OnMeet

Privacy Policy

Last updated: 13 May 2026.

OnMeet (“we”, “us”, “the service”) is an AI-powered advisory meeting product operated as an independent venture and made available at onmeet.io. This policy explains what information we collect when you use OnMeet, what we do with it, who else touches it, and the controls you have over it. We are written in plain English on purpose — if any section is unclear, email support@onmeet.io and we'll improve it.

1. Who is responsible for your data

OnMeet is the data controller for personal data collected directly from you (account email, profile name, meeting transcripts). Payment data is handled by Paddle.com Inc. and its local entities, who act as the merchant of record and a separate data controller for billing information — OnMeet never receives or stores your full card number.

2. What we collect

2.1 Account data

  • Email address, password hash (Argon2id), display name, locale, and theme preference.
  • If you sign in with Google, the corresponding Google account ID + email (we do not get access to your Gmail, Drive, calendar, or contacts).
  • Authentication metadata: hashed refresh-token rotations, last sign-in timestamp, IP address of the last successful sign-in (retained for 30 days for abuse detection).

2.2 Meeting data

  • The topic, language, and panel you choose at meeting creation.
  • Microphone audio streamed to the AI persona stack during the meeting. We do NOT persist your raw audio — only the transcribed text the model produced is stored.
  • The transcript of each meeting (your spoken text plus the AI personas' replies) until you delete the meeting, your account, or 24 months pass, whichever comes first.
  • Any reference document you optionally upload. Documents are encrypted at rest with a per-meeting key derived from a master secret. We retain them for the lifetime of the meeting record.
  • Cross-meeting memory snippets that the AI extracts (3 to 5 short facts per meeting) so future panels recall your context. You can delete these from your profile.

2.3 Usage data

  • Billing audit log: timestamps + credits charged per meeting, used to drive the credit meter and resolve support tickets. No payment-instrument data here.
  • Crash + performance breadcrumbs (Sentry). Only collected if you accepted the “Analytics” cookie category.

3. Why we collect it (legal bases)

  • Contract. We need your email + transcript history to deliver the service you signed up for.
  • Legitimate interest. Audit logs, abuse detection, and error monitoring are required to keep the service stable and secure for every user.
  • Consent. Optional analytics, marketing, and the cross-meeting memory feature run only after you opt in via the cookie banner / profile settings.
  • Legal obligation. Tax records, payment reconciliation files, and any law-enforcement requests we are legally compelled to honour.

4. Who else touches your data

OnMeet is intentionally a thin layer over a small, audited set of upstream providers. Each one only receives what it needs to do its specific job, never more.

  • Google (Gemini API). Persona voice + text generation, meeting referee transcription, and end-of-meeting recommendation. Audio + transcript text for the current meeting only. Google does not use this data to train models per the paid-tier API terms.
  • OpenAI. Embeddings only (text-embedding-3-small) for cross-meeting memory retrieval. We send short text snippets (~5 to 100 words); no audio.
  • Paddle. Subscription billing, merchant-of-record VAT/sales tax, payment dispute resolution. They receive your email + payment method.
  • Sentry. Error and performance telemetry. Only collected when you opt in to the analytics cookie category. PII is scrubbed before send.
  • Cloud hosting (PostgreSQL + Redis + MinIO). The transcripts + uploaded documents sit on our managed infrastructure in the EU / US. Encrypted at rest; access-restricted via our admin tooling only.

We do not sell, rent, or share your personal data with third-party advertisers.

5. How long we keep it

  • Account profile: until you delete your account.
  • Meeting transcripts + documents: until you delete the meeting, your account, or 24 months pass.
  • Audit logs (billing + auth): 7 years to satisfy financial record-keeping rules.
  • Sign-in IP + abuse signals: 30 days.

6. Your rights

Under GDPR (and equivalent rights under UK GDPR, Turkish KVKK, California CCPA, and similar regimes), you can:

  • Access a copy of your data (email support@onmeet.io).
  • Correct anything that's wrong via your profile.
  • Delete your account (Settings → Profile → Delete account), which removes your profile, transcripts, memories, and documents.
  • Export your meetings as Markdown from the meeting page.
  • Withdraw consent for any optional category at any time.
  • Complain to your local data protection authority if you believe we're mishandling your data.

7. International transfers

Your data may be processed in the European Economic Area, the United Kingdom, the United States, and other jurisdictions where our upstream providers operate. Where data leaves the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Security

Passwords are hashed with Argon2id at industry-standard memory + parallelism parameters. Authentication uses JWTs rotated on every refresh. Uploaded documents are encrypted at rest with libsodium SecretBox using a per-meeting key derived from an environment-held master secret. TLS 1.3 in transit. No security is perfect; please report vulnerabilities to support@onmeet.io.

9. Children

OnMeet is not directed at users under 16. If you believe a minor has created an account, email us and we'll delete it.

10. Changes to this policy

Material changes will be announced at the top of this page, and where you have an account, by email at least 14 days before they take effect. Continuing to use OnMeet after the effective date is acceptance of the updated policy.

11. Contact

Privacy questions: support@onmeet.io. See our Legal Notice for the operating entity, jurisdiction, and dispute-resolution forum.