Privacy Policy

1. Introduction

Deal Whisperer ("we," "our," or "us") operates the Meeting Whisperer platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service, including our website, application, and AI-powered meeting advisor features.

By using Meeting Whisperer, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

2. Google User Data & Limited Use Disclosure

2.1 Google Data We Access

When you sign in with Google or connect your Google Calendar, we request access to the following scopes:

• Email and Profile (via Supabase Auth) — your name, email address, and profile picture for account creation and authentication
• Google Calendar (read-only) (calendar.readonly) — to read your upcoming calendar events, including event titles, times, attendees, and meeting links (e.g., Zoom URLs)

2.2 How We Use Google Data

• Authentication: Your Google email and profile are used solely to create and authenticate your Meeting Whisperer account
• Calendar sync: Calendar events are read every 2 minutes to detect upcoming meetings, display them on your dashboard, and optionally deploy a live meeting assistant bot
• Meeting preparation: Attendee names and emails from calendar events are used to generate pre-meeting briefs and research

2.3 Google Data Storage & Retention

• Google OAuth tokens (access and refresh tokens) are stored encrypted in our database and used only to maintain your calendar connection
• Calendar event data is synced to our database for meeting management and is retained while your account is active
• We do not store your Google password — authentication is handled entirely through Google's OAuth 2.0 flow

2.4 Google Data Sharing

• We do not sell, lease, or share your Google user data with third parties for advertising, data brokerage, or any purpose unrelated to providing Meeting Whisperer
• Calendar event metadata (attendee names, meeting titles) may be sent to AI providers (OpenAI, Anthropic) solely to generate meeting briefs and advice as part of the core service functionality
• Google data is never used to train AI models

2.5 Revoking Google Access

You can revoke Meeting Whisperer's access to your Google data at any time by:

• Visiting your Google Account Permissions page and removing Meeting Whisperer
• Contacting us at privacy@meeting-whisper.com to request deletion of all stored Google data

Upon revocation, we will delete your stored Google OAuth tokens and cease calendar syncing. Previously synced meeting data will be retained unless you request its deletion.

3. Other Information We Collect

3.1 Meeting Data

• Meeting transcripts captured via audio recording bots (Recall.ai) that join your meetings with visible presence and identification
• Real-time utterance classifications and AI-generated advice
• Post-meeting distillation summaries, extracted entities, and relationships

3.2 Knowledge Base Data

• Documents, URLs, and content you upload for meeting preparation
• Entity and relationship data extracted from your knowledge base
• Vector embeddings generated from your content

3.3 Usage & Technical Data

• Browser type, IP address, device information
• Pages visited, features used, and interaction patterns
• Error logs and performance metrics

4. How We Use Your Information

• Provide real-time AI-powered meeting advice and post-meeting analysis
• Generate meeting briefs, debriefs, and intelligence summaries
• Sync meeting data with your configured CRM integrations
• Maintain and improve the knowledge base and entity graph
• Authenticate your identity and manage your account
• Sync calendar events and schedule meeting recording bots
• Improve, maintain, and troubleshoot the service
• Comply with legal obligations

5. AI Processing & Third-Party AI Services

Meeting Whisperer uses third-party AI models to process your data and generate meeting intelligence. This includes:

• OpenAI (GPT models) — utterance classification, entity extraction, research synthesis, and embeddings
• Anthropic (Claude models) — meeting advice generation, content normalization, and meeting distillation
• Recall.ai — meeting audio capture and speech-to-text transcription

Your data sent to these providers is processed according to their respective privacy policies and data processing agreements. We do not use your data to train third-party AI models. These providers process data as sub-processors under our instruction.

6. Meeting Recording & Transcription

When you enable live meeting assistance, an AI bot joins your meeting as a visible participant. This bot:

• Is clearly identified by name in the meeting participant list
• Captures audio for real-time transcription
• Does not record video

Important: You are responsible for informing all meeting participants that an AI assistant is present and that the meeting is being transcribed. Many jurisdictions require all-party consent for recording. We provide the tool; compliance with recording consent laws is your responsibility.

7. CRM & Third-Party Integrations

If you connect a CRM (Salesforce, HubSpot, Zoho, GoHighLevel, or others), meeting intelligence data may be synced to that platform. This includes:

• Contact and company information extracted from meetings
• Meeting summaries and action items
• Entity relationships and deal-relevant signals

CRM credentials are encrypted at rest. Sync operations are logged for auditability. You control which integrations are active and can disconnect them at any time.

8. Data Storage & Security

• Data is stored in Supabase (PostgreSQL) with encryption at rest and in transit
• Vector embeddings are stored in pgvector for semantic search
• Authentication uses Supabase Auth with JWT tokens
• All API communication uses HTTPS/TLS
• CRM credentials are encrypted using Fernet symmetric encryption
• We implement access controls to ensure tenant data isolation — your data is not accessible to other users

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

9. Data Retention

• Account data is retained while your account is active
• Meeting transcripts and distillations are retained until you delete them
• Knowledge base content is retained until you remove it
• Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law

10. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

• AI service providers — as described in Section 5, to process your meeting data
• CRM integrations — only when you explicitly connect and enable a CRM sync
• Legal requirements — if required by law, court order, or governmental authority
• Business transfers — in connection with a merger, acquisition, or sale of assets

11. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent for data processing
• Object to automated decision-making

To exercise any of these rights, contact us at privacy@meeting-whisper.com.

12. California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To submit a request, contact privacy@meeting-whisper.com.

13. Children's Privacy

Meeting Whisperer is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of Meeting Whisperer after changes constitutes acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: