Is my audio ever uploaded to the cloud?

No, your audio never leaves your device. Meetly uses OpenAI's Whisper model directly on your iPhone for transcription. Only text transcriptions are sent to OpenAI when you enable AI summaries.

How does Meetly process data?

All processing happens on your device using OpenAI's Whisper model. We don't operate any servers, so nothing is collected or stored by us. Your data stays private and secure.

Is Meetly GDPR and HIPAA compliant?

Yes, Meetly is designed to be GDPR and HIPAA compliant. With on-device processing and no cloud storage of audio, you maintain complete control over your data.

Meetly Privacy Policy | On-Device Data Protection for Voice AI Recorder

Privacy-First Design

Your audio never leaves your phone. Meetly uses OpenAI's Whisper model directly on your device to create transcripts. We don't operate any Meetly servers, so nothing is collected or stored by us. Our vision is to build fully private AI.

What Data Do We Collect?

📱 On Your Device Only

• Audio recordings and transcriptions
• Generated summaries and notes
• App settings and preferences
• All data stays on your iPhone
• Meetly has no servers and collects nothing from you

☁️ Optional Cloud Features

• Transcript text sent directly to OpenAI (for AI summaries only)
• No audio files are ever sent to the cloud
• Used only when you enable AI summaries
• Bring your own OpenAI key or use Meetly Pro
• Automatically deleted within 30 days

AI Summaries & OpenAI

When you enable AI summaries, only the text transcription is sent directly to OpenAI's API to generate summaries. Here's what happens:

• Audio never leaves your device - only text transcriptions are processed
• 30-day deletion - All logs are automatically deleted within 30 days
• No training data - Your data is never used to train OpenAI models
• Encrypted transmission - All data is encrypted in transit
• Bring your own key - Use your own OpenAI API key or Meetly Pro ($2.99/month). Transcripts go straight to OpenAI.

Data Security

🔐 Device Security

• Local iOS encryption
• App sandbox protection
• No device-to-device sharing

🛡️ Cloud Security

• HTTPS encryption
• No permanent storage
• Auto-deletion policies

Compliance & Legal

GDPR & HIPAA Compliance

• GDPR Compliant - Full data control and right to deletion
• HIPAA Ready - Suitable for healthcare professionals with on-device processing
• Data Minimization - We collect only what's necessary
• Transparency - Clear information about data processing
• User Rights - Complete control over your data

Your Rights

• Complete control - All data is stored on your device under your control
• Delete anytime - Remove the app to delete all data
• Opt-out - Choose which features to enable
• Transparency - Full visibility into data processing

Addendum: Dictate MCP & Cloud Sync (Optional Feature)

Zero-Knowledge Architecture

The optional Dictate MCP cloud sync service is designed so that Meetly servers never see your plaintext data. Encryption and decryption happen exclusively on your devices.

What syncs and where

When you opt in to cloud sync for a folder, encrypted ciphertext blobs are uploaded to meetly-dictate-mcp.meetly-dictate.workers.dev (Cloudflare R2 storage). The service operates as a pass-through: it stores only opaque, encrypted blobs and the public keys of your paired devices. It never holds your master key, plaintext audio, or plaintext transcripts.

• Sync is per-folder and opt-in — folders not enabled for sync are never uploaded.
• Audio files are never included in sync payloads; only transcript text and metadata are synced.

Encryption details

• AES-256-GCM — every blob is encrypted with a unique 256-bit key derived from your user-controlled master key (MK).
• User-controlled master key — the MK is generated on your device, stored in the iOS Keychain, and never transmitted to Meetly servers.
• Device public keys — the server stores only the public half of each paired device's key pair; the private key never leaves the device.
• Server-side view — the server holds ciphertext blobs, device public keys, and pairing token hashes only. It cannot decrypt your data.

Pairing tokens

To connect an AI agent (e.g., ChatGPT, Claude Code, Cursor) you generate a pairing token inside the iOS app. Tokens are:

• Generated entirely on your device and shared only by you.
• Revocable at any time from the iOS app Settings → Connected Agents.
• Short-lived by default; you can also set a custom expiry.

What happens on revoke / “Reset sync identity”

• Revoking a token immediately invalidates it on the server — the connected agent loses access.
• “Reset sync identity” wipes your master key from the iOS Keychain and deletes your device's key pair.
• Any R2 blobs previously uploaded become permanently unreadable — they remain as orphaned ciphertext that nobody, including Meetly, can decrypt.
• After a reset you can generate a fresh identity and re-sync from scratch.

Questions?

If you have any questions about this privacy policy or how we handle your data, please don't hesitate to reach out:

contact.meetlyai@gmail.com