Privacy Policy

Account Information

When you create an account, we collect: name, email address, organization name, billing address, payment information (processed by Stripe; we do not store full credit card numbers), phone number (if provided for SMS verification), and IP address at registration.

Meeting & Session Data

• Video & Audio Streams: Real-time media relayed through our RustTURN servers. Streams are encrypted end-to-end and are not stored unless recording is explicitly enabled by the meeting host.
• Recordings: When enabled, meeting recordings are stored encrypted (AES-256-GCM) in your designated storage region.
• Transcriptions & Captions: Generated by AI speech recognition. Stored with your recordings and subject to your data retention settings.
• Chat Messages: In-meeting text chat is stored for the duration of the session and included in meeting records if recording is enabled.
• Metadata: Session duration, participant count, join/leave times, connection quality metrics, AI agent activation logs, and billing events.

AI-Processed Data

• Video Editing: Uploaded source video, AI-extracted clips, viral scores, transcriptions, thumbnails, and rendering outputs.
• AI Agent Outputs: Meeting notes, action items, translations, sentiment analysis results, and fact-check reports.
• Voice Clone Data: Voice samples provided for cloning are stored encrypted and used solely for voice synthesis within your account.
• Avatar Interactions: Conversation logs from AI avatar sessions, including participant responses and engagement metrics.

Calendar & Scheduling Data

When you use scheduling features, we collect: calendar events (synced from Google/Microsoft with your authorization), booking page configurations, invitee names and email addresses, timezone data, and meeting preferences.

Usage & Technical Data

We automatically collect: IP address, browser type, operating system, device information, pages viewed, referral URL, session duration, feature usage patterns, API call logs, and error reports.

We use collected information for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the V100.ai platform, including video conferencing, AI processing, scheduling, and billing.
• AI Processing: To power transcription, translation, content analysis, clip extraction, viral scoring, sentiment analysis, voice cloning, and avatar interactions as requested by you.
• Billing & Invoicing: To calculate usage-based charges, generate invoices, process payments, and prevent billing fraud.
• Security & Fraud Prevention: To detect and prevent unauthorized access, abuse, fraud (including impossible travel detection, credential stuffing, and brute force attacks), and violations of our Terms of Service.
• Communication: To send transactional emails (receipts, meeting invites, booking confirmations, security alerts), and with your consent, product updates and marketing communications.
• Legal Compliance: To comply with legal obligations, respond to lawful requests from public authorities, and enforce our Terms of Service.
• Analytics: To analyze aggregate, de-identified usage patterns to improve the Service. We do not sell personal data.

Given the extensive AI capabilities of V100.ai, we provide specific transparency about AI data handling:

Transcription & Translation

Audio data is processed in real time by our speech recognition pipeline (Whisper + Deepgram). Audio segments are processed in memory and are not persisted beyond the transcription session unless recording is enabled. Transcripts are stored encrypted in your account.

Content Analysis (LLM Processing)

Video content submitted for AI auto-editing is analyzed by large language models (Claude, Gemini) for clip extraction and scoring. Your content is sent to these providers under data processing agreements that prohibit them from using your data for model training, retaining your data beyond the processing session, or sharing your data with third parties.

Sentiment & Mood Analysis

The Mood Tracker AI agent analyzes audio tone, speech patterns, and linguistic cues to estimate participant sentiment. This analysis is algorithmic and probabilistic. Results are stored as metadata within meeting records and are available only to the meeting host and authorized administrators.

Voice Cloning

Voice samples you provide for cloning are stored encrypted and used solely to generate synthetic speech within your account. Voice models are not shared across accounts. You may delete voice clone data at any time, which permanently destroys the model.

Automated Decision-Making

V100.ai uses automated processing for viral scoring, content recommendations, fraud detection, and billing calculations. These automated decisions do not produce legal effects or similarly significant effects on individuals. You may request human review of any automated decision by contacting privacy@appuix.com.

We share your information only in the following circumstances:

• Service Providers: We share data with vetted third-party processors who assist in providing the Service, including cloud infrastructure (AWS), payment processing (Stripe), email delivery (SES), AI processing (under strict DPAs), and analytics. All processors are bound by contractual obligations to protect your data.
• White-Label Hierarchy: If you access V100.ai through a white-label reseller, limited account and usage data is shared with your reseller as necessary for billing and support. Resellers cannot access your meeting content or recordings.
• Calendar Integration Partners: When you enable Google Calendar or Microsoft Outlook sync, calendar event data is shared with the respective provider under their API terms. We access only the minimum data required for scheduling functionality.
• Legal Requirements: We may disclose data when required by law, subpoena, court order, or government request; to protect the rights, property, or safety of Appuix, our users, or the public; or to detect, prevent, or address fraud, security, or technical issues.
• CSAM Reporting: As required by federal law (18 U.S.C. § 2258A), any detected child sexual abuse material is reported to NCMEC along with relevant account and content information.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

We retain your data for the following periods:

You may request early deletion of your data at any time, subject to legal retention obligations. Data deletion requests are processed within 30 days.

We implement comprehensive security measures to protect your data:

• Encryption: AES-256-GCM for all data at rest. TLS 1.3 for all data in transit. End-to-end encryption for media streams.
• Post-Quantum Readiness: Our encryption infrastructure supports post-quantum cryptographic algorithms to protect against future quantum computing threats.
• Infrastructure: SOC 2 Type II audited. Multi-region deployment with automatic failover. Per-tenant encryption key isolation.
• Access Controls: Role-based access control, multi-factor authentication, API key scoping, and least-privilege principles for all internal systems.
• Monitoring: 24/7 infrastructure monitoring, automated threat detection, intrusion detection systems, and real-time alerting.
• Testing: Regular third-party penetration testing, vulnerability scanning, and security code reviews.
• Incident Response: Documented incident response procedures with breach notification within 72 hours as required by GDPR and applicable laws.

For customers who execute a Business Associate Agreement (BAA) with Appuix:

• Protected Health Information (PHI) is processed, stored, and transmitted in compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
• PHI is encrypted at rest (AES-256-GCM) and in transit (TLS 1.3 + E2E media encryption).
• Access to PHI is restricted by role-based access controls with admin, provider, and patient role separation.
• Audit trails for all PHI access are maintained for a minimum of 7 years.
• De-identification procedures follow the Safe Harbor method under 45 CFR § 164.514(b).
• BAAs are available on Growth and Scale plans. Contact compliance@appuix.com to execute a BAA.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request your data in a structured, machine-readable format (JSON or CSV).
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Automated Decision-Making: Right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

Our legal bases for processing under GDPR include: contract performance (Article 6(1)(b)), legitimate interests (Article 6(1)(f)), legal obligation (Article 6(1)(c)), and consent (Article 6(1)(a)).

To exercise any GDPR right, contact our Data Protection Officer at dpo@appuix.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

International Data Transfers: Data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EEA. A Data Processing Agreement (DPA) is available upon request.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Know: Right to know what personal information we collect, use, disclose, and sell.
• Delete: Right to request deletion of your personal information.
• Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Correction: Right to request correction of inaccurate personal information.
• Limit Use of Sensitive Personal Information: Right to limit the use and disclosure of sensitive personal information.

To exercise CCPA/CPRA rights, contact privacy@appuix.com or call our privacy line. We will verify your identity before processing requests. Requests are fulfilled within 45 days.

Categories of personal information collected in the last 12 months: Identifiers (name, email, IP), commercial information (billing records, usage data), internet/electronic activity (logs, feature usage), audio/visual information (recordings, voice clones), and professional/employment information (organization, title).

V100.ai is not directed to children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under these ages.

If we discover that we have collected personal information from a child under the applicable age threshold, we will delete that information immediately and terminate the associated account.

If you believe a child has provided us with personal information, please contact us immediately at privacy@appuix.com.

Educational institutions using V100.ai for students under 18 must comply with the Children's Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), and applicable state student privacy laws. Such use requires a separate agreement addressing student data protection.

V100.ai uses the following types of cookies and similar technologies:

• Essential Cookies: Required for authentication, session management, security, and core platform functionality. Cannot be disabled.
• Functional Cookies: Store preferences such as timezone, language, and layout settings. Can be disabled without affecting core functionality.
• Analytics Cookies: Used to understand how the platform is used, identify performance issues, and improve the Service. We use privacy-respecting analytics and do not share analytics data with advertising networks.

We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site tracking or retargeting programs.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

V100.ai supports data residency controls for customers with geographic data storage requirements:

• Recordings, transcriptions, and media assets can be stored in your selected region (US, EU, APAC).
• Real-time media is relayed through the nearest RustTURN node and is not persisted outside of recordings.
• Metadata and billing records are processed in the United States.
• Data residency controls are available on Growth and Scale plans.

We may update this Privacy Policy from time to time. Material changes will be communicated via email and a prominent notice on the Service at least 30 days prior to taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

For questions, concerns, or requests related to this Privacy Policy or your personal data: