposes, Harry Winteringham is the data controller.
Email address — for login and account identification
Session data — transcript text during live sessions, fact-check results. Transcript text is encrypted at rest using AES-256-GCM with a unique key per user. Only you can decrypt your transcripts.
Video recordings — when you enable camera recording, video is captured locally on your device. Earwig does not upload, store, or process video on our servers. The file stays on your device.
Usage analytics — which features you use and session duration
Audio processing
Audio is streamed to Speechmatics — a UK-based provider, ICO registered (ZA137980) — for real-time transcription
Speechmatics processes audio ephemerally and does not retain it after transcription
Speechmatics does not use your audio to train AI models, by default
We do not store raw audio files on our servers
Only the resulting text transcript is retained — never the audio itself
AI processing
Transcript text is sent to Anthropic (Claude AI) for fact-checking, research, and follow-up suggestions
AI-generated results (fact-checks, research articles) are stored with your session
Anthropic does not use API data to train AI models. A Data Processing Addendum with Standard Contractual Clauses covers international data transfers
Special category data
If you use Earwig to record interviews or conversations in medical, clinical, or emergency services contexts, the audio and transcripts may contain special category personal data about third parties — specifically health data. Under UK GDPR, this data carries the highest level of protection.
If you are recording in a context involving patient or subject data:
You are responsible for ensuring that your use of Earwig complies with your organisation's data protection policies and editorial consent protocols
You should not push session content to shared team access until consent has been confirmed by the relevant subject
We strongly recommend using Earwig's consent-gated workflow which holds transcripts on your device until consent is confirmed before transmitting to our servers
We do not knowingly store special category data beyond what is necessary to provide the service. If you become aware that a session contains health data relating to an identifiable individual who has not consented to recording, please delete the session immediately and contact us at hello@earwig.io.
Live Share and producer sharing
When you share a session using a Live Share PIN, real-time transcript content becomes visible to the people you share it with. You are responsible for ensuring that the people you share sessions with are authorised to receive that content.
Live Share sessions are not stored separately — they mirror the content of your active session. When your session ends, the Live Share connection closes. Recipients of a Live Share session do not retain a copy on our servers unless they have their own Earwig account and explicitly save the session.
The /questions feature
When you use Earwig's question preparation feature (/questions), the following data is processed:
Question sets — stored in memory during your session (not persisted to our servers in v1)
Session goal — if provided, sent to Anthropic alongside your questions for AI analysis
Question status — answered, flagged, or skipped status tracked during your session
Pickup reports — generated by Anthropic based on your question outcomes and goal
Your question sets and session goals are sent to Anthropic (our AI provider) to generate question suggestions and pickup report analysis. Anthropic does not use API data to train AI models.
Third-party services
Third party
Speechmatics — real-time speech-to-text
Audio is streamed to Speechmatics for live transcription. Speechmatics is a UK-based company (Cambridge), ICO registered (ZA137980), certified to ISO 27001:2022 and SOC 2 Type II. Audio is processed ephemerally and discarded immediately after transcription. Speechmatics does not use customer audio to train AI models by default.
Anthropic (Claude AI) -- fact-checking and research
Transcript text is sent to Anthropic's Claude API for real-time fact-checking, research, and follow-up question generation. Anthropic does not use API data to train AI models. A Data Processing Addendum with Standard Contractual Clauses covers international data transfers.
Application hosting on EU/US servers. Your data is processed within Render's infrastructure. Transcript data is encrypted at rest before being written to the database — Render infrastructure does not have access to plaintext transcript content.
Subscription payments are processed by Stripe. We do not store, access, or process your payment card details — all card data is handled directly by Stripe's PCI-DSS compliant infrastructure. Stripe may store your email address and payment method for billing purposes.
Audio recordings — deleted immediately after transcription. Never stored on our servers
Transcripts — retained until you delete the session, or until you close your account. Deleted within 30 days of request
Question sets — retained in memory during session only (v1). Not persisted to database
Pickup reports — retained in memory during session only (v1)
Live Share session data — not stored separately. Exists only during the active session
Account email — retained until you close your account or ask us to remove it
Consent records — retained for audit purposes as required by law
Server logs — 30-day rolling deletion
We never sell your data.
Your rights
Access your data
Delete your account and all associated data
Export your transcripts and fact-check results
To exercise any of these rights, contact ask@earwig.io
Cookies & local storage
Earwig only uses storage that is strictly necessary to provide the service you signed up for. Under PECR (the UK ePrivacy regulations) these categories are exempt from cookie-consent requirements, so we don’t show a consent banner.
Session cookie (sid) — required for authentication. HttpOnly, SameSite=Lax, served over HTTPS in production.
Browser local storage — saves your preferences inside the app (recording mode, Whisper voice, transcription language, AI feature toggles, prepped questions, recent UI state). All keys are prefixed earwig_. Nothing is shared with third parties; clearing your browser storage resets these to defaults.
Stripe cookies during checkout — if you upgrade your plan, Stripe sets its own cookies on its hosted checkout page to process the transaction. They’re essential to complete the payment and live on Stripe’s domain, not Earwig’s.
No analytics cookies. No tracking cookies. No third-party advertising cookies.
If we ever add analytics, we’ll use a privacy-friendly, cookieless tool (e.g. Plausible) so this section stays accurate. If we ever add anything that genuinely requires consent, we’ll add a proper banner before turning it on.
Legal basis for processing (GDPR)
Under UK and EU GDPR, we process your personal data on the following legal bases:
Contract (Art. 6(1)(b)) — processing your email, session data, and transcripts is necessary to provide the Earwig service you signed up for
Legitimate interest (Art. 6(1)(f)) — usage analytics to improve the service and ensure security, balanced against your privacy rights
Consent (Art. 6(1)(a)) — AI-powered features (fact-checking, research, questions) are optional and can be disabled at any time from your settings
You have the right to: access your data, rectify inaccuracies, erase your data, restrict processing, data portability, and object to processing. To exercise any right, email ask@earwig.io. We will respond within 30 days.
If you believe your data rights have been violated, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
California privacy rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
Right to know — you can request the categories and specific pieces of personal information we have collected about you
Right to delete — you can request deletion of your personal information
Right to opt out of sale — we do not sell your personal information to third parties
Right to non-discrimination — we will not discriminate against you for exercising your privacy rights
Categories of data collected: identifiers (email address), internet activity (session data, usage analytics), professional information (transcript content). We collect this data to provide the Earwig service. We do not sell this data. Third-party processors (Speechmatics, Anthropic) receive data only as needed to deliver service functionality.
To make a CCPA request, email ask@earwig.io. We will verify your identity and respond within 45 days.
International data transfers
Your data may be transferred to and processed in countries outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place:
Speechmatics — UK-based (Cambridge), processes data within UK/EU infrastructure
Anthropic — US-based, covered by a Data Processing Addendum with Standard Contractual Clauses (SCCs)
Render — hosting infrastructure in EU/US regions
Resend — US-based, used only for authentication emails
How to complain
If you have any concerns about our use of your personal data, please contact us first at hello@earwig.io.
If you remain unhappy after raising a complaint with us, you can complain to the ICO:
Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF Helpline: 0303 123 1113 ico.org.uk/make-a-complaint
Frequently asked questions
Can Earwig access my transcripts?›
No. All transcripts are encrypted at rest using AES-256-GCM with a unique encryption key generated for each user. This means the transcript text is scrambled before it is ever written to the database. Earwig staff, our hosting provider (Render), and any third party with access to the database would see only unreadable ciphertext — never the words spoken in your interview. Only your own account can decrypt and read your transcripts.
Is my audio stored?›
No. Audio is streamed directly to Speechmatics for transcription and is discarded immediately after. Earwig never writes audio to disk or to any database. Only the resulting text transcript is retained, and that text is encrypted as described above.
Does Anthropic see my transcript content?›
Only when AI features are active (fact-checks, questions, research, Pickup Reports). When you enable AI, excerpts of the transcript are sent to Anthropic's Claude API to generate suggestions. Anthropic does not use API data to train AI models, and this is governed by a Data Processing Addendum. You can turn AI off at any time from your account settings — when it is off, nothing is sent to Anthropic.
Who can see my sessions in the gallery?›
Only you. Sessions are tied to your authenticated account and are not accessible to other users. Share links, when generated, use a token-based URL — anyone with the link can view a read-only version of that session, but no browsable index of your sessions is ever exposed publicly.
Can I delete my data?›
Yes. You can delete individual sessions directly from the gallery. To request full account deletion and removal of all associated data, email ask@earwig.io and we will process it within 30 days in line with your rights under UK GDPR.
Your responsibilities as an Earwig user
When you use Earwig to record and transcribe a conversation, the person you are interviewing is a data subject under UK GDPR. You are responsible for ensuring they have given their informed consent before recording begins.
By starting a session on Earwig, you confirm that:
Your interviewee has been informed that the conversation will be transcribed and processed by AI to generate question suggestions and a session debrief
They have agreed to this before recording begins
You will honour any request from your interviewee to delete their transcript
Earwig provides a built-in consent screen to help you meet this obligation. We strongly recommend using it for every session.
If you are recording in a medical, clinical, or emergency services context, additional obligations may apply. Please consult your organisation's data protection policy before using Earwig in these environments.
Questions about your data?
If you have any questions about how we handle your data or want to make a request, get in touch.