Privacy Policy

1. Introduction

Welcome to Edisyn ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered meeting assistant application and website.

By using Edisyn, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

Contact Information:

Email: support@edisyn.ai

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

Account Information: Email address, name, password (encrypted), profile picture
Authentication Data: OAuth tokens from Google or GitHub if you choose to sign in via these services
Billing Information: Payment details processed securely through Stripe (we do not store full credit card numbers)
Subscription Data: Plan type, billing cycle, usage limits, credit balance

2.2 Meeting and Conversation Data

Audio Recordings: Real-time audio from your meetings (processed transiently, not permanently stored unless you choose to save)
Transcripts: Text transcriptions of your meetings generated by speech recognition
AI Responses: Generated insights, summaries, and responses from our AI models
Session Metadata: Date, time, duration, participant names, meeting context
User Profiles: Custom meeting profiles, background information, preferences

2.3 Technical and Usage Data

Device Information: Browser type, operating system, device identifiers
Usage Analytics: Features used, session duration, interaction patterns
Log Data: IP addresses, access times, error logs, performance data
Cookies: Essential cookies for authentication and session management (see Cookie Policy)

3. How We Use Your Information

We use your information for the following purposes:

Service Provision: To provide, maintain, and improve our AI meeting assistant services
AI Processing: To generate real-time transcriptions, insights, summaries, and responses using AI models
Account Management: To create and manage your user account, authenticate your identity, and process payments
Communication: To send you service updates, security alerts, and support messages
Personalization: To customize your experience based on your preferences and meeting profiles
Security: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues
Compliance: To comply with legal obligations and enforce our Terms of Service
Improvement: To analyze usage patterns and improve our product features

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored securely using Supabase (PostgreSQL database) with industry-standard encryption:

Encryption at Rest: All data is encrypted using AES-256 encryption
Encryption in Transit: All communications use TLS/SSL encryption
Database Security: Row-level security (RLS) policies ensure users can only access their own data
Geographic Location: Data is stored in secure data centers (AWS US East)

4.2 Data Retention

Active Accounts: Data retained while your account is active
Account Deletion: Upon request, all personal data deleted within 30 days
Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., billing records for tax purposes)
Backups: Backup copies deleted within 90 days of account deletion

4.3 Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Automated backup systems
Incident response procedures

Note: While we use industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

5.1 Third-Party Services

We share your information with the following third-party service providers:

Supabase: Database and authentication infrastructure
AI Model Providers: OpenRouter, DeepSeek, Google Gemini for AI processing (data is processed transiently and not stored by these providers)
Stripe: Payment processing (governed by Stripe's privacy policy)
Deepgram: Speech recognition and transcription services

These service providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

5.2 No Selling of Data

We DO NOT sell, rent, or trade your personal information to third parties for marketing purposes.

5.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights, property, or safety
Prevent fraud or abuse
Protect the security of our services

6. Your Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Restrict Processing: Request limitation of data processing
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to data processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at support@edisyn.ai. We will respond within 30 days.

6.1 How to Delete Your Data

You can delete your account and all associated data by:

1. Going to Settings → Account in the meeting assistant app

2. Clicking "Request Data Deletion"

3. Confirming the deletion request

Note: Deletion is permanent and cannot be undone. All meetings, transcripts, and AI responses will be permanently deleted.

7. Cookies and Tracking Technologies

We use essential cookies to provide our services. For detailed information about cookies, please see our Cookie Policy.

Essential Cookies: Required for authentication, session management, and security

Consent: We obtain your consent before setting non-essential cookies

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws, including GDPR, through:

Standard Contractual Clauses (SCCs) with third-party processors
Adequacy decisions by the European Commission
Appropriate safeguards as required by law

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at support@edisyn.ai.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification to your registered email address
Displaying a prominent notice in the application

Your continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (note: we do not sell your data)
Right to non-discrimination for exercising your rights

To exercise these rights, contact us at support@edisyn.ai.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: