Privacy Policy

The German version is legally controlling.

This Privacy Policy explains which personal data is processed when you use the website, the MinuteTaker app, or related services.

1. Controller

Florian Mielke
Bleicherwiesen 14
31224 Peine
Germany

Privacy contact: [email protected]

2. Scope

This Privacy Policy applies to the website, the MinuteTaker app, the MinuteTaker API, the status page, support requests, newsletters, and feedback channels. Apple processes data for the App Store, in-app purchases, subscriptions, Apple account, and Apple synchronization services according to Apple's own privacy information and terms.

3. Roles In Business Use

If you use MinuteTaker privately or directly as a user, Florian Mielke is generally the controller for the online features described in this Privacy Policy.

If you use MinuteTaker for an organization, employer, customer, or client, that organization may be the controller for meeting and transcript content. Where MinuteTaker processes such content on behalf of that organization through the MinuteTaker API, Florian Mielke may act as processor for that processing. In that case, a DPA or corresponding business terms may be required.

Independently of this, Florian Mielke remains controller for the website, newsletters, general support and business communication, own app analytics, security, abuse prevention, and processing that is not carried out on behalf of an organization.

4. Local App Data And Online Features

MinuteTaker generally stores minutes, people, templates, transcripts, and exports locally on your devices or in Apple services that you use yourself. This local app content is not transmitted to MinuteTaker online services unless you use an online feature.

When you use online features, MinuteTaker transmits the data required for the relevant feature to the responsible services, for example for AI summaries, subscription checks, diagnostics, support, newsletters, or website features.

5. Data Categories

Depending on the feature used, the following data is processed:

  • AI request data such as selected transcript text, known people or speakers, available tags, technical information for assigning tags where applicable, output language, and generated summary
  • usage counters for AI summaries, in particular RevenueCat customer identifier, period, number of used summaries, and timestamps
  • technical data such as IP address, browser, operating system, app version, request ID, logs, crash reports, and diagnostics
  • purchase and subscription data provided by Apple or RevenueCat to unlock features
  • communication data from support requests, newsletter signups, and feedback

6. Purposes And Legal Bases

Data is processed to provide MinuteTaker, unlock paid features, create AI summaries, maintain security, prevent abuse, diagnose errors, communicate with you, and comply with legal obligations.

Depending on the context, processing is based on contract performance (GDPR Art. 6(1)(b)), legitimate interests in secure and reliable operation (GDPR Art. 6(1)(f)), legal obligations (GDPR Art. 6(1)(c)), or your consent (GDPR Art. 6(1)(a)).

7. AI Summaries

When you create an AI summary, MinuteTaker sends the selected transcript text and the required context data to the MinuteTaker API. This may include known people or speakers, available tags, technical information for assigning tags where applicable, the requested output language, a RevenueCat customer identifier, and technical request data.

The MinuteTaker API checks whether you are allowed to use the feature and processes the request with OpenAI. The generated summary is returned to the app.

The MinuteTaker API does not store transcripts, speaker lists, tags, technical information for assigning tags, output language, or generated summaries in its own database. Only a usage counter with customer identifier, period, used summaries, and timestamps is stored.

Backend logs are designed so that transcript text, generated summaries, and OpenAI response content are not captured as log content. Technical logs and diagnostics may, however, contain technical request metadata, status codes, error classes, and timestamps.

API request logging is disabled for the OpenAI API account used. OpenAI states that API data is not used for training unless this is explicitly enabled. OpenAI describes its data controls under Data controls in the OpenAI platform.

8. Website

When you visit the website, technical access data is processed, such as IP address, browser, operating system, referring website, time, and requested URL. This data is used for secure operation, troubleshooting, and statistical analysis. The website and some static content may be delivered through Cloudflare Pages, Cloudflare R2, and the Cloudflare CDN. Help pages may be provided through Help Scout Docs.

The website uses Cloudflare Web Analytics. Cloudflare describes Web Analytics as privacy-first analytics without cookies, local storage, or fingerprinting. More information is available in the Cloudflare Web Analytics information.

9. Website Cookies And Local Website Storage

The website may use technically required cookies, local storage, or comparable technologies. Website analytics with Cloudflare Web Analytics is performed without cookies.

10. App Analytics, Diagnostics, And Support

MinuteTaker may process technical usage data through Amplitude and diagnostics through Sentry to keep the app stable and improve it. Analytics events describe feature usage, device context, and app context, but do not contain minutes content, transcript text, or generated AI summaries as event content.

Diagnostics may contain errors, stack traces, technical app data, device information, and usage paths. They are used for error analysis and do not contain minutes content, transcript text, or generated AI summaries as event content.

When you contact us, your email address and the content of the communication are processed to handle your request.

11. Payments And Subscriptions

Purchases and subscriptions are processed through Apple. Apple and RevenueCat process the information required to manage subscriptions and unlock features. Full payment data such as bank details or credit card numbers is not transmitted to MinuteTaker; Apple processes this data.

12. Newsletter, Support And Feedback

When you sign up for the newsletter, your email address, selected language, signup and confirmation data, and newsletter usage data such as opens and clicks are processed. Newsletter signup uses double opt-in. EmailOctopus and Amazon SES may be used for newsletters.

When you contact us for support or feedback, the contact and content data you provide is processed. Help Scout may be used for these functions.

13. Service Providers And Recipients

Service providers are used for hosting, email, payments, subscription management, analytics, diagnostics, support, newsletters, status page and uptime monitoring, and AI processing. These include in particular:

  • Apple for App Store purchases and subscriptions
  • RevenueCat for subscription management
  • Render for the MinuteTaker API in Frankfurt, Germany
  • OpenAI for AI summaries
  • Cloudflare for website hosting, CDN, API proxy, website analytics, and email infrastructure
  • Amplitude for app analytics
  • Sentry for error diagnostics
  • EmailOctopus for newsletter management
  • Amazon SES for newsletter delivery
  • Help Scout for support and help documentation
  • Better Stack / Better Uptime for status page and uptime monitoring

14. International Transfers

Some service providers process data outside the European Union or allow access from countries outside the European Union. In these cases, the applicable safeguards are used, in particular adequacy decisions, standard contractual clauses, the EU-US Data Privacy Framework, or contractual data protection agreements.

15. Retention

Personal data is stored only as long as required for the relevant purposes or by law. Monthly usage counters for AI summaries are processed for quotas, billing, abuse prevention, and traceability, retained for the current month and the six preceding monthly periods, and then deleted. Usage counters for one-time or ongoing promotional quotas are stored as long as required to administer that quota; upon valid deletion requests, they are deleted unless legal obligations or legal enforcement require retention.

Render currently retains technical backend logs for 7 days. Error diagnostics in Sentry are currently retained for 30 days. Longer retention may apply if required for troubleshooting, security, or legal enforcement.

16. Security

Technical and organizational measures are used to protect personal data. These include in particular HTTPS, access restrictions, filters that remove sensitive request parameters such as transcript text and customer identifiers from technical logs, and limited retention of technical logs and diagnostics.

17. Your Rights

You may request access, correction, deletion, restriction of processing, data portability, and objection. Where processing is based on consent, you may withdraw consent with future effect.

You also have the right to lodge a complaint with a data protection supervisory authority.

18. Changes

This Privacy Policy may be updated when MinuteTaker, service providers, or legal requirements change. The current version is published on this page.