Privacy Policy

MeetCapture ("we", "us") provides tools to record, transcribe, and analyze meetings. This policy explains what data we collect, how we use it, who we share it with, and the controls you have. It applies to our website, dashboard, desktop recorder, and developer API.

Account data. Name, email, hashed password, OAuth identifiers (Google, GitHub), billing address and tax details if you purchase a plan.

Meeting content. Audio recordings, video recordings (on supported plans), transcripts, transcript segments, speaker labels, and any notes you attach. We process only meetings you explicitly start a recording for.

Calendar metadata. If you connect Google Calendar, we store event titles, times, attendee emails and names, and meeting URLs solely to detect meetings and apply your auto-capture preferences. We do not read your inbox.

Usage data. API calls, session starts and durations, webhook deliveries, feature interactions, and diagnostic logs.

Payment data. Razorpay processes card and bank details directly; we store only subscription identifiers, plan, status, and invoice records. We never see or store your full card number.

Device and network data. IP address, browser user-agent, operating system, daemon version, and crash diagnostics.

• Provide, operate, and maintain the Service;
• Generate transcripts, summaries, and action items from meeting content you submit;
• Enforce quotas, prevent abuse, and investigate security incidents;
• Process payments, invoices, and tax compliance;
• Send transactional emails (verification, password reset, billing receipts, important Service updates);
• Improve reliability and performance via aggregated, de- identified metrics.

We do not: sell your data, use Customer Content to train foundation AI models, or mine your meeting content for advertising.

Transcripts and summaries are generated using third-party AI providers (for example, OpenAI and Deepgram). Content sent to these providers is processed under their enterprise privacy terms, is not used to train their public models, and is transmitted over encrypted channels. A list of current sub-processors is available on request.

Where GDPR applies we rely on: (a) contract, to deliver the Service you requested; (b) legitimate interests, for security, fraud prevention, and product improvement; (c) consent, for optional integrations such as Google Calendar; and (d) legal obligation, for tax and regulatory compliance.

We share data only with sub-processors needed to run the Service:

• Supabase — authentication, database, storage, and Edge Functions.
• Razorpay — payment processing.
• OpenAI, Deepgram — transcription and AI summarization (opt-in based on plan).
• Google — Calendar OAuth and event metadata (only if you connect).
• Hostinger — web hosting for the dashboard and marketing site.

We may disclose data to comply with a valid legal request, to protect rights and safety, or as part of a merger or acquisition — in which case we will notify you.

• Recordings and transcripts: kept until you delete them or close your account. Enterprise plans may configure custom retention windows.
• Calendar events: kept while the connection is active and deleted within 30 days of disconnect.
• Usage logs: retained for up to 12 months for security and analytics.
• Billing records: retained for 7 years to meet tax and audit obligations.
• Account deletion: within 30 days of request, personal data is deleted or de-identified except where we must retain it by law.

We encrypt data in transit (TLS 1.2+) and at rest. Passwords are hashed; OAuth tokens are encrypted with AES-GCM before storage; sensitive secrets are held in Supabase Vault with service-role access only. Database tables enforce row-level security so users can only access their own rows. No system is perfectly secure; please report vulnerabilities to security@meetcapture.dev.

Depending on your jurisdiction you may have the right to:

• Access a copy of your personal data;
• Correct inaccurate data;
• Delete your account and associated Customer Content;
• Export meeting data (available from the dashboard);
• Object to or restrict certain processing;
• Withdraw consent for optional processing such as calendar sync.

Email privacy@meetcapture.dev to exercise any of these rights. We will respond within 30 days.

We operate from India and may transfer data to other countries where our sub-processors are located. Where required, we rely on standard contractual clauses or equivalent safeguards.

MeetCapture is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us so we can delete it.

We use only strictly necessary cookies to keep you signed in and protect against CSRF. We do not use advertising or cross-site tracking cookies.

We may update this policy from time to time. Material changes will be posted on this page and, where feasible, notified by email. The "Last updated" date above reflects the current version.

Privacy questions, data requests, or complaints: privacy@meetcapture.dev. Security issues: security@meetcapture.dev.