Notemesh
Notemesh

Privacy Policy

Last updated: March 22, 2026

1. Introduction

Notemesh ("we", "our", "us") is an AI-powered meeting assistant that records, transcribes, and analyzes your meetings. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at notemesh.dev and app.notemesh.dev.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture via Google OAuth or email/password registration.

Meeting Recordings & Transcripts

When you use Notemesh to record meetings, we capture and store:

  • Video and audio recordings of your Zoom meetings
  • AI-generated transcripts with speaker diarization
  • AI-generated summaries, action items, key decisions, and follow-up emails
  • Speaker analytics (talk time, participation metrics)

Google Calendar & Drive Access

With your consent, we access:

  • Google Calendar (read-only): to detect upcoming meetings with Zoom links and automatically dispatch the recording bot
  • Google Drive (file access): to archive meeting recordings and transcripts as permanent copies in your Google Drive

We do not modify, delete, or read any existing files in your Google Drive or calendar events.

Usage Data

We collect basic usage information such as pages visited, features used, and error logs to improve the service.

3. How We Use Your Information

  • To record, transcribe, and analyze your meetings
  • To generate AI-powered summaries, action items, and follow-up emails
  • To build searchable knowledge bases from your meeting history
  • To send you notifications about meeting processing status
  • To improve our AI models and service quality

4. Third-Party Services

We use the following third-party services to process your data:

  • Deepgram: speech-to-text transcription with speaker diarization
  • Anthropic (Claude): AI-powered meeting analysis (summaries, action items, decisions)
  • OpenAI: text embeddings for knowledge base search
  • AWS S3: secure storage for meeting recordings (1-year retention)
  • Google APIs: calendar integration and Drive archival
  • Resend / SendGrid: email delivery for follow-up emails and notifications

Each third-party service processes data according to their own privacy policies. We only share the minimum data required for each service to function.

5. Data Storage & Retention

  • Recordings: stored in AWS S3 with a 1-year automatic retention policy. After 365 days, recordings are automatically deleted.
  • Transcripts & AI outputs: stored in our database for as long as your account is active.
  • Google Drive copies: permanently stored in your personal Google Drive (managed by you).
  • Account data: retained until you delete your account.

6. Data Security

We protect your data using:

  • AES-256-GCM encryption for stored OAuth tokens
  • HTTPS/TLS encryption for all data in transit
  • Secure session management with Redis-backed sessions
  • Bcrypt password hashing (12 rounds) for email/password accounts

7. Cookies

We use a session cookie (connect.sid) to maintain your login session. This cookie is httpOnly, secure in production, and has a 30-day expiry. We do not use tracking cookies or third-party analytics cookies.

8. Your Rights

You have the right to:

  • Access your personal data
  • Delete your account and all associated data
  • Export your meeting transcripts and summaries
  • Disconnect Google Calendar and Drive integrations at any time
  • Opt out of AI processing for future meetings

9. Contact Us

For privacy-related questions or requests, contact us at [email protected].