← Back to KeenEar

Privacy Policy

Last updated: May 8, 2026

1. Data We Collect

  • Account information: email address, display name, country
  • Session data: transcripts, AI-generated questions and answers, session metadata
  • Knowledge base documents: files you upload for contextual AI answers
  • Usage data: session counts, feature usage, error reports

Audio is processed in real-time for transcription and is never stored permanently.

2. How We Use Your Data

Your data is used exclusively to provide the Service: generating real-time questions and answers, storing session history, and improving your experience. We do not sell your data. We do not use your data for advertising.

3. AI Processing

AI generation is performed via Google Gemini (paid tier). On the paid tier, Google contractually agrees NOT to use your data for model training. Transcripts are sent to Gemini in real-time to generate questions and answers, then the AI response is returned to you. No meeting content is retained by Google beyond the API call.

4. Data Retention

  • Standard professions (Buckets A, B, D, F): 90 days
  • Regulated professions (Bucket E): 30 days
  • Account deletion: all data permanently removed immediately

You can delete individual sessions or your entire account at any time from Settings.

5. Your Rights

You have the right to:

  • Access — view all data we hold about you (GET /api/users/me/export)
  • Export — download your data in JSON format
  • Delete — permanently remove all your data
  • Correct — update your profile information at any time

6. California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act: the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To exercise your rights, use the account deletion feature in Settings or contact [email protected].

7. Security

Data is encrypted in transit (TLS 1.2+). Database access is restricted to the application layer. Firebase tokens are verified server-side with Redis caching. Meeting content is never logged to crash reporting or analytics systems.

8. Subprocessors

  • Google Gemini — AI generation and embeddings (paid tier, no training on your data)
  • Cloudflare — CDN, tunneling, DDoS protection
  • Firebase — Authentication only (no Firestore, no Analytics)
  • Stripe — Payment processing (paid plans)

9. Contact

Privacy questions: [email protected]