Upload Contact Menu

AI Policy

TP Transcription Limited, reviewed Feb 2026

1. Purpose and Scope

This policy establishes the governance, controls, and responsibilities for the use of Artificial Intelligence (AI) within TP Transcription Limited. It ensures compliance with:

  • UK GDPR
  • Data Protection Act 2018
  • IASME Cyber Assurance requirements
  • Sector‑specific confidentiality obligations (legal, medical, research)

This policy applies to all employees, directors, contractors, and freelance transcribers. It covers all AI tools, including speech‑to‑text engines, LLMs, grammar tools, summarisation tools, and any automated system capable of processing language or audio.

2. Definitions

  • Artificial Intelligence (AI): Automated systems capable of performing tasks requiring human intelligence.
  • Machine Learning (ML): AI systems that learn patterns from data.
  • Automated Transcription: Machine‑generated text from audio/video.
  • Human‑Edited Transcription: Transcription produced entirely by a human.
  • Personal Data: Information relating to an identifiable individual (GDPR Art. 4).
  • Special Category Data: Sensitive data requiring enhanced protection (GDPR Art. 9).
  • Client Data: Any audio, video, text, or metadata provided by clients.

3. Approved Use Cases

TP Transcription Limited operates a strict no‑AI‑processing rule for client data.

Permitted uses of AI (with no client data inputted):

  • Grammar queries using generic examples
  • Research into terminology, acronyms, or specialist vocabulary
  • Productivity tools that do not process or store client information

The following are not permitted:

  • Automated first‑pass transcription
  • Speaker diarisation
  • Timestamping
  • Grammar or formatting suggestions based on client content
  • Quality‑assurance checks involving client data
  • Summaries or topic extraction
  • Any AI‑assisted content generation involving client material

4. Prohibited Use Cases

The following are strictly prohibited:

  • Uploading or inputting client audio, text, or metadata into any AI tool
  • Using AI tools that store or reuse data for training
  • Using AI to fabricate or “fill in” unclear audio
  • Using AI for identity recognition or profiling
  • Using AI to translate or summarise client content
  • Using personal accounts or devices to process client material
  • Using AI tools that are not GDPR‑compliant
  • Using AI tools without prior approval from a Director

Any breach constitutes a data‑protection incident.

5. Data Privacy and Security Requirements

  • No client data may be processed by AI tools.
  • All systems must comply with UK GDPR principles:
    • Lawfulness, fairness, transparency
    • Purpose limitation
    • Data minimisation
    • Accuracy
    • Storage limitation
    • Integrity and confidentiality
  • Data must be encrypted in transit and at rest.
  • Data must not be transferred outside approved systems.
  • Retention and deletion must follow internal policy and client agreements.
  • Special category data (legal, medical, research) requires enhanced controls.
  • Any proposed AI use must undergo a Data Protection Impact Assessment (DPIA).

6. Human Oversight and Quality Control

  • All transcription work must be completed and verified by a human.
  • AI‑generated output must never be delivered to clients.
  • Transcribers remain responsible for accuracy and context.
  • Human judgement must be used for unclear or ambiguous audio.

7. Transparency With Clients

TP Transcription Limited discloses that:

  • No client data is processed using AI.
  • All transcription is performed by humans.
  • AI tools may be used only for non‑client‑data tasks (e.g., terminology research).

Any future changes will be communicated to clients.

8. Vendor and Tool Approval Process

Before any AI‑related tool is approved, Directors must assess:

  • GDPR compliance
  • Data‑handling and retention policies
  • Security controls
  • Whether the tool trains on user data
  • Contractual guarantees
  • Supply‑chain risk
  • Results of DPIA (if applicable)

Tools are reviewed annually.

9. Employee and Freelancer Responsibilities

All personnel must:

  • Comply with this policy
  • Use only approved tools
  • Maintain confidentiality
  • Report breaches immediately
  • Complete mandatory training
  • Sign the AI Compliance Declaration (see Governance Pack)

10. Training and Competency

  • All staff and freelancers receive training on this policy.
  • Training is refreshed annually or when regulations change.
  • Compliance is monitored by Directors.

11. Ethical Considerations

TP Transcription Limited commits to:

  • Avoiding bias in any AI‑related processes
  • Respecting client confidentiality
  • Ensuring fairness, accuracy, and integrity
  • Avoiding AI‑based surveillance or profiling

12. Incident Reporting and Breach Response

An AI‑related incident includes:

  • Any client data inputted into an AI tool
  • Any unauthorised AI use
  • Any suspected data exposure

Report immediately to:

  • anna@tptranscription.co.uk
  • jonathan@tptranscription.co.uk

Directors will respond immediately and always within 12 hours. Clients will be notified via standard communication channels if required.

13. Policy Review and Updates

  • Reviewed annually
  • Updated by the board of directors
  • Changes communicated to staff, contractors and clients

Thank you Sarah and thank you also for the quick turn around of this one. It’s very much appreciated. 

Ashleigh Woodward, Solicitor HPJV Solicitors, Newport Wales

Dear Anna, thank you for a great job, Kind Regards, Anne, Moodpath Counselling, Training & Psychotherapy, UK.

Anne Hayward, Psychotherapist

March 2023
Thanks very much, Anna. I was impressed with your service and will definitely use you again if I need transcription services in future. Marcus Bateman, Consultant Physiotherapist

Feedback from University Hospitals of Derby & Burton NHS Foundation Trust

Our Accreditations

We are Cyber Essentials Plus audited annually and we hold the Cyber Essentials and Cyber Essentials Plus certificates. We are UKAS ISO 27001:2022 audited and accredited and ISO 9001 & ISO 14001 systems accredited company. We are members of the American Translators Association and we are assessed for GDPR compliance annually by IASME (Cyber Assurance Level 1).

10% Profits to Charity

10% of our profits are donated to the Ten Percent Foundation, a charitable trust registered in the UK. Since 2000 over £150,000 has been donated to projects in Africa and the UK. Click here for details.