MeetingsAI
MeetingsAI
Legal

GDPR Compliance

Last updated: December 2024

Our Commitment to GDPR

MeetingsAI is committed to protecting the privacy and rights of individuals in the European Union (EU) and European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

This page explains how we comply with GDPR requirements and outlines the rights available to you as a data subject. For more detailed information about our data practices, please also review our Privacy Policy.

Data Controller Information

MeetingsAI acts as the data controller for the personal data we collect and process. This means we determine how and why your personal data is processed.

Contact for Data Protection Inquiries:

Email: info@meetingsai.app

Please include "GDPR Request" in the subject line for faster processing.

Legal Basis for Processing

Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal bases:

Contractual Necessity

Processing necessary to provide the Service to you, including transcription, summarization, and account management.

Legitimate Interests

Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where these interests do not override your rights.

Consent

Where required, we obtain your explicit consent before processing certain data, such as for marketing communications or optional analytics.

Legal Obligation

Processing necessary to comply with applicable laws and regulations.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data. Upon account deletion, we will remove your data within 30 days, except where retention is required by law.

Right to Restriction of Processing

You have the right to request that we limit how we use your data in certain circumstances, such as while we verify the accuracy of your data.

Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format and to transfer it to another service provider.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

Data Protection Measures

We implement comprehensive technical and organizational measures to protect your personal data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with multi-factor authentication support
  • Regular security audits and vulnerability assessments
  • Access controls limiting data access to authorized personnel
  • Data minimization principles in our data collection
  • Regular employee training on data protection
  • Incident response procedures for potential data breaches

Private Mode for Maximum Privacy

For users who require the highest level of data protection, we offer Private Mode, which processes all data entirely on your device using Apple Intelligence. With Private Mode:

  • No audio or transcription data leaves your device
  • All AI processing happens locally on-device
  • No data is transmitted to our servers or third parties
  • You maintain complete control over your data

Private Mode is ideal for users handling sensitive information or those who want to minimize their data footprint while still benefiting from AI-powered transcription.

International Data Transfers

When using our standard (non-Private Mode) services, your data may be transferred to and processed in countries outside the EU/EEA, including the United States. We ensure that such transfers comply with GDPR by:

  • Using service providers that participate in approved data transfer mechanisms
  • Implementing Standard Contractual Clauses (SCCs) where required
  • Verifying that our service providers maintain adequate data protection standards

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data is retained while your account is active
  • Meeting data is retained until you delete it or your account
  • Upon account deletion, personal data is removed within 30 days
  • Some data may be retained longer for legal or regulatory compliance

Exercising Your Rights

To exercise any of your GDPR rights, you can:

  • Use the privacy controls within the MeetingsAI app settings
  • Submit a request by email to info@meetingsai.app with "GDPR Request" in the subject line

We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days, but we will inform you of any delay and the reasons for it.

Right to Lodge a Complaint

If you believe that we have violated your rights under GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact the data protection authority in your country of residence, your place of work, or where the alleged infringement took place.

Contact Us

If you have any questions about this GDPR Compliance page or our data protection practices, please contact us at:

Email: info@meetingsai.app

Please include "GDPR" in the subject line for data protection inquiries.