SA

Surfnote AI Privacy Policy

Last updated: 22 Feb 2026

We build Surfnote AI so your meetings stay productive and secure. This policy explains what data we process, how we protect it, and how to exercise your rights.

Who we are

Surfnote AI records, transcribes, and summarizes meetings for users via Zoom, Google Meet, and Telegram delivery channels. We act as a processor and handle data on behalf of meeting organizers.

Contact us anytime: support@salesaibootcamp.ink

What we collect

  • Meeting metadata such as meeting ID, organizer email, participant names, and calendar titles.
  • Google Calendar events (read-only access) to identify meeting links and join times.
  • Google Meet conferencing links to join meetings on your behalf.
  • Transcribed text of meeting audio (no raw audio is stored).
  • Summarized meeting notes, action items, and highlights generated by Surfnote AI.
  • Delivery identifiers (email, Telegram username) that you supply for sending summaries.

How we use the data

  • Deliver meeting transcription, summarization, and reminders through Telegram.
  • Notify you when the bot joins or leaves Zoom / Google Meet rooms.
  • Maintain service reliability, investigate incidents, and improve the product.

Data retention

  • Raw audio: never stored (deleted immediately after transcription completes).
  • Transcripts and summaries: retained for 30 days, then permanently deleted.
  • Users may request earlier deletion at any time via support@salesaibootcamp.ink.

Legal basis & roles

  • Meeting organizers are data controllers and must obtain consent from participants.
  • Surfnote AI acts as a data processor, handling data only under explicit user instructions.
  • Processing takes place to fulfill the contract of providing meeting summaries.

Subprocessors

We rely on trusted vendors who meet our security requirements. These third parties process data solely to help us provide our services:

  • Google Cloud (Kazakhstan region) — infrastructure hosting, database storage, and encryption at rest. Used to store meeting metadata and transcripts securely.
  • OpenAI — AI-powered text summarization and processing. Used to generate meeting summaries and extract action items from transcripts.
  • PostMessenger — message delivery service. Used to send meeting summaries and notifications to Telegram channels.

Google user data & third-party disclosure

When you use Surfnote AI with Google Meet or Google Calendar integration, we access limited Google user data solely to provide the meeting recording and transcription services you have requested.

  • We access your Google Calendar events (read-only) to identify upcoming meetings with conferencing links and automatically join them.
  • We access Google Meet conferencing links to join meetings as a participant and record audio for transcription.
  • We do not transfer or disclose your Google user data to third parties for purposes other than those explicitly stated in this privacy policy.
  • Google user data is processed only to deliver meeting transcription, summarization, and delivery of meeting notes to your specified channels.
  • We do not use Google user data for advertising, marketing, or any purposes unrelated to the core functionality of Surfnote AI.
  • All Google user data is subject to the same security measures, retention policies, and data subject rights described in this policy.

Google API Services Limited Use disclosure

Surfnote AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only use Google user data to provide or improve user-facing features that are prominent in Surfnote AI's user interface.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless we have obtained your affirmative agreement, it is necessary for security purposes, or to comply with applicable law.
  • We do not transfer Google user data to others unless necessary to provide or improve user-facing features, for security purposes, to comply with applicable law, or as part of a merger or acquisition (with prior notice).

Security measures

  • TLS encryption for all data in transit.
  • Google Cloud encryption at rest for databases and storage.
  • Access restricted to vetted personnel with multi-factor authentication.
  • Regular vulnerability scanning, patching, and incident response drills.

Your rights

Contact support@salesaibootcamp.ink to request:

  • Access to personal data processed via Surfnote AI.
  • Correction of inaccurate information.
  • Deletion of transcripts, summaries, or identifiers.