Privacy Policy

Introduction and Scope

GroupSummari, Inc. ("we," "us," or "our") is committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered meeting summary platform and related services (collectively, the "Services").

This policy applies to all users of our Services, including individuals, teams, and organizations that upload meeting recordings for processing. By using our Services, you consent to the data practices described in this policy.

We recognize that meeting recordings often contain sensitive business information, personal discussions, and confidential data. Our privacy practices are designed with this understanding, implementing enterprise-grade security measures and transparent data handling procedures.

Information We Collect

GroupSummari collects several types of information necessary to provide our AI-powered meeting summary services:

• Meeting Recordings and Content: Audio and video files you upload for processing, including spoken content, background audio, and any visual elements in video recordings
• Account and Profile Information: Name, email address, company name, job title, phone number, and billing information
• Usage and Analytics Data: How you interact with our platform, feature usage patterns, session duration, and performance metrics
• Technical and Device Information: IP address, browser type and version, operating system, device identifiers, and network connection details
• Communication Records: Customer support interactions, feedback submissions, and any correspondence with our team
• Integration Data: Information from third-party services you connect to our platform, such as calendar systems or collaboration tools
• Payment Information: Billing details, payment method information, and transaction history (processed through secure third-party payment processors)
• Organizational Data: Team member information, organizational structure, and administrative settings for enterprise accounts

How We Use Your Information

We use your information solely to provide, improve, and protect our Services. Specific uses include:

• Core Service Delivery: Process meeting recordings to generate AI summaries, extract action items, identify speakers, and create shareable reports
• Account Management: Create and maintain your account, authenticate users, and manage subscription services
• Customer Support: Provide technical assistance, respond to inquiries, and resolve service issues
• Service Improvement: Analyze usage patterns to enhance our AI algorithms, improve accuracy, and develop new features
• Communication: Send important service updates, security notifications, billing information, and feature announcements
• Security and Compliance: Monitor for suspicious activity, prevent fraud, and ensure platform security
• Legal Compliance: Meet regulatory requirements, respond to legal requests, and protect our rights and interests
• Business Operations: Conduct internal analytics, financial reporting, and strategic planning
• Quality Assurance: Test and validate AI model performance, accuracy improvements, and system reliability

Data Security and Protection

We implement comprehensive security measures to protect your data throughout its lifecycle:

• Encryption in Transit: All data transmission uses TLS 1.3 encryption with perfect forward secrecy
• Encryption at Rest: Data stored in our systems is encrypted using AES-256 encryption with regularly rotated keys
• Access Controls: Multi-factor authentication, role-based access controls, and principle of least privilege for all system access
• Secure Processing: Meeting recordings are processed in isolated, secure environments with no persistent storage of raw audio
• Infrastructure Security: SOC 2 Type II compliant cloud infrastructure with continuous monitoring and threat detection
• Regular Security Audits: Quarterly penetration testing, vulnerability assessments, and security reviews by independent third parties
• Employee Training: Comprehensive security awareness training for all team members with access to customer data
• Incident Response: Established procedures for detecting, responding to, and reporting security incidents
• Data Backup and Recovery: Automated backup systems with geographically distributed storage and tested recovery procedures
• Compliance Monitoring: Continuous compliance monitoring and regular updates to security practices based on industry best practices

Data Retention and Deletion

We follow strict data retention policies designed to minimize data storage while meeting business and legal requirements:

• Meeting Recordings: Raw audio and video files are automatically deleted within 24 hours of processing unless you explicitly choose to save them
• Generated Summaries: AI-generated summaries and extracted insights are retained according to your subscription plan (30 days for Starter, 1 year for Professional, 3 years for Enterprise)
• Account Data: Profile and account information is retained while your account remains active and for 90 days after account closure
• Usage Analytics: Aggregated, anonymized usage data may be retained indefinitely for service improvement purposes
• Legal Hold: Data subject to legal proceedings or regulatory requirements may be retained longer as required by law
• User-Requested Deletion: You can request immediate deletion of your data at any time through your account settings or by contacting support
• Automatic Purging: Our systems automatically purge expired data according to retention schedules with audit logging

Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share information only in the following limited circumstances:

• With Your Consent: When you explicitly authorize us to share information with third parties
• Service Providers: With trusted vendors who assist in our operations under strict confidentiality agreements (cloud hosting, payment processing, customer support tools)
• Legal Requirements: When required by law, court order, or government regulation, with advance notice when legally permissible
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users
• Safety and Security: To protect the rights, property, or safety of GroupSummari, our users, or the public
• Aggregated Data: Anonymized, aggregated statistics that cannot identify individual users may be shared for research or business purposes

Your Privacy Rights

You have comprehensive rights regarding your personal data, including:

• Right to Access: Request a copy of all personal data we hold about you, including data sources and processing purposes
• Right to Rectification: Update, correct, or complete inaccurate or incomplete personal information
• Right to Erasure: Request deletion of your personal data, subject to legal and contractual obligations
• Right to Data Portability: Export your data in a structured, machine-readable format for transfer to another service
• Right to Object: Object to certain processing activities, including direct marketing and automated decision-making
• Right to Restrict Processing: Limit how we process your data in certain circumstances
• Right to Withdraw Consent: Revoke consent for data processing activities that require your consent
• Right to Lodge Complaints: File complaints with relevant data protection authorities regarding our privacy practices

International Data Transfers

Your data may be processed in countries other than your own to provide our global services. We ensure appropriate safeguards are in place for all international transfers:

• Adequacy Decisions: Transfers to countries with adequacy decisions from relevant data protection authorities
• Standard Contractual Clauses: Use of European Commission-approved standard contractual clauses for transfers to countries without adequacy decisions
• Binding Corporate Rules: Implementation of binding corporate rules for intra-group transfers
• Certification Programs: Participation in recognized certification programs and codes of conduct
• Additional Safeguards: Technical and organizational measures to ensure data protection equivalent to your home jurisdiction

Children's Privacy

Our Services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take immediate steps to delete such information. Parents or guardians who believe their child has provided personal information to us should contact us immediately.

Privacy Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of material changes through:

• Email Notifications: Direct email to registered users for significant policy changes
• Platform Notifications: In-app notifications and dashboard alerts
• Website Updates: Posting updated policies on our website with clear change indicators
• Advance Notice: At least 30 days' notice for material changes that affect your rights

Continued use of our Services after policy updates constitutes acceptance of the revised terms. We encourage you to review this policy regularly to stay informed about our privacy practices.

Contact Information

If you have questions about this Privacy Policy, need to exercise your privacy rights, or want to report a privacy concern, please contact us: