Privacy Policy

Last Updated: December 09, 2025

At NoteMate, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted and stored securely)
  • First name and surname
  • Date of birth
  • Country

1.2 Meeting Data

When you use our transcription service, we collect and store:

  • Audio files (up to 500MB per file)
  • Transcripts generated from your audio
  • Summaries and action items
  • Meeting titles and metadata
  • Audio duration and file size information
  • Transcription and summarization processing times

1.3 Lead Information

If you submit a lead form, we may collect:

  • Email address
  • Name
  • Use case information
  • Marketing attribution data (UTM parameters)
  • IP address
  • Browser user agent and referrer information

1.4 Usage Data

We track your usage to provide and improve our service:

  • Monthly minutes used for transcription
  • Subscription plan information
  • Feature usage and preferences

1.5 Technical Data

We automatically collect certain technical information:

  • Cookies and session tokens
  • Authentication tokens
  • Device and browser information
  • IP address
  • Log data and error reports

2. How We Use Your Information

We use the information we collect to:

  • Provide Services: Process audio transcriptions, generate summaries, and deliver features based on your subscription plan
  • Account Management: Authenticate users, manage accounts, and provide customer support
  • Service Improvement: Analyze usage patterns to improve our transcription accuracy and service quality
  • Communication: Send service-related notifications, respond to inquiries, and provide support
  • Usage Tracking: Monitor subscription limits and track usage for billing purposes
  • Security: Protect against fraud, abuse, and security threats
  • Legal Compliance: Comply with legal obligations and enforce our terms of service

3. Third-Party Services

We use the following third-party services to provide our transcription and summarization features:

3.1 OpenAI

We use OpenAI's services for:

  • Whisper API: For audio transcription. Your audio files are sent to OpenAI for processing.
  • GPT-4o-mini: For generating summaries and action items. Your transcripts are sent to OpenAI for summarization.

Please review OpenAI's Privacy Policy to understand how they handle your data.

3.2 AssemblyAI

As an alternative transcription provider, we may use AssemblyAI for audio transcription. Your audio files may be sent to AssemblyAI for processing.

Please review AssemblyAI's Privacy Policy to understand how they handle your data.

3.3 ActiveStorage

We use ActiveStorage (Rails file storage) to securely store your audio files and associated data.

3.4 Devise

We use Devise for user authentication and account management. Your passwords are encrypted using bcrypt.

4. Data Disclosure

We disclose your information in the following circumstances:

4.1 Service Providers

  • Audio Files: Sent to OpenAI or AssemblyAI for transcription processing
  • Transcripts: Sent to OpenAI for summarization and action item extraction
  • Storage: Your data is stored in our PostgreSQL database and via ActiveStorage

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to:

  • Comply with legal processes
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Respond to government requests

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Security Practices

We implement industry-standard security measures to protect your information:

  • Password Encryption: All passwords are encrypted using bcrypt hashing
  • Account Security: Accounts are locked after multiple failed login attempts
  • CSRF Protection: Cross-site request forgery protection is enabled
  • Secure Password Validation: We check passwords against known compromised password databases
  • HTTPS/SSL: All data transmission is encrypted using SSL/TLS
  • Database Security: Access to our database is restricted and monitored
  • Secure Storage: Audio files and sensitive data are stored securely

Note: While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

You have the following rights regarding your personal information:

6.1 Access

You can access your personal data through your account settings. You can view and download your transcripts, summaries, and meeting data.

6.2 Deletion

You can delete your meetings and associated data at any time. To delete your account and all associated data, please contact us at support@note-mate.app.

6.3 Data Portability

You can export your transcripts and summaries in various formats through the service interface.

6.4 Cookie Preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect service functionality.

6.5 GDPR and CCPA Rights

If you are located in the European Economic Area (EEA) or California, you have additional rights under GDPR and CCPA, including:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to opt-out of sale of personal information (we do not sell your data)

To exercise these rights, please contact us at support@note-mate.app.

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Meeting Data: Retained until you delete it or your account is deleted
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer if required by law

8. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our service, you consent to the transfer of your information to these countries.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: support@note-mate.app
  • Address: NoteMate, United Kingdom
Back to Home