Privacy Policy
Last updated: January 13, 2025
Sigmise ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our meeting transcription and AI summarization service (the "Service"), including our desktop application and website at sigmise.com.
Please read this Privacy Policy carefully. By using the Service, you consent to the collection and use of your information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: When you create an account, we collect your name, email address, and password (encrypted).
- Payment Information: When you subscribe to a paid plan, payment details are collected and processed directly by Stripe, Inc. We do not store your full credit card number on our servers.
- Meeting Content: Audio recordings captured during your meetings, including system audio and microphone input.
- Generated Content: Transcripts, translations, and AI-generated summaries created from your meeting recordings.
- Communications: Information you provide when contacting our support team or providing feedback.
1.2 Information from Third-Party Authentication
When you choose to sign in using Google Sign-In, we receive the following information from your Google account:
- Your name
- Email address
- Profile picture (if available)
- Google account identifier
This information is used solely to create and authenticate your Sigmise account. We do not access your Google Drive, Google Calendar, Gmail, or any other Google services. We do not post to your Google account or access your contacts.
1.3 Information Collected Automatically
- Device Information: Operating system, device type, and application version.
- Usage Data: Features used, session duration, and interaction patterns.
- Log Data: IP address, browser type, access times, and referring URLs.
- Cookies and Similar Technologies: Session cookies for authentication and preferences. See Section 8 for details.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Delivery
- Process and transcribe your meeting audio recordings
- Generate translations of your transcripts
- Create AI-powered meeting summaries
- Synchronize your data across devices
- Provide customer support
2.2 Account Management
- Create and manage your account
- Authenticate your identity
- Process payments and manage subscriptions
- Send transactional emails (account verification, password reset, receipts)
2.3 Service Improvement
- Analyze usage patterns to improve our Service
- Debug and fix technical issues
- Develop new features and functionality
2.4 Legal and Security
- Detect, prevent, and address fraud and abuse
- Enforce our Terms of Service
- Comply with legal obligations
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide the Service you requested (transcription, translation, summarization).
- Consent: Where you have given explicit consent, such as for optional marketing communications.
- Legitimate Interests: For service improvement, security, and fraud prevention, where these interests are not overridden by your rights.
- Legal Obligation: Where processing is required to comply with applicable laws.
4. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share data with third-party service providers who perform services on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Microsoft Azure | Speech recognition & translation | Audio data, transcripts |
| DeepSeek / OpenAI | AI summarization | Transcript text |
| Stripe | Payment processing | Payment details, email |
| Cloudflare R2 | File storage | Audio files, transcripts |
| Authentication (optional) | OAuth tokens | |
| Resend | Transactional emails | Email address, name |
These providers are contractually obligated to protect your data and may only use it for the specific purposes we direct.
4.2 Legal Requirements
We may disclose your information if required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
5. Data Storage and Security
5.1 Storage Locations
- Local Storage: Meeting data is stored locally on your device using encrypted SQLite databases.
- Cloud Storage: When cloud sync is enabled, data is stored in Cloudflare R2 (S3-compatible object storage) with encryption at rest.
- Database: Account information is stored in PostgreSQL databases with encryption at rest.
5.2 Security Measures
- TLS/SSL encryption for all data in transit
- Encryption at rest for stored data
- Secure password hashing using industry-standard algorithms
- Regular security audits and vulnerability assessments
- Access controls and authentication for all systems
- Rate limiting and DDoS protection
While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
6.1 Meeting Data
| Plan | Cloud Retention |
|---|---|
| Free Plan | 7 days |
| Pro Plan | Unlimited (while subscription active) |
Local data on your device is retained until you delete it or uninstall the application.
6.2 Account Data
- Active accounts: Retained while account is active
- Deleted accounts: Personal data deleted within 30 days of account deletion request
- Payment records: Retained as required by tax and financial regulations (typically 7 years)
7. Your Rights and Choices
7.1 All Users
- Access: View and download your meeting data through the application.
- Correction: Update your account information in Settings.
- Deletion: Delete individual meetings or your entire account.
- Export: Export your transcripts and summaries in standard formats.
7.2 EEA, UK, and Swiss Users (GDPR)
Under the General Data Protection Regulation, you have additional rights:
- Right to Access: Request a copy of all personal data we hold about you.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your personal data.
- Right to Restriction: Request limitation of processing.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise these rights, contact us at support@sigmise.com. We will respond within 30 days.
7.3 California Users (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of personal information collected, used, and shared.
- Right to Delete: Request deletion of personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
- Right to Opt-Out: We do not sell personal information.
8. Cookies and Tracking Technologies
8.1 Types of Cookies We Use
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session / 7 days |
| Functional | Remember preferences (language, theme) | 1 year |
| Analytics | Understand usage patterns | 2 years |
8.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction.
When we transfer data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all service providers
- Encryption of data in transit and at rest
10. Children's Privacy
The Service is not intended for use by children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@sigmise.com, and we will delete such information.
11. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date, and where required by law, by email. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
Email: support@sigmise.com
For GDPR-related inquiries, you may also lodge a complaint with your local data protection authority.