JOTEASE← Home
Legal

Privacy Policy

Last updated: 17 May 2026

Jotease ("Jotease," "we," "our," "us") is operated by [LEGAL_ENTITY], registered at [REGISTERED_ADDRESS]. This Privacy Policy explains how we collect, use and disclose information from people who use our website, application and meeting-recording services (the "Services").

By using the Services you agree to the practices described here. If you do not agree, please do not use the Services. This policy is written to comply with the UK GDPR, EU GDPR and the California Consumer Privacy Act (CCPA / CPRA).

Jotease is the data controller for your account data. When you use the Services on behalf of an organisation (for example, a workspace administered by your employer), that organisation is the controller of your meeting content and we act as their data processor.

1. Information we collect

A. Information you give us

  • Account / Registration data: name, email address, hashed password.
  • Communications: if you email support or fill in a form, we receive the content of your message and any attachments. If you subscribe to product updates we receive your email address.
  • Meeting Content: when you ask Jotease to join a Zoom, Google Meet or Microsoft Teams call we receive the meeting URL, video, audio, speaker-attributed transcript, and the names / display labels of other participants. We also receive any tags, ratings or notes you add.
  • Payment data: if you subscribe to a paid plan, Stripe processes your card. Jotease never sees your full card number — only the last four digits, card brand and billing country.

B. Information collected automatically

  • Device & log data: IP address, browser type, operating system, and request timestamps.
  • Usage data: pages viewed, features used, errors encountered. We use this to operate the Services and to enforce rate limits.
  • Cookies: we use a single first-party cookie / browser localStorage entry to keep you signed in (JWT auth token). We do not use third-party advertising cookies or web-tracking pixels.

C. Information from third parties

  • Other meeting participants: when another Jotease user invites the bot to a meeting you attend, we receive your name as it appears in the meeting and the spoken content captured during the call.
  • Stripe sends us payment confirmations and subscription status.

2. How we use information

  • Operate, maintain and improve the Services.
  • Generate AI summaries, action items, decisions and highlights from your meeting transcripts.
  • Authenticate you, verify your email address, and send password-reset links.
  • Take payments and manage your subscription.
  • Respond to support requests and send essential service emails.
  • Detect, prevent and respond to fraud, abuse and security incidents.
  • Comply with legal, tax and accounting obligations.

We do not train AI models on your data. Your transcripts and recordings are sent to Anthropic (Claude) only to generate the summary you requested, and Anthropic's API terms forbid using API content for model training.

We do not sell your personal information. We do not share it with third-party advertisers, ad networks or data brokers.

3. Legal basis (UK / EU users)

  • Contractual necessity — to provide the Services you signed up for.
  • Consent — to record meetings (you tick a consent box before each recording), and for any optional marketing email.
  • Legitimate interests — securing the platform, preventing fraud, and improving the Services. We balance these against your rights and never override them.
  • Legal obligation — tax records, lawful requests from authorities.

4. Sub-processors we use

We only share personal data with vendors strictly needed to deliver the Services. Each is bound by a data-processing agreement.

Recall.ai (eu-central-1) ↗
Dispatches the meeting bot; stores video & transcript on AWS S3 with server-side encryption.
Anthropic (Claude) ↗
Generates AI summaries, action items and answers. API content is not used to train models.
Stripe ↗
Processes subscription payments. We never store card numbers.
Resend ↗
Sends transactional email (verification, password reset).
Sentry ↗
Captures application errors so we can fix bugs. PII is redacted before transmission.
MongoDB Atlas ↗
Encrypted database storage for your account and meeting metadata.

5. Disclosures to third parties

  • Other meeting participants: if you share a meeting recording from your dashboard, the recipient will see the title, summary and (if you share it) the recording.
  • Legal requests: we may disclose information if compelled by a valid court order, subpoena or law-enforcement request, or to protect the rights, property or safety of Jotease, our users or the public.
  • Corporate transactions: if Jotease is acquired or merges with another company, your information may be transferred to the successor entity, subject to this policy.
  • With your consent — for any other purpose you explicitly authorise.

6. Recording consent

Before each meeting you must affirmatively tick a consent box confirming that you have the legal right to record the call and that you will inform the other participants. Some jurisdictions (for example, California, Florida, Washington, Germany) require all-party consent. You are responsible for complying with the recording laws of your jurisdiction and for notifying attendees that the meeting is being recorded.

The Jotease bot joins meetings under a clearly identifiable display name (e.g. "Jotease Notetaker") so that other attendees can see a recording is in progress.

7. Data retention

We retain your account and meeting data for as long as your account is active, or for as long as needed to provide the Services. You can delete individual meetings at any time from your dashboard. When you delete a meeting, the associated recording, transcript and AI summary are permanently removed within 30 days.

We may retain some information longer if required by law (for example, accounting records for tax purposes), but in that case we will minimise and where possible pseudonymise the data.

8. Your rights

Depending on where you live, you may have the following rights. Jotease honours all of them globally, not just where the law requires.

  • Access & portability: Settings → Export my data returns a complete JSON dump of your account, meetings and transcripts.
  • Erasure: Settings → Delete account permanently removes your user record, all meetings, transcripts and password-reset tokens. The action is irreversible.
  • Rectification: email us to correct any data you cannot edit yourself.
  • Restriction & objection: you can ask us to pause processing of your data while a dispute is resolved.
  • Withdraw consent: you can withdraw consent for optional processing (e.g. marketing email) at any time without affecting prior lawful processing.
  • Lodge a complaint: UK / EU residents can complain to their local data-protection authority — for the UK that is the ICO (ico.org.uk).
  • California residents (CCPA / CPRA): the rights above plus the right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information.

To exercise any right not available in-product, email privacy@jotease.com. We respond within 30 days.

9. International data transfers

Meeting recordings and transcripts are stored by Recall.ai in the EU (eu-central-1, Frankfurt). Account metadata is stored in MongoDB Atlas. AI processing by Anthropic and error reporting by Sentry may involve transfers to the United States. Where we transfer data outside the UK / EEA we rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

10. Security

All traffic is encrypted with TLS 1.2+. Passwords are hashed with bcrypt. Auth tokens are JWTs (HS256) with a 7-day expiry. Recall.ai stores recordings on AWS S3 with server-side encryption (SSE-S3, AES-256) and serves them only via short-lived pre-signed URLs (6-hour expiry, rotated on every page load). We rate-limit authentication endpoints to deter brute-force attacks and monitor for anomalies via Sentry.

No system is perfectly secure. If we discover a breach affecting your personal data we will notify you and the relevant authority without undue delay, in accordance with Article 33-34 of the UK / EU GDPR.

11. Children's privacy

Jotease is not intended for anyone under 18 and we do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, email privacy@jotease.com and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email and / or an in-app notice. The "Last updated" date at the top of the page always reflects the most recent revision. Continued use of the Services after a change means you accept the revised policy.

13. Contact us

Privacy questions, data-subject requests and complaints:
privacy@jotease.com

[LEGAL_ENTITY] · [REGISTERED_ADDRESS]