Privacy Policy

Effective Date: February 3, 2026 · Version 1.0

Introduction

Grafite ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our meeting notes application and related services (the "Service").

By using Grafite, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (from your Google account)
  • Profile picture (from your Google account)
  • Authentication tokens for connected services

Meeting and Audio Data

When you use our recording features, we collect:

  • Audio recordings of your meetings (when you choose to record)
  • Transcriptions generated from your audio recordings
  • AI-generated summaries and notes from your meetings
  • Meeting metadata (title, date, duration, participants)

Calendar Data

If you connect your Google Calendar, we access:

  • Calendar event details (title, time, location, attendees)
  • Meeting links and conference information

Usage Information

We automatically collect:

  • Device and browser information
  • IP address and approximate location
  • App usage patterns and feature interactions

How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process and transcribe your audio recordings
  • Generate AI-powered meeting summaries and notes
  • Sync with your calendar to display upcoming meetings
  • Improve and personalize your experience
  • Communicate with you about updates and support
  • Ensure security and prevent fraud

AI Processing & Data Protection

This is important: Grafite uses third-party AI services (including Groq for transcription and Google Gemini for summarization) to process your data. We want you to understand exactly how this works:

Enterprise AI Agreements

We have enterprise license agreements in place with all our AI providers that explicitly prohibit the use of your data for training their AI models. This means:

  • Your recordings are NOT used to train AI models
  • Your transcripts are NOT used to train AI models
  • Your meeting content remains YOUR private data
  • AI providers process your data solely to provide the service and then discard it

How AI Processing Works

  1. Transcription: Audio is sent to Groq's Whisper API, transcribed, and immediately discarded by Groq
  2. Summarization: Transcripts are sent to Google Gemini for summary generation under enterprise terms
  3. Storage: Only the resulting transcripts and summaries are stored in your Grafite account

Your Control

You can delete any recording, transcript, or summary at any time. Deletion is permanent and removes the data from our systems.

Data Storage & Security

Where Your Data Is Stored

Your data is stored securely using Supabase (built on PostgreSQL) with servers located in the United States. Audio files are stored in encrypted cloud storage.

Security Measures

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • OAuth 2.0 with PKCE for secure authentication
  • Row-level security ensuring users can only access their own data
  • Regular security audits and monitoring
  • Token encryption for connected services (Google Calendar)

Data Sharing

We do NOT sell your personal information. We share data only with:

  • AI Service Providers: Groq and Google Gemini for transcription and summarization (under enterprise agreements)
  • Infrastructure Providers: Supabase for database, Vercel for hosting
  • Legal Requirements: When required by law or to protect our rights

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing

To exercise these rights, contact us at privacy@grafite.io.

Data Retention

We retain your data for as long as your account is active. You can delete individual notes, recordings, and transcripts at any time. If you delete your account, all associated data will be permanently removed within 30 days.

Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Our analytics are privacy-focused and anonymized.

Children's Privacy

Grafite is not intended for children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

International Data Transfers

If you are accessing Grafite from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States. By using our Service, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Effective Date" at the top and, for significant changes, by email or in-app notification. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@grafite.io
Website: https://grafite.io

Back to Home