Home

Privacy Policy

Last updated: April 28, 2026

Minutes.AI ("Minutes.AI", "we", "our", or "the Service") is operated by Sense G.K. ("Sense G.K."). This Privacy Policy explains what information we collect when you use the Minutes.AI mobile app, the Minutes.AI web experience, and the supporting backend at sense-ai.world; how we use that information; who we share it with; and the rights you have over it.

By using the Service you confirm that you have read and understood this Policy. If you do not agree, please do not use the Service.

Contents

  1. Information we collect
  2. How we use information
  3. Connected workspace tools (OAuth integrations)
  4. Email handling
  5. Audio recordings and transcripts
  6. AI processing and model training
  7. Service providers and sub-processors
  8. How we share information
  9. Data retention
  10. Security
  11. International data transfers
  12. Your rights and choices
  13. Children's privacy
  14. Changes to this Policy
  15. Contact

1. Information we collect

We collect the categories of information listed below. Each category is processed only for the purposes described in section 2.

1.1 Account information

  • Email address (used as your sign-in identifier via Firebase Authentication; for Sign in with Apple, an Apple-relayed email may be stored).
  • Display name and avatar, if you set them.
  • Subscription / billing status, transaction identifiers, and receipt metadata (handled by Apple App Store / RevenueCat; we receive only the entitlement state, never card numbers).

1.2 Meeting content

  • Audio recordings you capture in the Minutes.AI mobile app or upload to the Service.
  • Transcripts produced from those recordings, including speaker diarization where supported.
  • Generated meeting artifacts: summaries, decision logs, action items, drafted Slack posts, drafted emails, drafted Jira / Linear / Asana / Notion entries, decision memos, dashboards, and other AI-produced documents.
  • Any text you type into the Service (for example, custom prompt instructions or transcript edits).

1.3 Tokens for connected workspace tools

When you choose to connect a third-party workspace tool (Slack, Notion, Jira, Linear, or Asana) we receive an OAuth access token from that provider on your behalf. We store that token and the minimum identifying metadata required to use it (for example, your Slack workspace ID and team name, your Jira cloud ID, your Notion workspace ID and selected parent page).

See section 3 for the precise scopes we request and how we use these tokens.

1.4 Dispatch / audit logs

When you publish a generated artifact to a connected tool (for example, posting an AI-drafted summary to a Slack channel) we record an audit entry containing: timestamp, destination identifier (e.g. channel name), success or failure status, the identifier returned by the destination (e.g. Slack message timestamp, Jira issue key, Notion page URL), and a 200-character preview of the body. The full body is also retained inside your meeting workspace so that you can review or re-send it.

1.5 Usage and device information

  • Device type, operating system version, app version, locale, and time zone.
  • Crash reports and performance traces (Firebase Crashlytics / Performance Monitoring).
  • Aggregated usage events such as "recording started", "dispatch tapped", etc., used to understand which features are in use. These events do not contain meeting content.
  • IP address (recorded transiently by our servers and CDNs for rate-limiting and abuse prevention).

2. How we use information

We use information to:

  • Provide the core Service: capture audio, transcribe it, run AI pipelines that detect tasks and generate artifacts, and let you review and edit those artifacts.
  • Synchronise your meeting workspaces, transcripts, and generated artifacts across your devices.
  • Carry out an action you explicitly approve, such as posting a drafted message to your Slack workspace or filing a drafted ticket in your Jira project.
  • Authenticate you, manage your subscription, and prevent abuse of our infrastructure (rate-limiting, anomaly detection).
  • Improve the Service: investigate crashes, debug specific failures, measure feature usage, and develop new features. Where we use meeting content for debugging we do so only on minimal samples needed to reproduce a problem and we do not share that content with third parties for that purpose.
  • Comply with applicable law.

We do not sell your personal information, and we do not show third-party advertising.

3. Connected workspace tools (OAuth integrations)

The Service can connect to the third-party tools listed below. Each connection is opt-in and per-account: nothing is sent to a tool until you have completed the OAuth flow for that tool, and even then, only when you tap the relevant action (for example, "Post to Slack").

Tokens are stored encrypted at rest in our managed database (Google Firestore) under a path scoped to your account (/users/{your-uid}/integrations/{provider}). Other Minutes.AI users cannot read your tokens. You can revoke any connection at any time from the Settings screen in the app, or from the third-party tool itself; revocation deletes our copy of the token.

ToolScopes we requestWhat we read / write
Slackchat:write, chat:write.publicPost a message to a channel you specify when you tap "Post to Slack". We do not read your Slack message history.
NotionDefault OAuth integration scope (read content, insert content, update content) limited to the pages you explicitly share with Minutes.AI during install.Create new pages or rows under the page or database you selected. We do not access pages you did not share.
Jiraread:jira-work, write:jira-work, offline_accessCreate issues in the projects you choose. We use read:jira-work only to look up project keys and validate the destination at publish time.
LinearwriteCreate issues in the team you choose. Read access is the minimum needed to resolve team identifiers.
AsanadefaultCreate tasks in the project you choose.

For every dispatch action we record an audit entry as described in section 1.4. The body of the artifact we send is the body that you can view and edit in the app before tapping send.

4. Email handling

When the Service drafts an email on your behalf, the draft is opened in the system email composer on your device (Apple Mail, Gmail mobile, Outlook, or whichever email app you have configured as your default). The actual send happens from your own email account, through your own provider; Minutes.AI does not store your email password and does not send email on your behalf from our servers.

5. Audio recordings and transcripts

Audio you capture is uploaded to our backend and processed by one or more speech-to-text providers (see section 7) to produce a transcript. The audio file and the transcript are then stored in your Firebase Storage / Firestore workspace, scoped to your account.

You can delete a meeting (and the underlying audio + transcript + generated artifacts) from inside the app at any time. See section 9 for retention defaults and section 12 for full-account deletion.

6. AI processing and model training

We send transcripts and prompts to large-language-model providers (currently Google Gemini and OpenAI) to generate summaries, decision logs, drafted messages, drafted tickets, and other artifacts. These providers act as our processors under written contracts and are bound to use the data only to return a response to our request, not to train their general models on your content.

We do not use your meeting content to train Sense AI's own models without your explicit, separate consent. Aggregate signals (for example, "detection of task type X failed Y times this week") used for our internal product analytics do not contain personal or meeting content.

7. Service providers and sub-processors

We use the following sub-processors. Each is bound by a written data-processing agreement.

  • Google Cloud / Firebase (Authentication, Firestore, Cloud Storage, Cloud Functions, Crashlytics, Performance Monitoring): primary backend hosting and account database.
  • Railway: hosting for the Sense AI sidecar that runs the agentic pipeline and OAuth callbacks.
  • Google Gemini API: large-language-model inference for the AI pipeline.
  • OpenAI API: large-language-model inference and Whisper-family speech-to-text.
  • Google Cloud Speech-to-Text and Microsoft Azure Speech: automatic speech recognition and speaker diarization for some meetings.
  • LiveKit: real-time audio transport for live meetings.
  • Apple App Store / RevenueCat: subscription billing.
  • SendGrid: outbound transactional email such as account-verification messages and support replies. Not used to relay user-drafted content to third parties (see section 4).
  • Slack, Notion, Atlassian (Jira), Linear, Asana: only when you explicitly connect them (see section 3). These providers receive only the content you publish to them through Minutes.AI; they do not receive your full meeting workspace.

8. How we share information

We disclose information only:

  • To the sub-processors listed in section 7, in the minimum amount required to perform their function.
  • To a connected workspace tool when you tap an action that publishes content to it (section 3).
  • To comply with a legally binding request from a court or other competent authority.
  • In connection with a corporate transaction (merger, acquisition, or asset sale), in which case the acquirer will be required to honour this Policy or to give you an opportunity to opt out before any change in handling.

We do not sell or rent personal information.

9. Data retention

  • Account information is retained for as long as your account is active.
  • Meeting audio, transcripts, and generated artifacts are retained until you delete them or until you delete your account.
  • OAuth tokens are retained until you tap "Disconnect" in Settings, until you revoke the connection from the third-party tool, or until you delete your account.
  • Dispatch / audit logs are retained for at least 12 months for fraud prevention and to let you re-send a published artifact.
  • Crash reports and aggregated usage events are retained for up to 14 months.
  • Backups: residual copies inside our routine backups are overwritten within 35 days.

10. Security

  • Data is encrypted in transit (TLS 1.2 or higher) and at rest by default (Google Cloud / Firebase managed encryption).
  • Access to production data is restricted to a small number of Sense G.K. engineers, gated by SSO and audited.
  • Firestore security rules ensure that a user can only read their own profile and integration records.
  • We rotate OAuth client secrets on a regular schedule and as soon as we suspect any compromise.

No system can guarantee perfect security. If you believe you have found a security issue, please contact us at the address in section 15.

11. International data transfers

Our infrastructure is operated primarily in Google Cloud regions in the United States and Asia-Pacific. By using the Service you acknowledge that your data may be processed outside your country of residence, including in jurisdictions whose data-protection laws may differ from those of your home country. Where required we rely on the Standard Contractual Clauses (or equivalent) with our sub-processors.

12. Your rights and choices

Depending on where you live (for example, the EEA, the United Kingdom, California, or Japan), you have some or all of the following rights with respect to your personal information:

  • Access a copy of the data we hold about you.
  • Correct data that is inaccurate or incomplete.
  • Delete your account and the associated data.
  • Disconnect any connected workspace tool, which deletes our copy of the OAuth token for that tool.
  • Object to or restrict certain processing.
  • Export your meeting content and transcripts in a machine-readable format.
  • Withdraw any consent you previously gave (where processing is based on consent), without affecting the lawfulness of processing carried out before withdrawal.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, use the in-app controls (Settings → Account → Delete account; Settings → Connected tools → Disconnect) or email us at the address in section 15. We respond within 30 days.

13. Children's privacy

The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction, whichever is higher) and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us so we can delete it.

14. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes (such as new categories of shared data) we will give you advance notice in the app or by email before the change takes effect.

Last updated: April 28, 2026.

15. Contact

For privacy questions, requests to exercise the rights in section 12, or security disclosures, contact:

Sense G.K.
Email: info@sense-ai.world

See also our Terms of Use.