Privacy Policy

Effective date: 7 June 2026 · Last updated: 7 June 2026

Summary. JustHereToListen.io sends an AI assistant into your video meetings to record, transcribe, and analyse them on your behalf. This policy explains what we collect, how we use it, who processes it, how long we keep it, and the rights you have over it. We do not sell your personal data.

1. Who we are

JustHereToListen.io ("we", "us", "the Service") provides a multi-tenant meeting-bot API that joins Zoom, Google Meet, Microsoft Teams, and compatible meetings to produce recordings, transcripts, and AI-generated summaries. We act as a data processor for the meeting content you instruct us to capture, and as a data controller for your account and billing information.

2. Information we collect

Account data — email address, hashed password, API keys (stored only as a salted hash), plan, and admin flags.
Billing data — credit balance and transaction history. Card payments are handled by Stripe; we never see or store full card numbers. Optional USDC payments record only the on-chain deposit address and transaction hash.
Meeting content — audio (and optionally video) recordings, transcripts, chat messages captured during the meeting, participant display names, AI analysis (summaries, action items, decisions), and meeting metadata (URL, platform, start/end time, duration).
Integration tokens — OAuth/access tokens for connected services (Google, Microsoft, Slack, Notion, CRMs), stored encrypted at rest.
Operational data — request logs, error reports, and usage metrics used to run and secure the Service.

3. How we use your information

To join meetings and produce the recordings, transcripts, and analysis you request.
To deliver results to your configured webhooks, email, and integrations.
To meter usage and bill credits.
To secure, debug, and improve the Service.
To comply with legal obligations.

We do not use your meeting content to train our own models, and we do not sell personal data.

4. Sub-processors

We share data only with the service providers needed to operate the Service:

Anthropic (Claude) and Google (Gemini) — AI transcription and analysis of meeting content.
Stripe — card payment processing.
Cloud storage (e.g. AWS S3 / Cloudflare R2, when configured) — recording storage, encrypted at rest.
Email provider (SMTP / SendGrid, when configured) — notifications and digests.
Hosting / error monitoring — to run the Service and aggregate exceptions (configured without sending personal request bodies).

5. Recording consent

Recording a conversation may require the consent of participants. In many jurisdictions (including "all-party consent" US states and the EU/EEA under GDPR and ePrivacy rules) this is a legal requirement. By default our bot announces in the meeting that it is recording and offers an opt-out. You are responsible for ensuring you have a lawful basis and any consent required before sending a bot into a meeting. See our Terms of Service.

6. Data retention

Retention is configurable per account. By default, recordings are deleted after 30 days and transcripts/analysis after 90 days; live bot state expires from memory within 24 hours of completion. You can request a shorter or longer window, or immediate deletion, at any time.

7. Security

Transport encryption (HTTPS/TLS) for data in transit.
Encryption at rest for stored meeting transcripts/analysis, integration tokens, and (when cloud storage is used) recordings.
API keys and passwords are stored only as salted hashes; tenant data is isolated per account.
Optional PII redaction can mask emails, phone numbers, and similar identifiers in transcripts.

8. Your rights

Depending on your jurisdiction you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can:

Export your meeting data (Markdown, PDF, JSON, SRT) from the dashboard or API.
Delete an individual meeting, or your entire account and all associated data, via the dashboard or DELETE /api/v1/auth/account, which cascades to recordings, transcripts, and integration tokens.
Contact us to exercise any other right.

9. International transfers

Your data may be processed in countries other than your own, including by the sub-processors listed above. Where required, we rely on appropriate safeguards for such transfers.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.

12. Contact

Questions or privacy requests: privacy@justheretolisten.io.