Last updated: March 2025
Privacy Policy
We believe privacy is a right, not a feature. This policy explains clearly what data we collect, why, and how we protect it.
The short version
- ✓ Your recordings and notes are never used to train AI models
- ✓ We never sell or share your data with third parties for commercial purposes
- ✓ All data is stored in the European Union, encrypted at rest and in transit
- ✓ You can delete your account and all data at any time
- ✓ We only collect data we actually need
1. Who we are
MeetingNotes.work is a web application that helps professionals turn meeting recordings into structured output using AI. References to "we", "us" or "our" in this policy refer to the operator of MeetingNotes.work.
For privacy questions: [email protected]
2. What data we collect
2.1 Account data
- Email address (used for authentication and account management)
- Subscription status and plan
- Date of account creation and last login
2.2 Meeting data
- Audio recordings you make within the app
- Transcripts generated from your recordings
- AI-generated output (summaries, emails, CRM notes)
This data is exclusively yours. We process it only to provide the service and never use it for any other purpose.
2.3 Knowledge base data
- Documents (PDFs) you upload
- Website content indexed from URLs you add
- Text snippets you enter manually
2.4 Calendar data (optional)
If you connect Google Calendar or Outlook, we read your calendar events to provide context to the AI (meeting title, attendees, date). We request only the minimum permissions needed and never modify your calendar.
2.5 Technical data
- IP address (anonymised after 30 days)
- Browser type and version
- Error logs and performance data
3. How we use your data
- Providing the service: Processing recordings, generating AI output, managing your account
- Improving reliability: Error monitoring and performance diagnostics
- Billing: Processing payments via Stripe
- Communication: Sending account-related emails (no marketing without consent)
We never: sell your data, share it with advertisers, use it to train AI models, or access it without a legal basis.
4. AI processing and third parties
4.1 OpenAI (AI processing)
We use the OpenAI API to transcribe recordings and generate output. This means your audio and text is sent to OpenAI's servers for processing. Our agreement with OpenAI includes:
- Your data is not used to train OpenAI's models
- OpenAI processes data only as a processor on our behalf
- Data is not retained longer than technically necessary for processing
More information: OpenAI Privacy Policy
4.2 Google / Microsoft (calendar and email)
If you connect Gmail, Google Calendar, Outlook or Microsoft 365, the respective provider processes data according to their own privacy policy. We request only minimum required permissions. You can revoke integrations at any time from your account settings.
4.3 Cloud storage
Audio recordings and knowledge base files are stored on servers within the European Union. All files are encrypted at rest (AES-256) and in transit (TLS 1.3).
4.4 Stripe (payments)
Payments are processed by Stripe. We never have access to your full payment card details — Stripe processes these directly and provides us only with an anonymised token. Stripe is certified as a PCI DSS Level 1 processor. More information: Stripe Privacy Policy
4.5 Hanko (authentication)
Login is handled by Hanko, which processes your email address for the sign-in flow. More information: Hanko Privacy Policy
5. Data retention
- Audio recordings: Automatically deleted 90 days after recording
- Transcripts and AI output: Retained while your account is active, or until you delete them
- Knowledge base content: Retained while your account is active, or until you delete it
- Account data: Retained while your account is active
- Billing records: 7 years as required by law
- Logs: IP addresses anonymised after 30 days, logs deleted after 90 days
When you close your account, all data (except billing records required by law) is permanently and irreversibly deleted within 30 days.
6. Your rights (GDPR)
Under the GDPR you have the right to:
- Access: Request a copy of the data we hold about you
- Correction: Ask us to correct inaccurate data
- Erasure: Request deletion of your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interest
- Restriction: Request that we restrict processing of your data
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority.
7. Data transfers outside the EU
Your data is primarily processed and stored within the European Union. For AI processing via the OpenAI API, data may be sent to servers in the United States. OpenAI participates in the EU–US Data Privacy Framework and provides additional contractual guarantees via Standard Contractual Clauses (SCCs).
8. Security
We implement appropriate technical and organisational measures to protect your data, including encryption at rest and in transit, access controls, and regular security reviews. However, no system is 100% secure. If you discover a security issue, please report it to [email protected].
9. Cookies
We use only strictly necessary cookies required for authentication and session management. We do not use tracking cookies or advertising cookies.
10. Changes to this policy
We may update this policy occasionally. We will notify you of significant changes via email. The date at the top of this page reflects the most recent update. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact
Questions or concerns about this privacy policy? Contact us at [email protected].