Privacy Policy

Meet2Doc (“we,” “our”) is the data controller for personal data processed through the Meet2Doc platform. This Privacy Policy describes how we collect, use, share, and protect your personal information in compliance with applicable data protection laws.

We are committed to transparency and the protection of your data. This Policy applies to all platform users, including website visitors, registered users, and participants of recorded meetings.

We collect the following categories of personal data:

• Account data: name, email address, and password (stored with cryptographic hash) provided during registration.
• Meeting recordings: audio from meetings recorded through the Recall.ai bot, including the voices of all participants present.
• Transcripts: texts automatically generated from audio recordings.
• Generated documents: .docx files produced by the platform from data extracted from transcripts.
• Templates: document templates uploaded by you for automatic filling.
• Payment data: billing information processed exclusively by Stripe. We do not store credit card data on our servers.
• Usage data and analytics: information about how you use the platform, including pages accessed, features used, IP address, and browser type.

The processing of personal data by Meet2Doc is based on the following legal grounds:

• Contract performance: for the provision of the contracted Service, including recording, transcription, and document generation.
• Consent: for sending marketing communications and optional features.
• Legitimate interest: for Service improvements, platform security, and fraud prevention.
• Legal obligation: to meet legal, regulatory, and tax requirements.

Your personal data is used for the following purposes:

• Creating and managing your platform account.
• Recording meetings and generating automatic transcripts.
• AI data extraction and automatic template filling.
• Processing payments and managing subscriptions.
• Sending Service notifications (e.g., document generation confirmations).
• Continuous improvement of the platform and AI accuracy.
• Fraud prevention and ensuring platform security.
• Compliance with legal and regulatory obligations.

Meet2Doc uses the Google Gemini 2.5 Flash model to analyze transcripts and extract structured data. It is important that you know:

• Data sent to AI: only the transcript text and template placeholder names are sent to the AI model for processing. No personally identifiable user data (email, password, payment data) is sent.
• No training with your data: your data is not used to train, improve, or fine-tune Google's AI models. Processing occurs exclusively to generate the requested result.
• Ephemeral processing: data sent to the Google Gemini API is processed in real time and is not stored on Google's servers after the request is completed.
• Results may contain inaccuracies: as with all AI technology, extracted results may contain errors. We recommend reviewing generated documents before final use.

Meeting recording is performed through an automated bot provided by Recall.ai:

• Joining the meeting: the bot joins the meeting using the link provided by you, identifying itself as “Meet2Doc Bot.”
• Participant notification: it is your responsibility to inform all participants about the recording before the meeting begins. The video conferencing platform also displays a visual notification of the bot's presence.
• Storage: recordings and transcripts are securely stored in Supabase Storage, segregated by user account, with access restricted exclusively to the meeting owner.
• Participant consent: by using the recording feature, you declare that you have obtained the consent of all participants, as required by applicable privacy and data protection laws.

We share personal data with the following sub-processors, strictly for the purpose of providing the Service:

• Supabase (USA): database infrastructure, authentication, and file storage. All data is stored with encryption and row-level security (RLS) policies.
• Stripe (USA): payment processing and subscription management. Stripe is PCI-DSS Level 1 certified.
• Recall.ai (USA): bot service for meeting recording and transcript generation.
• Google / Gemini (USA): natural language processing for data extraction from transcripts.

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be shared when required by law or court order.

We implement technical and organizational measures to protect your data:

• Encryption in transit: all communications are protected by TLS/HTTPS.
• Encryption at rest: data stored in the database and storage is encrypted.
• Row Level Security (RLS): row-level security policies ensure each user can only access their own data.
• Secure authentication: passwords stored with bcrypt hash. Support for email and password authentication.
• Access control: separation of permissions between user operations and administrative operations (service role).
• Incident response: in the event of a security incident involving personal data, affected data subjects and the relevant data protection authority will be notified within the legally required timeframes.

Personal data is retained for the following periods:

• Account data: while the account is active, and for up to 30 (thirty) days after a deletion request.
• Recordings and transcripts: while the account is active. They can be individually deleted by the user at any time.
• Generated documents: while the account is active. They can be individually deleted by the user at any time.
• Payment data: transaction records are kept for the legally required period for tax purposes (5 years).
• Logs and analytics: retained for up to 12 (twelve) months.

Upon account termination, all your personal data, recordings, transcripts, documents, and templates will be permanently deleted within 30 (thirty) days, except for data that must be retained due to legal obligations.

You have the following rights regarding your personal data:

• Confirmation and access: confirm the existence of processing and access your personal data.
• Correction: request the correction of incomplete, inaccurate, or outdated data.
• Anonymization, blocking, or deletion: request the anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data.
• Portability: request the portability of your data to another service provider.
• Deletion: request the deletion of data processed based on consent.
• Sharing information: be informed about the public and private entities with which your data is shared.
• Consent revocation: revoke consent at any time, without affecting prior processing.
• Opposition: oppose data processing when carried out in non-compliance with applicable data protection laws.

To exercise any of these rights, contact us at privacidade@meet2doc.com.br. We will respond within 15 (fifteen) business days.

We use cookies and similar technologies for the operation of the platform:

• Essential (session) cookies: required for authentication, user session maintenance, and security. They cannot be disabled.
• Preference cookies: store user preferences such as language and interface settings.

We do not use third-party tracking cookies for advertising purposes. All information collected through cookies is processed in accordance with this Privacy Policy.

Your personal data may be transferred and processed on servers located in the United States of America through the following providers:

• Supabase: database infrastructure and storage.
• Stripe: payment processing.
• Google (Gemini): natural language processing.
• Recall.ai: meeting recording and transcription.

International transfers are carried out with appropriate safeguards, including:

• Standard contractual clauses with sub-processors.
• Verification that providers adopt data protection practices equivalent to or exceeding those required by applicable data protection laws.
• Technical security measures (encryption, access control) that accompany data regardless of location.

Meet2Doc is not intended for individuals under 18 (eighteen) years of age. We do not intentionally collect personal data from minors.

If we become aware that data from a minor has been inadvertently collected, we will take immediate steps to delete it from our systems.

If you are a legal guardian and believe that a minor under your responsibility has provided personal data to Meet2Doc, please contact us so we can arrange for its deletion.

This Privacy Policy may be updated periodically to reflect changes in our practices or legal requirements.

Significant changes will be communicated by:

• Email sent to the address registered in your account.
• Prominent notice on the platform upon login.
• Update of the “last updated” date at the top of this page.

We recommend that you review this Policy periodically. Continued use of the platform after changes constitutes acceptance of the updated version.

Meet2Doc has appointed a Data Protection Officer (DPO). For questions related to privacy and data protection:

• DPO Email: dpo@meet2doc.com.br
• Privacy Email: privacidade@meet2doc.com.br

If you are not satisfied with our response or the handling of your data, you have the right to file a complaint with the relevant data protection authority in your jurisdiction.