Privacy Policy for Conference AI

Effective Date: 6/1/25
Last Updated: 6/1/25

Privacy commitment and key protections

Conference AI (operated by PauPau LLC DBA Conference AI) is committed to protecting your privacy while delivering AI-powered conference transcription and analysis services. We do not use your data to train public AI models and implement enterprise-grade security measures including end-to-end encryption and strict data retention limits. Your audio recordings and transcripts are processed solely to provide our services, with automatic deletion within 30 days of contract termination, whichever comes first.

For Event Organizers: You contract directly with us to provide transcription services for your conferences and events. This policy explains our data practices, your responsibilities regarding attendee consent, and how we work together to protect participant privacy.

For Conference Attendees: When you participate in events that use our transcription services, your voice and related information may be processed through our AI platform. The event organizer has engaged us to provide these services, and this policy explains how we protect your information and your rights regarding its use.

This policy explains how we collect, use, and protect personal information in both scenarios, including our use of advanced AI models from trusted providers like Anthropic and OpenAI. We serve users globally and comply with major privacy regulations including GDPR, CCPA, UK Data Protection Act, and other applicable privacy laws.

Company information and contact details

Data Controller:
PauPau LLC DBA Conference AI
2200 Wilson Blvd 137 Ste 102, Arlington, VA, 22201 ​
Email: hello@conferenceai.ai
Website: www.conferenceai.ai

Data Protection Officer:
Email: hello@conferenceai.ai

For privacy-related questions or to exercise your rights, contact us using the information above. We respond to all privacy inquiries within 72 hours and fulfill data subject requests within legally required timeframes.

What personal information we collect

We collect personal information necessary to provide our AI-powered conference transcription and analysis services. The information we collect depends on your relationship with our service:

Information from Event Organizers (Our Direct Clients):

• Organization and contact details for service agreements

• Technical integration settings and API access credentials

• Billing and payment information

• Event scheduling and configuration data

• Administrative user accounts and access controls

Information about Conference Attendees (Collected via Event Organizers): We process attendee information that event organizers share with us through their existing event platforms and integrations:

Audio and Visual Data:

• Audio recordings from conferences, meetings, and events

• Video recordings when video transcription services are requested

• Screen sharing content and presentation materials

• Real-time audio streams during live transcription

Participant Information:

• Names and titles of conference participants (typically provided by event organizers)

• Email addresses for service delivery (when shared by event organizers)

• Company names and professional affiliations

• Participant roles and speaking segments

Service Data:

• Meeting metadata (duration, participant count, scheduling information)

• Transcription accuracy preferences and customization settings

• User interaction data with transcripts and analysis features

• Technical logs necessary for service delivery and troubleshooting

How We Collect This Information:

• Direct provision by event organizers through service agreements and platform integrations

• Automated collection during live transcription and recording processing

• Integration data from event organizers' existing conference and event management platforms

• Real-time processing during live conferences and meetings

Important for Attendees: The event organizer you're participating with has engaged us to provide transcription services. They are responsible for informing you about our involvement and ensuring appropriate consent for recording and transcription. If you have questions about data collection at a specific event, please contact the event organizer directly.

How we use artificial intelligence to process your data

Third-Party AI Processing:
We utilize advanced AI models like Open AI and Anthrophic to enhance transcription accuracy, generate meeting summaries, and provide intelligent analysis of conference content. When you use our AI-powered features, your audio recordings and related content may be processed by these third-party AI service providers.

Critical Privacy Protection:
Your data is never used to train public AI models. We maintain strict contractual agreements with our AI service providers ensuring that your personal data and conference content are processed solely to provide our services to you.

AI Processing Activities:

• Real-time transcription of audio recordings into searchable text

• Generation of meeting summaries and key action items

• Content analysis for topic identification and participant insights

• Language translation and accessibility enhancement features

• Quality improvement of transcription accuracy through context analysis

Technical Safeguards:
All data transmitted to AI service providers is encrypted in transit using enterprise-grade encryption protocols. Processing occurs in secure, access-controlled environments with comprehensive audit logging. AI processing is temporary - your data is processed only for the duration necessary to generate your requested outputs and is not retained by AI service providers beyond contractually agreed timeframes (typically 30 days maximum for abuse monitoring).

Your Rights Regarding AI Processing:
Under applicable privacy laws, you have the right to object to automated processing of your personal data, request human review of AI-generated decisions that significantly affect you, and receive explanations of the logic behind automated processing. Contact our privacy team to exercise these rights.

Legal basis for processing your information

We process your personal information based on the following legal grounds under applicable privacy laws:

Legitimate Interest (Primary Basis):
Our primary legal basis is legitimate interest in delivering AI-powered transcription services. We have conducted comprehensive balancing tests demonstrating that our business interests in providing accurate, efficient transcription technology do not override your fundamental privacy rights. Our legitimate interests include:

• Providing requested transcription and analysis services

• Improving service quality and accuracy through AI processing

• Ensuring platform security and preventing fraudulent activity

• Developing new features and service enhancements

Contract Performance:
We process your data as necessary to fulfill our service agreements with you or your organization, including delivering transcriptions, generating analysis reports, and providing customer support.

Consent:
For certain non-essential features, we rely on your explicit consent, which you may withdraw at any time through your account settings or by contacting our privacy team.

Legal Obligations:
We may process your information to comply with applicable laws, regulations, or legal processes.

How we share your information

We share personal information only in limited circumstances with appropriate safeguards. Your relationship with our service affects how information is shared:

Event Organizer Access: Event organizers (our direct clients) have access to the transcriptions, analysis, and related data from their events as part of our service delivery. This includes:

• Complete transcripts and AI-generated summaries from their events

• Participant information and analytics they originally provided

• Service usage and performance data for their events

• Administrative access to manage their settings

Event organizers are independent data controllers for their events and are responsible for their own privacy practices regarding attendee data.

AI Service Providers:
We share audio recordings and related content with our trusted AI partners for transcription and analysis services. These relationships are governed by strict data processing agreements that prohibit using your data for AI model training and require enterprise-grade security protections.

Cloud Infrastructure Providers:
Your data is hosted on secure servers provided by DigitalOcean in New York, USA. We maintain comprehensive data processing agreements ensuring equivalent privacy protections and security standards.

Service Providers:
We may share limited information with carefully vetted service providers who assist with:

• Technical infrastructure and hosting services

• Customer support and service delivery

• Payment processing and billing (for event organizer accounts)

• Security monitoring and incident response

Legal Requirements:
We may disclose information when required by law, court order, or regulatory request, or when necessary to protect our rights, your safety, or the rights of others.

Business Transfers:
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with equivalent privacy protections.

Important Notes:

• We do not sell, rent, or trade personal information to third parties for marketing purposes

• Conference attendees' data is only shared as described above - we do not provide attendee information to other event organizers or third parties

• All third-party relationships include contractual privacy protections and regular security assessments

• Event organizers remain responsible for their own privacy practices and compliance regarding attendee data

  
  

International data transfers and global operations

Data Processing Locations:
Your personal information is processed and stored in the United States, specifically in DigitalOcean's New York data center region. Additional processing may occur through our AI service providers which operate primarily in the United States.

International Service Delivery:
While our data is hosted in the United States, we provide services to users and event organizers globally. This means personal information from international users (including EU/EEA and UK residents) is transferred to and processed in the United States.

Transfer Safeguards for International Users:
For transfers from the European Economic Area (EEA) or United Kingdom to the United States, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission

• Additional technical and organizational measures to ensure data protection

• Regular transfer impact assessments to evaluate ongoing protection adequacy

• Contractual commitments from our US-based service providers to maintain equivalent protection

Cross-Border Processing Security:
All international data transfers are protected by:

• End-to-end encryption during transmission using industry-standard protocols

• Robust access controls and multi-factor authentication measures

• Comprehensive audit logging and monitoring of all data access

• Regular security assessments of our US-based processing infrastructure

• Contractual privacy protections with all US-based service providers

Data retention and deletion

Recordings and Transcripts:

• Are retained for the length of your contract, unless deleted by the user.

• Both audio and transcript data are automatically deleted within 30 days of contract termination

Account and Service Data:

• Account information is retained while your account remains active

• Service logs and technical data are retained for 24 months for security and service improvement

• Marketing and communication preferences are retained until you opt out

Automated Deletion:
We implement automated deletion processes with regular data review cycles to ensure compliance with retention limits. You can request immediate deletion of your data at any time, subject to legal obligations or legitimate business needs.

Secure Deletion:
When data is deleted, we use industry-standard secure deletion methods ensuring data cannot be recovered. Backups containing your data are purged according to our backup retention schedules, typically within 90 days of deletion.

Your privacy rights and how to exercise them

You have comprehensive rights regarding your personal information under applicable privacy laws. How you exercise these rights depends on your relationship with our service:

For Event Organizers: As our direct clients, you can exercise privacy rights through your account settings or by contacting our privacy team directly. You also have responsibilities regarding attendee privacy rights at your events.

For Conference Attendees: Even though you may not have a direct account with us, you still have privacy rights regarding information processed through our platform.

Universal Privacy Rights:

Right to Access:
Request a copy of personal data we hold about you, including information about how we process it and who we share it with.

Right to Rectification:
Request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten):
Request deletion of your personal data where legally permissible, including when data is no longer necessary for our service purposes.

Right to Data Portability:
Request transfer of your data in a structured, commonly used, machine-readable format for transmission to another service provider.

Right to Object:
Object to processing of your personal data, particularly for direct marketing purposes or processing based on legitimate interests.

Right to Restrict Processing:
Request limitation on how we process your personal data in certain circumstances.

Rights Related to Automated Decision-Making:
Request human review of automated decisions that significantly affect you and receive explanations of the logic behind such processing.

How to Exercise Your Rights:

Event Organizers: Contact us at hello@conferenceai.ai or through your account settings.

Conference Attendees: You have several options:

1. Contact us directly at hello@conferenceai.ai with details about the event and your request

2. Contact the event organizer who can assist with your request or forward it to us

3. For urgent requests, contact us directly and we will verify your participation and process your request

We verify identity before processing requests and respond within legally required timeframes (typically 30 days for GDPR requests, 45 days for CCPA requests).

California Consumer Privacy Act (CCPA) Rights:
California residents have additional rights including the right to know specific pieces of personal information collected, the right to opt-out of sale/sharing (though we do not sell personal information), and the right to non-discrimination for exercising privacy rights.

Important for Attendees: If you need to exercise privacy rights regarding a specific event, please provide as much detail as possible about the event (date, organizer, event name) to help us locate your information quickly.

Security measures and data protection

Technical Safeguards:

• End-to-end encryption (AES-256) for data in transit and at rest

• Advanced access controls with multi-factor authentication

• Regular security monitoring and intrusion detection

• Comprehensive audit logging of all data access and processing activities

• Automated backup systems with encrypted storage

Organizational Measures:

• Privacy by design principles integrated into all product development

• Regular security training for all personnel handling personal data

• Strict need-to-know access policies and role-based permissions

• Comprehensive incident response procedures and breach notification protocols

• Regular third-party security assessments and penetration testing

Infrastructure Security:

• Secure cloud hosting with DigitalOcean using enterprise-grade data centers

• Physical security controls at data center facilities

• Network security monitoring and DDoS protection

• Regular security patch management and vulnerability assessments

• Disaster recovery and business continuity planning

Data Breach Response:
In the unlikely event of a data breach, we will notify affected individuals and relevant authorities within legally required timeframes (72 hours for GDPR, without unreasonable delay for CCPA). Our incident response team conducts thorough investigations and implements corrective measures to prevent recurrence.

Cookies and tracking technologies

Essential Cookies:
We use strictly necessary cookies to provide core functionality including user authentication, session management, and security features. These cannot be disabled while using our services.

Analytics and Performance:
With your consent, we may use analytics cookies to understand service usage patterns and improve performance. You can opt out through your browser settings or account preferences.

Third-Party Services:
Our website may include integrated services (such as customer support chat) that use their own cookies. Please review their privacy policies for information about their practices.

Your Control:
You can control cookie preferences through your browser settings. However, disabling essential cookies may limit service functionality.

Children's privacy protection

Our services are not directed to individuals under 16 years of age, and we do not knowingly collect personal information from children under 16. If we discover that we have collected information from a child under 16, we will promptly delete such information. Parents or guardians who believe we may have collected information from a child under 16 should contact us immediately.

Updates to this privacy policy

We may update this privacy policy to reflect changes in our practices, services, or applicable laws. Material changes will be communicated through:

• Prominent notice on our website at least 30 days before changes take effect

• Email notification to event organizers (our direct clients)

• Notice to event organizers to inform attendees of changes affecting their data processing

• In-app notifications for significant changes affecting data processing

Version Control:
We maintain comprehensive version control with audit trails documenting all changes, approval workflows, and implementation dates. Previous versions are available upon request for compliance documentation purposes.

Continuing Use:
Event organizers' continued use of our services after policy updates constitutes acceptance of the revised terms. Event organizers are responsible for ensuring attendees are informed of material changes that affect their data processing.

Roles and responsibilities

Conference AI (Data Processor/Independent Controller):

• Acts as data processor for event organizers regarding attendee data collected during events

• Acts as independent data controller for event organizer account information and our direct business relationship

• Provides AI-powered transcription and analysis services according to contractual agreements

• Implements technical and organizational security measures to protect all personal data

• Responds to data subject rights requests from both event organizers and attendees

• Maintains compliance with applicable privacy laws and regulations

Event Organizers (Data Controllers for Their Events):

• Act as data controllers for their events and attendee information

• Responsible for obtaining appropriate consent and providing privacy notices to attendees

• Must inform attendees that Conference AI provides transcription services and may process their data

• Responsible for their own privacy practices and legal compliance regarding attendee data

• May receive transcripts and analysis results from their events

• Must have legitimate basis for sharing attendee data with Conference AI

Conference Attendees (Data Subjects):

• Have privacy rights regarding data processed about them during events

• Can exercise privacy rights directly with Conference AI or through event organizers

• Should direct questions about event-specific data collection practices to event organizers

• Retain all privacy rights under applicable laws regardless of not having direct Conference AI accounts

Shared Responsibilities: Event organizers and Conference AI work together to ensure attendee privacy protection. Event organizers handle consent and initial privacy notices, while Conference AI ensures secure processing and honors privacy rights requests. This collaborative approach ensures comprehensive privacy protection throughout the service delivery process.

Regulatory compliance and security standards

Privacy Law Compliance:
We comply with major privacy regulations including:

• EU General Data Protection Regulation (GDPR)

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

• UK Data Protection Act and UK GDPR

• Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

• Other applicable state, federal, and international privacy laws

Security Standards:
We implement industry-standard security practices and controls:

• Enterprise-grade encryption and access controls

• Regular security assessments and monitoring

• Comprehensive security policies and procedures based on industry best practices

• Continuous monitoring for emerging security threats and vulnerabilities

• Regular review and updates of security measures

Audit Readiness:
Our privacy program includes comprehensive documentation, regular internal reviews, and measurable compliance metrics suitable for enterprise client compliance reviews and regulatory inspections.

Contact information and complaints

Privacy Inquiries:
Email: hello@conferenceai.ai
Response time: Within 72 hours for all privacy-related inquiries

Data Protection Officer:
Email: hello@conferenceai.ai
For formal privacy rights requests and compliance matters

Regulatory Complaints:
You have the right to lodge complaints with relevant data protection authorities:

• EU users: Your local data protection authority or the Irish Data Protection Commission

• UK users: Information Commissioner's Office (ICO)

• California users: California Attorney General's Office

• Other jurisdictions: Your local privacy regulator

Customer Support:
For general service questions: hello@conferenceai.ai

We are committed to resolving privacy concerns promptly and transparently. Our privacy team works diligently to address all inquiries and maintain the highest standards of data protection while delivering exceptional AI-powered transcription services.