Resonotes Privacy Policy

Privacy Policy Update: AI Transcription Bridge Bot and GDPR Compliance

Introduction

We have implemented a new feature that uses an AI-powered bridge bot to provide transcription services for Google Meet and Microsoft Teams meetings. This update to our privacy policy explains how this feature works, how it affects your data, and your rights under the General Data Protection Regulation (GDPR).

How the Bridge Bot Works

1. When you enable AI transcription for a meeting, our bridge bot is invited to the meeting as a participant.
2. The bot joins the meeting and captures the audio stream.
3. The audio is sent in real-time to our transcription service provider, AssemblyAI, for processing.
4. The resulting transcription, along with additional insights such as summary, sentiment analysis, and entity detection, is stored in our secure database.

Data Collection and Use

The bridge bot collects the following data:

• Audio from the meeting
• Transcribed text of the meeting
• Summarized content of the meeting
• Sentiment analysis of the conversation
• Detected entities (e.g., person names, organizations) mentioned in the meeting

This data is used to:

• Provide you with a written record of the meeting
• Generate insights and summaries to help you review the meeting content
• Improve the accuracy and functionality of our transcription service

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on:

• Your explicit consent, which you provide when enabling the AI transcription feature for a meeting.
• The legitimate interests pursued by us in providing and improving our transcription service.

Data Storage and Retention

• Transcriptions and related data are stored in our secure Firebase database within the EU/EEA.
• We retain this data for 30 days unless you request its deletion earlier.
• After 30 days, the data is automatically deleted from our systems.

Third-Party Services

We use the following third-party services as part of this feature:

• Google Meet or Microsoft Teams for video conferencing
• AssemblyAI for transcription and analysis

Please refer to these services' respective privacy policies for information on how they handle your data.

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to access (Article 15)
• Right to rectification (Article 16)
• Right to erasure ('right to be forgotten') (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)

To exercise these rights, you can use the GDPR Data Management features in the settings section of our application, or contact our Data Protection Officer at dpo@ourcompany.com.

Your Choices and Control Over Your Data

• You can choose whether to enable AI transcription for each meeting.
• Participants in the meeting will be notified that a transcription bot is present.
• You can withdraw your consent at any time by disabling the AI transcription feature.
• You can access, download, or delete your transcription data at any time through the settings page.
• You can request access to, correction of, or deletion of your transcription data at any time.

Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing and evaluation of the effectiveness of security measures
• Data minimization and purpose limitation practices
• Regular staff training on data protection and security

International Data Transfers

If we transfer your personal data outside the EU/EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Breaches

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

Compliance with Terms of Service

Our use of the bridge bot complies with the terms of service of both Google Meet and Microsoft Teams. We do not use the bot for any purposes other than those explicitly stated in this privacy policy update.

Changes to This Policy

We may update this policy as we further develop and improve our services. We will notify you of any significant changes.

Contact Us

If you have any questions or concerns about this privacy policy update or our use of the AI transcription bridge bot, please contact our Data Protection Officer at dpo@ourcompany.com.

Last updated: January 2024