Privacy Policy

Last updated: April 2026

Overview

Note Genie AI is operated by Houston IT Developers LLC ("we", "us", "our"). We take your privacy seriously. This policy explains what data we collect, how we process and store it, the third-party services we use, and your rights regarding your personal information.

Data We Collect

Account information: your name and email address when you sign up via Firebase Authentication (email/password, Google, or Apple sign-in). Audio recordings: voice notes, meetings, and lectures you record or upload through the app. Transcripts and summaries: text generated from your recordings by our AI processing pipeline. Usage and analytics data: feature usage, session duration, and in-app events collected through PostHog analytics. Subscription data: your plan tier and billing status managed through RevenueCat. Device information: device type, operating system version, and app version for crash reporting and compatibility. We do not collect your location, contacts, browsing history, or any sensitive personal information beyond what is listed above.

How Your Data Is Processed

When you create a recording, the audio file is uploaded to Cloudflare R2 object storage. The audio is then sent to Deepgram for speech-to-text transcription. The resulting transcript is sent to OpenAI for summarization, key point extraction, and action item generation. The generated text is stored in our PostgreSQL database hosted on Railway. All processing is performed solely to provide the Note Genie AI service to you. We do not use your recordings, transcripts, or summaries to train any AI models.

Data Storage and Security

Audio files are stored in Cloudflare R2 with server-side encryption. Metadata, transcripts, and summaries are stored in a PostgreSQL database on Railway. All data is transmitted over HTTPS/TLS. Access to production systems is restricted to authorized personnel only. We retain backups for disaster recovery purposes.

Third-Party Services

We use the following third-party services to operate Note Genie AI: Firebase Authentication for user sign-in and account management. Anthropic, OpenAI, Deepgram, and Google for AI-powered transcription, summarization, and analysis of your recordings and transcripts. Cloudflare R2 for secure audio file storage. Railway for database hosting and API infrastructure. RevenueCat for subscription and billing management through the App Store and Google Play. PostHog for privacy-friendly product analytics. Apple Push Notification Service and Firebase Cloud Messaging for push notifications. Each of these services processes only the minimum data necessary to provide its function and is bound by its own privacy policy and data processing agreements. We require all third-party service providers to maintain security and data protection standards equivalent to our own and to comply with applicable data protection regulations. Your personal data is never sold to or shared with third parties for their own marketing or advertising purposes.

Data Retention

We retain your data for as long as your account is active. You can delete individual recordings, transcripts, and summaries at any time from within the app. When you delete a recording, the associated audio file, transcript, and summary are permanently removed within 30 days. If you delete your account, all your personal data including recordings, transcripts, and account information is deleted within 30 days. You can request account deletion at any time by emailing support@notegenie.org.

Your Rights

You have the right to: access all personal data we hold about you, correct inaccurate personal data, delete your personal data and account, export your recordings and transcripts, and withdraw consent for data processing. You can exercise most of these rights directly within the app. For any requests you cannot complete in-app, contact us at support@notegenie.org. If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR). If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). We do not sell your personal information to any third party.

Children's Privacy

Note Genie AI is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at support@notegenie.org.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the service after changes constitutes acceptance of the updated policy.

Zoom Realtime Media Streams (RTMS)

When you connect your Zoom account to Note Genie via the Note Genie RTMS Marketplace app, we receive realtime audio data from your Zoom meetings via Zoom's official Realtime Media Streams API. This data is governed by the terms below.

What we collect

  • The mixed audio stream from Zoom meetings you host or join after explicitly authorizing Note Genie via OAuth
  • Meeting metadata: meeting UUID, topic, start time, duration, and participant Zoom user IDs (for speaker diarization)
  • Your Zoom account email and Zoom user ID (for routing events to the correct Note Genie user)

What we do NOT collect

  • Video streams (we receive audio only)
  • Screen share content
  • In-meeting chat messages
  • Recordings of meetings you join as a guest without explicitly authorizing the app
  • Data from meetings outside of when Note Genie RTMS is actively connected

How we use it

  • Audio is transcribed by Deepgram into a text transcript with speaker labels and timestamps
  • The transcript is summarized by OpenAI into a structured set of key points, decisions, action items, and next steps
  • Both the original audio file and the transcript are stored encrypted at rest in Cloudflare R2 (US region) with strict access controls
  • You can view, search, share, and download your meetings at notegenie.org/library

How long we keep it

  • Audio recordings are retained as long as your Note Genie account is active
  • You can delete any individual recording at any time from your library
  • Account deletion permanently deletes all your recordings and associated transcripts within 30 days

Who has access

  • You and any user you explicitly share a recording with via Note Genie's sharing features
  • Note Genie staff (only for the limited purpose of providing support, with audit logging)
  • Deepgram (for transcription only — does not retain audio after processing per its data processing addendum)
  • OpenAI (for summarization only — does not use API data for training per its enterprise terms)
  • Cloudflare R2 (for encrypted storage at rest only)

Your rights

  • Disconnect Zoom RTMS at any time from notegenie.org/integrations — this immediately revokes our access tokens and stops any future data collection
  • Request a full data export at any time from notegenie.org/settings or by emailing support@notegenie.org
  • Request permanent deletion of all your data at any time
  • GDPR and CCPA rights are fully honored

Encryption and security

  • OAuth tokens are encrypted with AES-256-GCM at rest in our PostgreSQL database
  • Audio data is transmitted over TLS 1.2+ between Zoom, our backend, and Cloudflare R2
  • Recordings stored at rest are encrypted by Cloudflare R2's default at-rest encryption (AES-256)
  • We follow OWASP secure development practices and will notify users of any security incident within 72 hours of discovery, in accordance with GDPR Article 33

For questions about how Note Genie handles your Zoom data, contact support@notegenie.org.

Contact Us

If you have questions about this privacy policy or our data practices, contact us at: support@notegenie.org. Houston IT Developers LLC, Houston, TX.