FeaturesHow it WorksPricing
Legal Document

Privacy Policy

Last updated: March 30, 2026

1. Introduction

Welcome to ReMinutes ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights.

2. Data We Collect

  • Identity Data: First name, last name, username or similar identifier.
  • Contact Data: Email address and telephone number.
  • Technical Data: IP address, browser type, time zone, and device information.
  • Usage Data: Information about how you use our website and services.
  • Content Data: Audio recordings, transcripts, and meeting summaries you process.
  • Financial Data: Payment billing information is processed securely by our Merchant of Record, Paddle.com. We do not store your credit card details.
  • Calendar Data: When you connect your Google or Microsoft calendar, we access event titles, dates, times, conferencing links (Zoom, Meet, Teams), organizer email, and attendee lists. We use read-only access and do not modify your calendar.
  • Authentication Data: OAuth tokens used to maintain your calendar connection. Tokens are encrypted at rest and never shared.

3. How We Use Your Data

We will only use your personal data when the law allows us to:

  • Contract Performance: Where we need to perform our contract with you.
  • Legitimate Interests: Where it is necessary for our business interests.
  • Legal Compliance: Where we need to comply with a legal obligation.

4. Calendar Integration (Google & Microsoft)

What We Access

When you connect your Google Calendar, we request read-only access (calendar.readonly scope) to view your calendar events and your email address (userinfo.email scope) to identify your account. When you connect Microsoft Outlook, we request Calendars.Read and User.Read permissions via Microsoft Graph API. In both cases, we use read-only access and cannot modify your calendar.

How We Use Calendar Data

We use your calendar data solely to: (1) identify upcoming meetings with video conferencing links (Google Meet, Zoom, Microsoft Teams, Webex), (2) automatically schedule our AI notetaker bot to join those meetings based on your preferences, and (3) display your upcoming meetings in your dashboard.

Data Sharing

Calendar event data (meeting title, time, and conferencing link) is shared with our bot provider (Attendee.dev) solely to schedule the recording bot to join your meeting. No other calendar data is shared with third parties.

Data Retention

Calendar events are cached in our database for up to 90 days after the event date to support meeting history and analytics. OAuth refresh tokens are stored encrypted (AES-256) and deleted immediately when you disconnect your calendar. You can disconnect your calendar at any time from Settings, which deletes all cached calendar data and cancels any scheduled bots.

Google API Services User Data Policy

ReMinutes' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Limited Use & Data Protection Disclosure

Prohibited Uses

We do not use Google or Microsoft user data for advertising, retargeting, or interest-based ad targeting. We do not sell, rent, or lease calendar or profile data to third parties, data brokers, or information resellers. We do not use calendar data to determine creditworthiness or for lending purposes.

No AI Training on Calendar Data

We do not use Google or Microsoft user data (including calendar events, email addresses, or OAuth tokens) to train generalized artificial intelligence or machine learning models. Calendar data is used exclusively to provide the meeting scheduling features you have requested.

Human Access Restrictions

ReMinutes employees and contractors do not read your calendar data from Google or Microsoft, except: (a) with your explicit consent for support purposes, (b) as necessary for security incident investigation, or (c) as required by law. Access to calendar data is limited to the minimum necessary to provide the service.

Microsoft Graph API Compliance

ReMinutes accesses Microsoft data through the Microsoft Graph API in compliance with the Microsoft APIs Terms of Use. We request only the minimum permissions required (Calendars.Read, User.Read) and handle all data in accordance with Microsoft's Publisher Attestation requirements.

6. Data Storage & Security

We protect your data using industry-standard security measures including: encryption in transit (TLS 1.3) for all data transfers, encryption at rest for stored data including OAuth tokens (AES-256), row-level security policies on our database ensuring users can only access their own data, and regular security audits. Your audio files and transcripts are processed securely using enterprise-grade cloud infrastructure. We do not use your meeting content to train our AI models.

7. Third-Party Services

We use the following third-party services to provide our platform:

  • Paddle.com: Merchant of Record for payment processing. Handles billing, invoices, and refunds.
  • Supabase: Database and authentication infrastructure. Data stored in secure, SOC 2 compliant data centers.
  • AssemblyAI: Audio transcription service. Audio is processed and not retained after transcription.
  • Google Gemini: AI analysis of transcripts for summaries, action items, and insights. Transcript text is processed per-request and not used for model training.
  • Attendee.dev: Meeting bot provider. Receives meeting link, time, and title to schedule bots. Does not retain meeting data after processing.
  • Vercel: Application hosting. SOC 2 compliant infrastructure.

8. Your Data Rights

Under GDPR, CCPA, and applicable data protection laws, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you. Use Settings > Data & Privacy > Export Data.
  • Right to Deletion: Request complete deletion of your account and all associated data. Use Settings > Data & Privacy > Delete Account.
  • Right to Rectification: Update or correct your personal information via your Profile settings.
  • Right to Revoke: Disconnect your calendar integration at any time from Settings > Calendar. This immediately deletes cached calendar data and cancels scheduled bots.
  • Right to Object: Object to processing of your personal data by contacting privacy@reminutes.com.
  • Right to Portability: Export your data in machine-readable JSON format via Settings > Data & Privacy > Export Data.

9. Data Retention

  • Meeting Recordings & Transcripts: Retained for the duration of your subscription or until you delete them. Free tier: 7 days.
  • Calendar Events: Cached for up to 90 days after the event date, then automatically purged.
  • OAuth Tokens: Encrypted and stored while your calendar is connected. Deleted immediately upon disconnection.
  • Usage Logs: Retained for 12 months for billing and audit purposes.
  • Account Data: Retained until you delete your account. Upon deletion, all personal data is purged within 30 days.

10. Cookies

We use essential cookies only: authentication session cookies (managed by Supabase) to keep you logged in, and locale preference cookies to remember your language setting. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at: privacy@reminutes.com

Privacy Policy - Data Protection | ReMinutes