Privacy Policy
Privacy Policy for Conference AI
Effective Date: 6/1/25
Last Updated: 6/1/25
Privacy commitment and key protections
Conference AI (operated by PauPau LLC DBA Conference AI) is committed to protecting your privacy while delivering AI-powered conference transcription and analysis services. We do not use your data to train public AI models and implement enterprise-grade security measures including end-to-end encryption and strict data retention limits. Your audio recordings and transcripts are processed solely to provide our services, with automatic deletion within 30 days of contract termination, whichever comes first.
For Event Organizers: You contract directly with us to provide transcription services for your conferences and events. This policy explains our data practices, your responsibilities regarding attendee consent, and how we work together to protect participant privacy.
For Conference Attendees: When you participate in events that use our transcription services, your voice and related information may be processed through our AI platform. The event organizer has engaged us to provide these services, and this policy explains how we protect your information and your rights regarding its use.
This policy explains how we collect, use, and protect personal information in both scenarios, including our use of advanced AI models from trusted providers like Anthropic and OpenAI. We serve users globally and comply with major privacy regulations including GDPR, CCPA, UK Data Protection Act, and other applicable privacy laws.
Company information and contact details
Data Controller:
PauPau LLC DBA Conference AI
2200 Wilson Blvd 137 Ste 102, Arlington, VA, 22201
Email: hello@conferenceai.ai
Website: www.conferenceai.ai
Data Protection Officer:
Email: hello@conferenceai.ai
For privacy-related questions or to exercise your rights, contact us using the information above. We respond to all privacy inquiries within 72 hours and fulfill data subject requests within legally required timeframes.
What personal information we collect
We collect personal information necessary to provide our AI-powered conference transcription and analysis services. The information we collect depends on your relationship with our service:
Information from Event Organizers (Our Direct Clients):
Organization and contact details for service agreements
Technical integration settings and API access credentials
Billing and payment information
Event scheduling and configuration data
Administrative user accounts and access controls
Information about Conference Attendees (Collected via Event Organizers): We process attendee information that event organizers share with us through their existing event platforms and integrations:
Audio and Visual Data:
Audio recordings from conferences, meetings, and events
Video recordings when video transcription services are requested
Screen sharing content and presentation materials
Real-time audio streams during live transcription
Participant Information:
Names and titles of conference participants (typically provided by event organizers)
Email addresses for service delivery (when shared by event organizers)
Company names and professional affiliations
Participant roles and speaking segments
Service Data:
Meeting metadata (duration, participant count, scheduling information)
Transcription accuracy preferences and customization settings
User interaction data with transcripts and analysis features
Technical logs necessary for service delivery and troubleshooting
How We Collect This Information:
Direct provision by event organizers through service agreements and platform integrations
Automated collection during live transcription and recording processing
Integration data from event organizers' existing conference and event management platforms
Real-time processing during live conferences and meetings
Important for Attendees: The event organizer you're participating with has engaged us to provide transcription services. They are responsible for informing you about our involvement and ensuring appropriate consent for recording and transcription. If you have questions about data collection at a specific event, please contact the event organizer directly.
How we use artificial intelligence to process your data
Third-Party AI Processing:
We utilize advanced AI models like Open AI and Anthrophic to enhance transcription accuracy, generate meeting summaries, and provide intelligent analysis of conference content. When you use our AI-powered features, your audio recordings and related content may be processed by these third-party AI service providers.
Critical Privacy Protection:
Your data is never used to train public AI models. We maintain strict contractual agreements with our AI service providers ensuring that your personal data and conference content are processed solely to provide our services to you.
AI Processing Activities:
Real-time transcription of audio recordings into searchable text
Generation of meeting summaries and key action items
Content analysis for topic identification and participant insights
Language translation and accessibility enhancement features
Quality improvement of transcription accuracy through context analysis
Technical Safeguards:
All data transmitted to AI service providers is encrypted in transit using enterprise-grade encryption protocols. Processing occurs in secure, access-controlled environments with comprehensive audit logging. AI processing is temporary - your data is processed only for the duration necessary to generate your requested outputs and is not retained by AI service providers beyond contractually agreed timeframes (typically 30 days maximum for abuse monitoring).
Your Rights Regarding AI Processing:
Under applicable privacy laws, you have the right to object to automated processing of your personal data, request human review of AI-generated decisions that significantly affect you, and receive explanations of the logic behind automated processing. Contact our privacy team to exercise these rights.
Legal basis for processing your information
We process your personal information based on the following legal grounds under applicable privacy laws:
Legitimate Interest (Primary Basis):
Our primary legal basis is legitimate interest in delivering AI-powered transcription services. We have conducted comprehensive balancing tests demonstrating that our business interests in providing accurate, efficient transcription technology do not override your fundamental privacy rights. Our legitimate interests include:
Providing requested transcription and analysis services
Improving service quality and accuracy through AI processing
Ensuring platform security and preventing fraudulent activity
Developing new features and service enhancements
Contract Performance:
We process your data as necessary to fulfill our service agreements with you or your organization, including delivering transcriptions, generating analysis reports, and providing customer support.
Consent:
For certain non-essential features, we rely on your explicit consent, which you may withdraw at any time through your account settings or by contacting our privacy team.
Legal Obligations:
We may process your information to comply with applicable laws, regulations, or legal processes.
How we share your information
We share personal information only in limited circumstances with appropriate safeguards. Your relationship with our service affects how information is shared:
Event Organizer Access: Event organizers (our direct clients) have access to the transcriptions, analysis, and related data from their events as part of our service delivery. This includes:
Complete transcripts and AI-generated summaries from their events
Participant information and analytics they originally provided
Service usage and performance data for their events
Administrative access to manage their settings
Event organizers are independent data controllers for their events and are responsible for their own privacy practices regarding attendee data.
AI Service Providers:
We share audio recordings and related content with our trusted AI partners for transcription and analysis services. These relationships are governed by strict data processing agreements that prohibit using your data for AI model training and require enterprise-grade security protections.
Cloud Infrastructure Providers:
Your data is hosted on secure servers provided by DigitalOcean in New York, USA. We maintain comprehensive data processing agreements ensuring equivalent privacy protections and security standards.
Service Providers:
We may share limited information with carefully vetted service providers who assist with:
Technical infrastructure and hosting services
Customer support and service delivery
Payment processing and billing (for event organizer accounts)
Security monitoring and incident response
Legal Requirements:
We may disclose information when required by law, court order, or regulatory request, or when necessary to protect our rights, your safety, or the rights of others.
Business Transfers:
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with equivalent privacy protections.
Important Notes:
We do not sell, rent, or trade personal information to third parties for marketing purposes
Conference attendees' data is only shared as described above - we do not provide attendee information to other event organizers or third parties
All third-party relationships include contractual privacy protections and regular security assessments
Event organizers remain responsible for their own privacy practices and compliance regarding attendee data
International data transfers and global operations
Data Processing Locations:
Your personal information is processed and stored in the United States, specifically in DigitalOcean's New York data center region. Additional processing may occur through our AI service providers which operate primarily in the United States.
International Service Delivery:
While our data is hosted in the United States, we provide services to users and event organizers globally. This means personal information from international users (including EU/EEA and UK residents) is transferred to and processed in the United States.
Transfer Safeguards for International Users:
For transfers from the European Economic Area (EEA) or United Kingdom to the United States, we implement appropriate safeguards including:
Standard Contractual Clauses approved by the European Commission
Additional technical and organizational measures to ensure data protection
Regular transfer impact assessments to evaluate ongoing protection adequacy
Contractual commitments from our US-based service providers to maintain equivalent protection
Cross-Border Processing Security:
All international data transfers are protected by:
End-to-end encryption during transmission using industry-standard protocols
Robust access controls and multi-factor authentication measures
Comprehensive audit logging and monitoring of all data access
Regular security assessments of our US-based processing infrastructure
Contractual privacy protections with all US-based service providers
Data retention and deletion
Recordings and Transcripts:
Are retained for the length of your contract, unless deleted by the user.
Both audio and transcript data are automatically deleted within 30 days of contract termination
Account and Service Data:
Account information is retained while your account remains active
Service logs and technical data are retained for 24 months for security and service improvement
Marketing and communication preferences are retained until you opt out
Automated Deletion:
We implement automated deletion processes with regular data review cycles to ensure compliance with retention limits. You can request immediate deletion of your data at any time, subject to legal obligations or legitimate business needs.
Secure Deletion:
When data is deleted, we use industry-standard secure deletion methods ensuring data cannot be recovered. Backups containing your data are purged according to our backup retention schedules, typically within 90 days of deletion.
Your privacy rights and how to exercise them
You have comprehensive rights regarding your personal information under applicable privacy laws. How you exercise these rights depends on your relationship with our service:
For Event Organizers: As our direct clients, you can exercise privacy rights through your account settings or by contacting our privacy team directly. You also have responsibilities regarding attendee privacy rights at your events.
For Conference Attendees: Even though you may not have a direct account with us, you still have privacy rights regarding information processed through our platform.
Universal Privacy Rights:
Right to Access:
Request a copy of personal data we hold about you, including information about how we process it and who we share it with.
Right to Rectification:
Request correction of inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten):
Request deletion of your personal data where legally permissible, including when data is no longer necessary for our service purposes.
Right to Data Portability:
Request transfer of your data in a structured, commonly used, machine-readable format for transmission to another service provider.
Right to Object:
Object to processing of your personal data, particularly for direct marketing purposes or processing based on legitimate interests.
Right to Restrict Processing:
Request limitation on how we process your personal data in certain circumstances.
Rights Related to Automated Decision-Making:
Request human review of automated decisions that significantly affect you and receive explanations of the logic behind such processing.
How to Exercise Your Rights:
Event Organizers: Contact us at hello@conferenceai.ai or through your account settings.
Conference Attendees: You have several options:
Contact us directly at hello@conferenceai.ai with details about the event and your request
Contact the event organizer who can assist with your request or forward it to us
For urgent requests, contact us directly and we will verify your participation and process your request
We verify identity before processing requests and respond within legally required timeframes (typically 30 days for GDPR requests, 45 days for CCPA requests).
California Consumer Privacy Act (CCPA) Rights:
California residents have additional rights including the right to know specific pieces of personal information collected, the right to opt-out of sale/sharing (though we do not sell personal information), and the right to non-discrimination for exercising privacy rights.
Important for Attendees: If you need to exercise privacy rights regarding a specific event, please provide as much detail as possible about the event (date, organizer, event name) to help us locate your information quickly.
Security measures and data protection
Technical Safeguards:
End-to-end encryption (AES-256) for data in transit and at rest
Advanced access controls with multi-factor authentication
Regular security monitoring and intrusion detection
Comprehensive audit logging of all data access and processing activities
Automated backup systems with encrypted storage
Organizational Measures:
Privacy by design principles integrated into all product development
Regular security training for all personnel handling personal data
Strict need-to-know access policies and role-based permissions
Comprehensive incident response procedures and breach notification protocols
Regular third-party security assessments and penetration testing
Infrastructure Security:
Secure cloud hosting with DigitalOcean using enterprise-grade data centers
Physical security controls at data center facilities
Network security monitoring and DDoS protection
Regular security patch management and vulnerability assessments
Disaster recovery and business continuity planning
Data Breach Response:
In the unlikely event of a data breach, we will notify affected individuals and relevant authorities within legally required timeframes (72 hours for GDPR, without unreasonable delay for CCPA). Our incident response team conducts thorough investigations and implements corrective measures to prevent recurrence.
Cookies and tracking technologies
Essential Cookies:
We use strictly necessary cookies to provide core functionality including user authentication, session management, and security features. These cannot be disabled while using our services.
Analytics and Performance:
With your consent, we may use analytics cookies to understand service usage patterns and improve performance. You can opt out through your browser settings or account preferences.
Third-Party Services:
Our website may include integrated services (such as customer support chat) that use their own cookies. Please review their privacy policies for information about their practices.
Your Control:
You can control cookie preferences through your browser settings. However, disabling essential cookies may limit service functionality.
Children's privacy protection
Our services are not directed to individuals under 16 years of age, and we do not knowingly collect personal information from children under 16. If we discover that we have collected information from a child under 16, we will promptly delete such information. Parents or guardians who believe we may have collected information from a child under 16 should contact us immediately.
Updates to this privacy policy
We may update this privacy policy to reflect changes in our practices, services, or applicable laws. Material changes will be communicated through:
Prominent notice on our website at least 30 days before changes take effect
Email notification to event organizers (our direct clients)
Notice to event organizers to inform attendees of changes affecting their data processing
In-app notifications for significant changes affecting data processing
Version Control:
We maintain comprehensive version control with audit trails documenting all changes, approval workflows, and implementation dates. Previous versions are available upon request for compliance documentation purposes.
Continuing Use:
Event organizers' continued use of our services after policy updates constitutes acceptance of the revised terms. Event organizers are responsible for ensuring attendees are informed of material changes that affect their data processing.
Roles and responsibilities
Conference AI (Data Processor/Independent Controller):
Acts as data processor for event organizers regarding attendee data collected during events
Acts as independent data controller for event organizer account information and our direct business relationship
Provides AI-powered transcription and analysis services according to contractual agreements
Implements technical and organizational security measures to protect all personal data
Responds to data subject rights requests from both event organizers and attendees
Maintains compliance with applicable privacy laws and regulations
Event Organizers (Data Controllers for Their Events):
Act as data controllers for their events and attendee information
Responsible for obtaining appropriate consent and providing privacy notices to attendees
Must inform attendees that Conference AI provides transcription services and may process their data
Responsible for their own privacy practices and legal compliance regarding attendee data
May receive transcripts and analysis results from their events
Must have legitimate basis for sharing attendee data with Conference AI
Conference Attendees (Data Subjects):
Have privacy rights regarding data processed about them during events
Can exercise privacy rights directly with Conference AI or through event organizers
Should direct questions about event-specific data collection practices to event organizers
Retain all privacy rights under applicable laws regardless of not having direct Conference AI accounts
Shared Responsibilities: Event organizers and Conference AI work together to ensure attendee privacy protection. Event organizers handle consent and initial privacy notices, while Conference AI ensures secure processing and honors privacy rights requests. This collaborative approach ensures comprehensive privacy protection throughout the service delivery process.
Regulatory compliance and security standards
Privacy Law Compliance:
We comply with major privacy regulations including:
EU General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
UK Data Protection Act and UK GDPR
Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
Other applicable state, federal, and international privacy laws
Security Standards:
We implement industry-standard security practices and controls:
Enterprise-grade encryption and access controls
Regular security assessments and monitoring
Comprehensive security policies and procedures based on industry best practices
Continuous monitoring for emerging security threats and vulnerabilities
Regular review and updates of security measures
Audit Readiness:
Our privacy program includes comprehensive documentation, regular internal reviews, and measurable compliance metrics suitable for enterprise client compliance reviews and regulatory inspections.
Contact information and complaints
Privacy Inquiries:
Email: hello@conferenceai.ai
Response time: Within 72 hours for all privacy-related inquiries
Data Protection Officer:
Email: hello@conferenceai.ai
For formal privacy rights requests and compliance matters
Regulatory Complaints:
You have the right to lodge complaints with relevant data protection authorities:
EU users: Your local data protection authority or the Irish Data Protection Commission
UK users: Information Commissioner's Office (ICO)
California users: California Attorney General's Office
Other jurisdictions: Your local privacy regulator
Customer Support:
For general service questions: hello@conferenceai.ai
We are committed to resolving privacy concerns promptly and transparently. Our privacy team works diligently to address all inquiries and maintain the highest standards of data protection while delivering exceptional AI-powered transcription services.
Privacy Policy for Conference AI
Effective Date: 6/1/25
Last Updated: 6/1/25
Privacy commitment and key protections
Conference AI (operated by PauPau LLC DBA Conference AI) is committed to protecting your privacy while delivering AI-powered conference transcription and analysis services. We do not use your data to train public AI models and implement enterprise-grade security measures including end-to-end encryption and strict data retention limits. Your audio recordings and transcripts are processed solely to provide our services, with automatic deletion within 30 days of contract termination, whichever comes first.
For Event Organizers: You contract directly with us to provide transcription services for your conferences and events. This policy explains our data practices, your responsibilities regarding attendee consent, and how we work together to protect participant privacy.
For Conference Attendees: When you participate in events that use our transcription services, your voice and related information may be processed through our AI platform. The event organizer has engaged us to provide these services, and this policy explains how we protect your information and your rights regarding its use.
This policy explains how we collect, use, and protect personal information in both scenarios, including our use of advanced AI models from trusted providers like Anthropic and OpenAI. We serve users globally and comply with major privacy regulations including GDPR, CCPA, UK Data Protection Act, and other applicable privacy laws.
Company information and contact details
Data Controller:
PauPau LLC DBA Conference AI
2200 Wilson Blvd 137 Ste 102, Arlington, VA, 22201
Email: hello@conferenceai.ai
Website: www.conferenceai.ai
Data Protection Officer:
Email: hello@conferenceai.ai
For privacy-related questions or to exercise your rights, contact us using the information above. We respond to all privacy inquiries within 72 hours and fulfill data subject requests within legally required timeframes.
What personal information we collect
We collect personal information necessary to provide our AI-powered conference transcription and analysis services. The information we collect depends on your relationship with our service:
Information from Event Organizers (Our Direct Clients):
Organization and contact details for service agreements
Technical integration settings and API access credentials
Billing and payment information
Event scheduling and configuration data
Administrative user accounts and access controls
Information about Conference Attendees (Collected via Event Organizers): We process attendee information that event organizers share with us through their existing event platforms and integrations:
Audio and Visual Data:
Audio recordings from conferences, meetings, and events
Video recordings when video transcription services are requested
Screen sharing content and presentation materials
Real-time audio streams during live transcription
Participant Information:
Names and titles of conference participants (typically provided by event organizers)
Email addresses for service delivery (when shared by event organizers)
Company names and professional affiliations
Participant roles and speaking segments
Service Data:
Meeting metadata (duration, participant count, scheduling information)
Transcription accuracy preferences and customization settings
User interaction data with transcripts and analysis features
Technical logs necessary for service delivery and troubleshooting
How We Collect This Information:
Direct provision by event organizers through service agreements and platform integrations
Automated collection during live transcription and recording processing
Integration data from event organizers' existing conference and event management platforms
Real-time processing during live conferences and meetings
Important for Attendees: The event organizer you're participating with has engaged us to provide transcription services. They are responsible for informing you about our involvement and ensuring appropriate consent for recording and transcription. If you have questions about data collection at a specific event, please contact the event organizer directly.
How we use artificial intelligence to process your data
Third-Party AI Processing:
We utilize advanced AI models like Open AI and Anthrophic to enhance transcription accuracy, generate meeting summaries, and provide intelligent analysis of conference content. When you use our AI-powered features, your audio recordings and related content may be processed by these third-party AI service providers.
Critical Privacy Protection:
Your data is never used to train public AI models. We maintain strict contractual agreements with our AI service providers ensuring that your personal data and conference content are processed solely to provide our services to you.
AI Processing Activities:
Real-time transcription of audio recordings into searchable text
Generation of meeting summaries and key action items
Content analysis for topic identification and participant insights
Language translation and accessibility enhancement features
Quality improvement of transcription accuracy through context analysis
Technical Safeguards:
All data transmitted to AI service providers is encrypted in transit using enterprise-grade encryption protocols. Processing occurs in secure, access-controlled environments with comprehensive audit logging. AI processing is temporary - your data is processed only for the duration necessary to generate your requested outputs and is not retained by AI service providers beyond contractually agreed timeframes (typically 30 days maximum for abuse monitoring).
Your Rights Regarding AI Processing:
Under applicable privacy laws, you have the right to object to automated processing of your personal data, request human review of AI-generated decisions that significantly affect you, and receive explanations of the logic behind automated processing. Contact our privacy team to exercise these rights.
Legal basis for processing your information
We process your personal information based on the following legal grounds under applicable privacy laws:
Legitimate Interest (Primary Basis):
Our primary legal basis is legitimate interest in delivering AI-powered transcription services. We have conducted comprehensive balancing tests demonstrating that our business interests in providing accurate, efficient transcription technology do not override your fundamental privacy rights. Our legitimate interests include:
Providing requested transcription and analysis services
Improving service quality and accuracy through AI processing
Ensuring platform security and preventing fraudulent activity
Developing new features and service enhancements
Contract Performance:
We process your data as necessary to fulfill our service agreements with you or your organization, including delivering transcriptions, generating analysis reports, and providing customer support.
Consent:
For certain non-essential features, we rely on your explicit consent, which you may withdraw at any time through your account settings or by contacting our privacy team.
Legal Obligations:
We may process your information to comply with applicable laws, regulations, or legal processes.
How we share your information
We share personal information only in limited circumstances with appropriate safeguards. Your relationship with our service affects how information is shared:
Event Organizer Access: Event organizers (our direct clients) have access to the transcriptions, analysis, and related data from their events as part of our service delivery. This includes:
Complete transcripts and AI-generated summaries from their events
Participant information and analytics they originally provided
Service usage and performance data for their events
Administrative access to manage their settings
Event organizers are independent data controllers for their events and are responsible for their own privacy practices regarding attendee data.
AI Service Providers:
We share audio recordings and related content with our trusted AI partners for transcription and analysis services. These relationships are governed by strict data processing agreements that prohibit using your data for AI model training and require enterprise-grade security protections.
Cloud Infrastructure Providers:
Your data is hosted on secure servers provided by DigitalOcean in New York, USA. We maintain comprehensive data processing agreements ensuring equivalent privacy protections and security standards.
Service Providers:
We may share limited information with carefully vetted service providers who assist with:
Technical infrastructure and hosting services
Customer support and service delivery
Payment processing and billing (for event organizer accounts)
Security monitoring and incident response
Legal Requirements:
We may disclose information when required by law, court order, or regulatory request, or when necessary to protect our rights, your safety, or the rights of others.
Business Transfers:
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with equivalent privacy protections.
Important Notes:
We do not sell, rent, or trade personal information to third parties for marketing purposes
Conference attendees' data is only shared as described above - we do not provide attendee information to other event organizers or third parties
All third-party relationships include contractual privacy protections and regular security assessments
Event organizers remain responsible for their own privacy practices and compliance regarding attendee data
International data transfers and global operations
Data Processing Locations:
Your personal information is processed and stored in the United States, specifically in DigitalOcean's New York data center region. Additional processing may occur through our AI service providers which operate primarily in the United States.
International Service Delivery:
While our data is hosted in the United States, we provide services to users and event organizers globally. This means personal information from international users (including EU/EEA and UK residents) is transferred to and processed in the United States.
Transfer Safeguards for International Users:
For transfers from the European Economic Area (EEA) or United Kingdom to the United States, we implement appropriate safeguards including:
Standard Contractual Clauses approved by the European Commission
Additional technical and organizational measures to ensure data protection
Regular transfer impact assessments to evaluate ongoing protection adequacy
Contractual commitments from our US-based service providers to maintain equivalent protection
Cross-Border Processing Security:
All international data transfers are protected by:
End-to-end encryption during transmission using industry-standard protocols
Robust access controls and multi-factor authentication measures
Comprehensive audit logging and monitoring of all data access
Regular security assessments of our US-based processing infrastructure
Contractual privacy protections with all US-based service providers
Data retention and deletion
Recordings and Transcripts:
Are retained for the length of your contract, unless deleted by the user.
Both audio and transcript data are automatically deleted within 30 days of contract termination
Account and Service Data:
Account information is retained while your account remains active
Service logs and technical data are retained for 24 months for security and service improvement
Marketing and communication preferences are retained until you opt out
Automated Deletion:
We implement automated deletion processes with regular data review cycles to ensure compliance with retention limits. You can request immediate deletion of your data at any time, subject to legal obligations or legitimate business needs.
Secure Deletion:
When data is deleted, we use industry-standard secure deletion methods ensuring data cannot be recovered. Backups containing your data are purged according to our backup retention schedules, typically within 90 days of deletion.
Your privacy rights and how to exercise them
You have comprehensive rights regarding your personal information under applicable privacy laws. How you exercise these rights depends on your relationship with our service:
For Event Organizers: As our direct clients, you can exercise privacy rights through your account settings or by contacting our privacy team directly. You also have responsibilities regarding attendee privacy rights at your events.
For Conference Attendees: Even though you may not have a direct account with us, you still have privacy rights regarding information processed through our platform.
Universal Privacy Rights:
Right to Access:
Request a copy of personal data we hold about you, including information about how we process it and who we share it with.
Right to Rectification:
Request correction of inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten):
Request deletion of your personal data where legally permissible, including when data is no longer necessary for our service purposes.
Right to Data Portability:
Request transfer of your data in a structured, commonly used, machine-readable format for transmission to another service provider.
Right to Object:
Object to processing of your personal data, particularly for direct marketing purposes or processing based on legitimate interests.
Right to Restrict Processing:
Request limitation on how we process your personal data in certain circumstances.
Rights Related to Automated Decision-Making:
Request human review of automated decisions that significantly affect you and receive explanations of the logic behind such processing.
How to Exercise Your Rights:
Event Organizers: Contact us at hello@conferenceai.ai or through your account settings.
Conference Attendees: You have several options:
Contact us directly at hello@conferenceai.ai with details about the event and your request
Contact the event organizer who can assist with your request or forward it to us
For urgent requests, contact us directly and we will verify your participation and process your request
We verify identity before processing requests and respond within legally required timeframes (typically 30 days for GDPR requests, 45 days for CCPA requests).
California Consumer Privacy Act (CCPA) Rights:
California residents have additional rights including the right to know specific pieces of personal information collected, the right to opt-out of sale/sharing (though we do not sell personal information), and the right to non-discrimination for exercising privacy rights.
Important for Attendees: If you need to exercise privacy rights regarding a specific event, please provide as much detail as possible about the event (date, organizer, event name) to help us locate your information quickly.
Security measures and data protection
Technical Safeguards:
End-to-end encryption (AES-256) for data in transit and at rest
Advanced access controls with multi-factor authentication
Regular security monitoring and intrusion detection
Comprehensive audit logging of all data access and processing activities
Automated backup systems with encrypted storage
Organizational Measures:
Privacy by design principles integrated into all product development
Regular security training for all personnel handling personal data
Strict need-to-know access policies and role-based permissions
Comprehensive incident response procedures and breach notification protocols
Regular third-party security assessments and penetration testing
Infrastructure Security:
Secure cloud hosting with DigitalOcean using enterprise-grade data centers
Physical security controls at data center facilities
Network security monitoring and DDoS protection
Regular security patch management and vulnerability assessments
Disaster recovery and business continuity planning
Data Breach Response:
In the unlikely event of a data breach, we will notify affected individuals and relevant authorities within legally required timeframes (72 hours for GDPR, without unreasonable delay for CCPA). Our incident response team conducts thorough investigations and implements corrective measures to prevent recurrence.
Cookies and tracking technologies
Essential Cookies:
We use strictly necessary cookies to provide core functionality including user authentication, session management, and security features. These cannot be disabled while using our services.
Analytics and Performance:
With your consent, we may use analytics cookies to understand service usage patterns and improve performance. You can opt out through your browser settings or account preferences.
Third-Party Services:
Our website may include integrated services (such as customer support chat) that use their own cookies. Please review their privacy policies for information about their practices.
Your Control:
You can control cookie preferences through your browser settings. However, disabling essential cookies may limit service functionality.
Children's privacy protection
Our services are not directed to individuals under 16 years of age, and we do not knowingly collect personal information from children under 16. If we discover that we have collected information from a child under 16, we will promptly delete such information. Parents or guardians who believe we may have collected information from a child under 16 should contact us immediately.
Updates to this privacy policy
We may update this privacy policy to reflect changes in our practices, services, or applicable laws. Material changes will be communicated through:
Prominent notice on our website at least 30 days before changes take effect
Email notification to event organizers (our direct clients)
Notice to event organizers to inform attendees of changes affecting their data processing
In-app notifications for significant changes affecting data processing
Version Control:
We maintain comprehensive version control with audit trails documenting all changes, approval workflows, and implementation dates. Previous versions are available upon request for compliance documentation purposes.
Continuing Use:
Event organizers' continued use of our services after policy updates constitutes acceptance of the revised terms. Event organizers are responsible for ensuring attendees are informed of material changes that affect their data processing.
Roles and responsibilities
Conference AI (Data Processor/Independent Controller):
Acts as data processor for event organizers regarding attendee data collected during events
Acts as independent data controller for event organizer account information and our direct business relationship
Provides AI-powered transcription and analysis services according to contractual agreements
Implements technical and organizational security measures to protect all personal data
Responds to data subject rights requests from both event organizers and attendees
Maintains compliance with applicable privacy laws and regulations
Event Organizers (Data Controllers for Their Events):
Act as data controllers for their events and attendee information
Responsible for obtaining appropriate consent and providing privacy notices to attendees
Must inform attendees that Conference AI provides transcription services and may process their data
Responsible for their own privacy practices and legal compliance regarding attendee data
May receive transcripts and analysis results from their events
Must have legitimate basis for sharing attendee data with Conference AI
Conference Attendees (Data Subjects):
Have privacy rights regarding data processed about them during events
Can exercise privacy rights directly with Conference AI or through event organizers
Should direct questions about event-specific data collection practices to event organizers
Retain all privacy rights under applicable laws regardless of not having direct Conference AI accounts
Shared Responsibilities: Event organizers and Conference AI work together to ensure attendee privacy protection. Event organizers handle consent and initial privacy notices, while Conference AI ensures secure processing and honors privacy rights requests. This collaborative approach ensures comprehensive privacy protection throughout the service delivery process.
Regulatory compliance and security standards
Privacy Law Compliance:
We comply with major privacy regulations including:
EU General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
UK Data Protection Act and UK GDPR
Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
Other applicable state, federal, and international privacy laws
Security Standards:
We implement industry-standard security practices and controls:
Enterprise-grade encryption and access controls
Regular security assessments and monitoring
Comprehensive security policies and procedures based on industry best practices
Continuous monitoring for emerging security threats and vulnerabilities
Regular review and updates of security measures
Audit Readiness:
Our privacy program includes comprehensive documentation, regular internal reviews, and measurable compliance metrics suitable for enterprise client compliance reviews and regulatory inspections.
Contact information and complaints
Privacy Inquiries:
Email: hello@conferenceai.ai
Response time: Within 72 hours for all privacy-related inquiries
Data Protection Officer:
Email: hello@conferenceai.ai
For formal privacy rights requests and compliance matters
Regulatory Complaints:
You have the right to lodge complaints with relevant data protection authorities:
EU users: Your local data protection authority or the Irish Data Protection Commission
UK users: Information Commissioner's Office (ICO)
California users: California Attorney General's Office
Other jurisdictions: Your local privacy regulator
Customer Support:
For general service questions: hello@conferenceai.ai
We are committed to resolving privacy concerns promptly and transparently. Our privacy team works diligently to address all inquiries and maintain the highest standards of data protection while delivering exceptional AI-powered transcription services.