Notemesh

Privacy Policy

Effective date: April 2, 2026

1. Introduction

Notemesh, operated by ResponseIQ ("we", "our", "us"), is an AI-powered meeting assistant that records, transcribes, and analyzes your Zoom meetings. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at notemesh.dev and app.notemesh.dev.

By creating an account or using Notemesh, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Your name and email address, provided via Google OAuth, Zoom OAuth, or email/password registration
  • Your profile picture, if provided through Google or Zoom
  • Your authentication tokens (encrypted), used to access connected services on your behalf

2.2 Meeting Recordings & Transcripts

When you use Notemesh to record meetings, we capture and store:

  • Video and audio recordings of your Zoom meetings
  • AI-generated transcripts with speaker diarization (who said what)
  • AI-generated summaries, action items, to-do lists, key decisions, and follow-up email drafts
  • Speaker analytics including talk time and participation metrics
  • Sentiment analysis of meeting tone

2.3 Zoom Integration Data

If you connect your Zoom account, we access:

  • Zoom profile information: your Zoom email address, display name, and account plan type (Free, Pro, or Business)
  • Meeting participant lists: names of people who attended your recorded meetings, used to automatically label speakers in transcripts
  • Meeting metadata: meeting IDs, start times, and duration

We store your Zoom OAuth access and refresh tokens using AES-256-GCM encryption. We do not access your Zoom chat messages, files, or any meetings you have not explicitly recorded with Notemesh. You can disconnect your Zoom account at any time from Settings → Integrations in the app.

2.4 Google Calendar & Drive Access

With your consent, we access:

  • Google Calendar (read-only): to detect upcoming meetings with Zoom links and automatically dispatch the recording bot
  • Google Calendar attendees: names and email addresses of meeting participants, used to identify speakers in transcripts
  • Google Drive (file creation): to archive meeting recordings and transcripts as permanent copies in your Google Drive

We do not modify, delete, or read any existing files in your Google Drive or calendar events.

2.5 Usage Data

We collect basic usage information such as pages visited, features used, login timestamps, and error logs to improve the service and diagnose issues.

3. How We Use Your Information

We use the information we collect to:

  • Record, transcribe, and analyze your meetings using AI
  • Generate summaries, action items, to-do lists, key decisions, and follow-up email drafts
  • Identify and label speakers in transcripts using Zoom participant data and calendar attendees
  • Build searchable knowledge bases from your meeting history
  • Send you notifications about meeting processing status, reminders, and weekly digests
  • Provide customer support and respond to your inquiries
  • Improve our AI models and service quality

4. Third-Party Services

We use the following third-party services to process your data. Each processes only the minimum data required for its function:

  • OpenAI: AI-powered meeting analysis (summaries, action items, decisions, sentiment) and text embeddings for knowledge base search. Transcript content is sent to OpenAI’s API for processing.
  • Deepgram: speech-to-text transcription with speaker diarization. Meeting audio is sent to Deepgram for conversion to text.
  • AWS S3: secure cloud storage for meeting video and audio recordings, with a default 1-year retention policy.
  • Zoom: OAuth authentication and meeting participant data retrieval via the Zoom REST API.
  • Google APIs: OAuth authentication, calendar event retrieval, and Google Drive file archival.
  • Resend: transactional email delivery for follow-up emails, processing notifications, and weekly digests.

Each third-party service processes data according to their own privacy policies. We encourage you to review them.

5. Data Storage & Retention

  • Meeting recordings (video/audio): stored in AWS S3 with AES-256 encryption. Automatically deleted after 365 days.
  • Transcripts & AI outputs: stored in our PostgreSQL database for as long as your account is active.
  • Google Drive copies: permanently stored in your personal Google Drive, managed entirely by you.
  • OAuth tokens (Zoom, Google): encrypted with AES-256-GCM and stored in our database. Deleted immediately when you disconnect the integration.
  • Account data: retained until you delete your account. Upon deletion, all associated data is removed within 30 days.

6. Data Security

We protect your data using industry-standard security measures:

  • AES-256-GCM encryption for all stored OAuth tokens (Google and Zoom)
  • HTTPS/TLS encryption for all data in transit
  • Secure, httpOnly session cookies with Redis-backed server-side sessions
  • Bcrypt password hashing (12 rounds) for email/password accounts
  • Database access restricted to application-level connections only
  • Regular security reviews of third-party integrations

7. Cookies

We use a single session cookie (notemesh_sid) to maintain your login session. This cookie is httpOnly, uses the Lax SameSite attribute, and has a 30-day expiry. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Your Rights

Regardless of where you are located, you have the right to:

  • Access your personal data — view all data associated with your account through the app
  • Delete your account and all associated data — request deletion via Settings or by contacting us
  • Export your meeting transcripts, summaries, and AI outputs as downloadable files
  • Disconnect Google Calendar, Google Drive, and Zoom integrations at any time from Settings
  • Rectify inaccurate personal data — update your name and profile information in Settings
  • Object to processing — opt out of AI processing for future meetings
  • Data portability — request a machine-readable export of your data

GDPR (European Economic Area)

If you are in the EEA, our legal basis for processing your data is: (a) your consent when you create an account and connect integrations, (b) performance of a contract (providing the Notemesh service), and (c) our legitimate interests in improving the service. You may withdraw consent at any time by disconnecting integrations or deleting your account.

CCPA (California)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at support@notemesh.ai.

9. Children’s Privacy

Notemesh is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through an in-app announcement. The "Effective date" at the top of this page indicates when the policy was last revised.

11. Contact Us

For privacy-related questions, data access requests, or concerns, contact us at: