1. What We Collect
We collect the minimum data needed to provide the Service:
- Account information — your name and email address when you register.
- Meeting data — audio, transcripts, and any documents you share with the AI assistant during a session.
- Usage analytics — anonymized data about how you interact with the Service (e.g., features used, session duration).
- Billing information — payment details processed by our payment provider; we do not store full card numbers.
2. How We Use Your Data
- Provide the Service — process meeting data in real time so the AI assistant can participate.
- Billing — track credit usage and process payments.
- Improve the Service — analyze anonymized usage patterns to fix bugs and build better features.
- Communicate with you — send account-related emails (e.g., billing receipts, security alerts, terms updates).
We do not sell your personal data. We do not use your meeting content to train AI models.
3. End-to-End Encryption
Your data is protected by AES-256-GCM encryption with per-user keys:
- Per-user Data Encryption Key (DEK) — When you register, a unique 256-bit encryption key is generated. This key is encrypted with a key derived from your password using PBKDF2 (100,000 iterations, SHA-256) and stored securely. We never store your DEK in plaintext.
- Field-level encryption — Every piece of sensitive data (transcripts, AI responses, document content, briefings, working memory) is encrypted individually before being written to our database. Database administrators cannot read your content.
- Session-based decryption — Your DEK is decrypted only while you are logged in and held in memory for the duration of your session. It is securely zeroed from memory when you log out.
- Post-quantum key encapsulation — We use Kyber (ML-KEM) key encapsulation to protect against future quantum computing threats.
In plain terms: even with full access to our database, we cannot read your meeting transcripts, AI responses, documents, or any other content. Only you can decrypt your data.
4. Post-Meeting Data Purge
When a meeting ends, the following data is permanently and irreversibly deleted:
- All document chunks and vector embeddings (used for real-time search during the meeting)
- Raw document text extracted from your uploads
- Pre-read research caches (web research results, context queries)
- Diagnostic and telemetry events from the session
- Uploaded files from our servers
What remains after a meeting (all encrypted with your personal key):
- Meeting transcript (who said what)
- AI responses and summaries
- Pre-read briefing (the AI's summary of your documents)
- Document metadata (filename and type only — not the content)
You can delete any meeting's data at any time from your dashboard. When you delete your account, all data is permanently removed.
5. Third-Party Processors
We share data with the following processors strictly to operate the Service:
- OpenAI — processes meeting audio and text to generate AI responses. Data is sent via API and is not used by OpenAI for model training.
- Recall.ai — operates the meeting bot that joins your video call. Recall processes audio/video streams in real time and does not retain meeting data.
- Database hosting — our PostgreSQL database is hosted on infrastructure with encryption at rest and in transit.
6. Data Retention
- Ephemeral meeting data — document chunks, embeddings, raw text, research caches, and uploaded files are permanently purged when the meeting ends (see section 4).
- Retained meeting data — encrypted transcripts, AI responses, briefings, and document metadata are retained until you request deletion. You can delete individual meetings or all data from your account settings.
- Account data — kept for as long as your account is active. When you delete your account, all associated data is permanently removed within 30 days.
- Usage analytics — anonymized data may be retained indefinitely as it cannot be linked back to you.
7. Cookies
- Authentication cookie — a single httpOnly, secure session cookie is the only cookie we set. It keeps you signed in and contains no personal data.
- Cookieless analytics — we use Plausible Analytics, which is fully cookieless. It sets no cookies, stores no data on your device, and does not track you across sites.
- No tracking cookies — we do not use third-party tracking cookies, advertising pixels, or cross-site trackers of any kind.
8. Analytics
We use privacy-focused analytics that do not collect personal data, do not use cookies, and do not track users across sites. Analytics data is aggregated and cannot be used to identify individual users.
9. Your Rights
You have the right to:
- Access — request a copy of all personal data we hold about you.
- Export — download your meeting data in a standard format.
- Delete — request deletion of your data or your entire account.
- Correct — update inaccurate personal information from your account settings.
To exercise any of these rights, email privacy@aimeetings.net or use the controls in your account settings.
10. Children
AI Meetings is not intended for users under 18 years of age. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.