1. Introduction

Welcome to Productive Playhouse Inc. We're a professional transcription service provider, and we take the confidentiality and security of information seriously. This Privacy Policy explains our data handling practices in clear, straightforward language.

We want you to understand an important distinction: we're what's called a "data processor" in the privacy world. This means we handle information on behalf of our business clients - we don't collect or control personal data ourselves. When technology companies and other organizations need accurate transcriptions of their audio or video content, they trust us to handle that content securely and confidentially.

This policy covers two distinct areas: how we handle information when you visit our website, and how we process data as part of our transcription services for clients.

2. Our Commitment to Security and Compliance

Before diving into the details, we want you to know that Productive Playhouse maintains the highest standards of information security and privacy compliance:

ISO 27001 Certified: We've implemented and maintain an Information Security Management System (ISMS) that meets the rigorous requirements of ISO 27001. This internationally recognized standard means we've established systematic approaches to managing sensitive information, including regular risk assessments, security controls, and continuous improvement processes.

SOC 2 Type II Certified: Our SOC 2 Type II certification demonstrates that our security controls have been independently audited and proven effective over time. This certification covers the Trust Services Criteria of Security, Availability, Processing Integrity, and Confidentiality. Unlike a Type I report that represents a point in time, our Type II certification proves our controls operate effectively throughout the year.

These certifications aren't just badges - they represent our ongoing commitment to protecting the information entrusted to us. We undergo annual audits to maintain these certifications and continuously improve our security posture.

3. Understanding Our Role as a Data Processor

When we provide transcription services to our business clients, we act as a "data processor" under privacy laws like GDPR and CCPA. This means:

We only process data according to our clients' instructions. We don't make decisions about how to use the data we transcribe. We don't use transcribed content for our own purposes. We maintain strict confidentiality of all content we process.

Our clients, who are the data controllers, remain responsible for ensuring they have the legal right to share content with us for transcription and for responding to any privacy requests from individuals whose data may be in that content.

4. Information We Collect Through Our Website

When you visit our website at www.productiveplayhouse.com, we collect limited information:

Information You Provide: If you contact us for a business inquiry, we collect your name, email address, company name, and any information you include in your message.

Automatic Collection: Our website automatically collects standard web server logs including your IP address, browser type, referring page, and pages visited on our site. We use Google Analytics to understand website usage patterns. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We do not use tracking cookies for advertising purposes. We do not sell any information collected through our website.

5. How We Use Website Information

We use information collected through our website solely for business purposes:

Responding to your inquiries about our services. Sending information you've requested about our transcription capabilities. Improving our website based on usage patterns. Maintaining security and preventing abuse of our systems.

If you provide your email address, we may send you information about our services. You can opt out of these communications at any time by clicking the unsubscribe link or emailing security@productiveplayhouse.com.

6.Data Processing for Our Clients

When clients send us audio or video files for transcription, we process this data under strict contractual terms:

Confidentiality: All content is treated as strictly confidential. Our employees and contractors sign comprehensive confidentiality agreements before accessing any client data.

Limited Access: Only transcriptionists assigned to specific projects can access those files. Access is logged and monitored.

No Data Mining: We do not analyze, data mine, or create profiles from content we transcribe. We do not use client content to train AI systems or for any purpose other than providing transcription services.

Secure Processing: All files are processed within secure environments. We use encrypted transmission and storage throughout the transcription process.

Data Deletion: We delete all client files and transcriptions according to the timeline specified in our service agreements, typically within 30 days of delivery unless otherwise instructed by the client.

7. Security Measures: Beyond Compliance

While our ISO 27001 and SOC 2 Type II certifications demonstrate our commitment to security, we believe in transparency about what these frameworks mean in practice.

Technical Security Architecture

Our security architecture follows the principle of defense in depth. This means multiple layers of security controls, so if one layer fails, others continue to protect data. Encryption protects data both in motion and at rest. Firewalls and intrusion detection systems monitor for suspicious activity. Access controls ensure people can only reach data they need for their specific role.

We maintain separate environments for different clients' data, preventing any possibility of cross-contamination. Regular vulnerability assessments and penetration testing help us identify and address potential weaknesses before they can be exploited.

Physical and Environmental Security

Digital security is only part of the picture. Our facilities implement physical access controls, with entry restricted to authorized personnel. Workstations lock automatically when idle. We maintain clean desk policies to ensure sensitive information isn't left visible. Even our secure facility layout is designed with privacy in mind, preventing unauthorized viewing of screens.

For team members working remotely, we've established strict security requirements including secure home office setups, encrypted devices, and prohibitions on working from public spaces where screens might be visible to others.

8. Subprocessors We Use

To operate our business and provide transcription services, we use the following service providers:

Google Workspace: For business email and internal document management. Google processes data according to their data processing terms and maintains appropriate certifications.

All subprocessors are bound by confidentiality agreements and process data only according to our instructions.

9. International Operations and Data Transfers

Productive Playhouse is based in the United States. When we process data originating from other countries:

We process all data in accordance with our client agreements. We implement appropriate safeguards including Standard Contractual Clauses where required. We maintain the same security standards regardless of data origin.

Clients are responsible for ensuring appropriate legal mechanisms are in place for international transfers of their data to us.

10. Data Subject Rights

If you are an individual whose personal information appears in content we transcribe:

We cannot directly respond to requests about your data because we are not the data controller. You should contact the organization that recorded or owns the content (our client). They are responsible for responding to requests about access, correction, deletion, or other privacy rights.

If you contact us directly, we will refer you to our client who controls the data, as we cannot make decisions about data we process on their behalf.

11. California Privacy Rights and CCPA

For California residents visiting our website, the California Consumer Privacy Act (CCPA) provides specific rights:

No Sale of Personal Information: We do not, have not, and will not sell personal information. This isn't just a legal compliance statement - it's fundamental to our business model. We're a professional service provider, not a data broker.

No Behavioral Advertising: We don't participate in cross-context behavioral advertising. The information we collect through our website is used solely for responding to business inquiries and improving our services.

Right to Information: You can request information about our data practices by emailing privacy@productiveplayhouse.com. We'll provide details about what information we collect, how we use it, and with whom we share it.

For transcription services, it's important to note that the CCPA generally doesn't apply to our role as a service provider processing data on behalf of clients. The business that controls the data (our client) handles CCPA requests related to transcribed content.

12. Children's Privacy

Our services are designed for business use, and we don't knowingly collect information from children through our website. We recognize, however, that content we transcribe might sometimes include children's voices or information.

When client content includes recordings of minors - perhaps in educational settings, research contexts, or family business situations - the responsibility for appropriate consent and legal compliance rests with the client who made the recording. We process such content under the same strict confidentiality standards as all other transcription work.

If we become aware that we've inadvertently collected personal information from a child under 16 through our website, we'll promptly delete it. Parents or guardians who believe this might have occurred should contact us immediately at privacy@productiveplayhouse.com.

13. Changes to This Privacy Policy

Privacy laws evolve, technologies advance, and business practices improve. When we need to update this Privacy Policy, we'll do so thoughtfully and transparently.

Minor clarifications or corrections might be made without notice, though we'll always update the "Last Updated" date at the top of this policy. For material changes - those that significantly affect how we handle information - we'll provide advance notice to our clients through our service agreements and post prominent notices on our website.

We maintain an archive of previous policy versions, allowing interested parties to see how our practices have evolved. This transparency helps build trust and demonstrates our commitment to continuous improvement in privacy protection.

15. Contact Us

For privacy-related questions or concerns:

General Privacy Inquiries:
Email: security@productiveplayhouse.com
We aim to acknowledge all privacy inquiries within two business days and provide substantive responses within 30 days.