AI Meetings
Privacy

Privacy Policy

Last updated · 2026-04-15

§1Who we are

AI Meetings LLC ("we," "us," or "AI Meetings") is a Florida limited liability company that operates the Service at aimeetings.net. Our registered address is 1521 Alton Rd. PMB 106, Miami Beach, FL 33139. AI Meetings LLC is the data controller responsible for your personal data.

§2What we collect

We collect the minimum data needed to provide the Service:

  • Account information — your name and email address when you register.
  • Meeting data — audio, transcripts, and any documents you share with the AI assistant during a session.
  • Usage analytics — anonymized data about how you interact with the Service (e.g., features used, session duration).
  • Billing information — payment details processed securely by Stripe; we do not store full card numbers on our servers.

§3How we use your data

  • Provide the Service — process meeting data in real time so the AI assistant can participate.
  • Billing — track credit usage and process payments.
  • Improve the Service — analyze anonymized usage patterns to fix bugs and build better features.
  • Communicate with you — send account-related emails (e.g., billing receipts, security alerts, terms updates).

We do not sell your personal data. We do not use your meeting content to train AI models.

§4End-to-end encryption

Your data is protected by AES-256-GCM encryption with per-user keys:

  • Per-user Data Encryption Key (DEK) — When you register, a unique 256-bit encryption key is generated. This key is encrypted with a key derived from your password using PBKDF2 (100,000 iterations, SHA-256) and stored securely. We never store your DEK in plaintext.
  • Field-level encryption — Every piece of sensitive data (transcripts, AI responses, document content, briefings, working memory) is encrypted individually before being written to our database. Database administrators cannot read your content.
  • Session-based decryption — Your DEK is decrypted only while you are logged in and held in memory for the duration of your session. It is securely zeroed from memory when you log out.
  • Post-quantum ready key exchange — We currently use X25519 ECDH for key exchange, with our architecture designed for migration to ML-KEM (Kyber) once a stable, audited implementation is available.
In plain terms: even with full access to our database, we cannot read your meeting transcripts, AI responses, documents, or any other content. Only you can decrypt your data.

§5Post-meeting data purge

When a meeting ends, the following data is permanently and irreversibly deleted:

  • All document chunks and vector embeddings (used for real-time search during the meeting)
  • Raw document text extracted from your uploads
  • Pre-read research caches (web research results, context queries)
  • Diagnostic and telemetry events from the session
  • Uploaded files from our servers

What remains after a meeting (all encrypted with your personal key):

  • Meeting transcript (who said what)
  • AI responses and summaries
  • Pre-read briefing (the AI's summary of your documents)
  • Document metadata (filename and type only — not the content)

You can delete any meeting's data at any time from your dashboard. When you delete your account, all data is permanently removed.

§6Third-party processors

We share data with the following processors strictly to operate the Service:

  • OpenAI — processes meeting audio and text to generate AI responses. Data is sent via API and is not used by OpenAI for model training.
  • Recall.ai — operates the meeting bot that joins your video call. Recall processes audio/video streams in real time and does not retain meeting data. Recall.ai is SOC 2, ISO 27001, GDPR, and HIPAA compliant.
  • Deepgram (opt-in only) — when you select "Enhanced Transcription" in your meeting settings, meeting audio is streamed to Deepgram for real-time speech-to-text with multilingual support. Deepgram processes audio with zero retention: audio is deleted immediately after transcription and is never used for model training (we enforce mip_opt_out on all requests). Deepgram is SOC 2 Type II, HIPAA, and GDPR compliant. This processor is only active when you explicitly choose it — standard meetings use platform-native captions and do not send audio to Deepgram.
  • Stripe — processes all payments securely. Stripe receives your payment card details directly — we never see or store your full card number. Stripe is PCI DSS Level 1 certified, SOC 2 Type II compliant, and adheres to GDPR. See Stripe's Privacy Policy.
  • Database hosting — our PostgreSQL database is hosted on infrastructure with encryption at rest and in transit.

§7Data retention

  • Ephemeral meeting data — document chunks, embeddings, raw text, research caches, and uploaded files are permanently purged when the meeting ends (see section 5).
  • Retained meeting data — encrypted transcripts, AI responses, briefings, and document metadata are retained until you request deletion. You can delete individual meetings or all data from your account settings.
  • Account data — kept for as long as your account is active. When you delete your account, all associated data is permanently removed within 30 days.
  • Usage analytics — anonymized data may be retained indefinitely as it cannot be linked back to you.

§8Cookies

  • Authentication cookie — a single httpOnly, secure session cookie is the only cookie we set. It keeps you signed in and contains no personal data.
  • Cookieless analytics — we use Plausible Analytics, which is fully cookieless. It sets no cookies, stores no data on your device, and does not track you across sites.
  • No tracking cookies — we do not use third-party tracking cookies, advertising pixels, or cross-site trackers of any kind.

§9Analytics

We use privacy-focused analytics that do not collect personal data, do not use cookies, and do not track users across sites. Analytics data is aggregated and cannot be used to identify individual users.

§10Your rights

You have the right to:

  • Access — request a copy of all personal data we hold about you.
  • Export — download your meeting data in a standard format.
  • Delete — request deletion of your data or your entire account.
  • Correct — update inaccurate personal information from your account settings.

To exercise any of these rights, email privacy@aimeetings.net or use the controls in your account settings.

§11Children

AI Meetings is not intended for users under 18 years of age. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us and we will promptly delete it.

§12Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

§13Contact

For privacy-related questions or requests, contact us at privacy@aimeetings.net.