Notica: AI Meeting Notes

PRIVACY POLICY

This Privacy Policy outlines how Apero Technologies Group ("we," "us," or "our") collect, use, and disclose your personal information when you use any of our mobile applications available on the Apple App Store (collectively, the "Apps") and related services. It also explains your privacy rights and the legal protections afforded to you. We are committed to safeguarding the personal information of our users and their contacts. We are committed to complying with Apple’s App Store guidelines and applicable privacy laws, including providing clear information and obtaining your explicit consent where required.

By using any of our Apps or services, you consent to the collection, use, sharing, and processing of your personal information as described in this policy. We use your personal data to enhance and deliver our services effectively.

1. PERSONAL INFORMATION COLLECTED 

IN SHORT: We collect the information you provide (e.g., recordings, uploads), data from cookies and analytics tools, and sometimes public sources to improve app functionality.

Types of Data Collected: 

1. Personal Information User Provide 

Our Service automatically gathers data when you interact with it, enabling us to better understand your needs and enhance your experience.

• App information: When you use the Services, you may provide us with your audio recordings and any text, images that you upload or provide to us in the context of the Services.

• Audio: Voice or sound recordings created within the app, used solely for features such as saving, sharing, or downloading recordings.

• Authentication & Account Data: Depending on your chosen sign-in method, we may process basic account identifiers (e.g., display name, email, avatar) to create and maintain your in-app profile.

• Guest Accounts: If you continue as Guest, we create a local profile identified by a device identifier (e.g., device ID) to store your app data on that device. Guest data is not linked to an email until you upgrade to SSO (Apple/Google).

2. Information Collected Automatically

• Cookies: Our services utilize cookies to collect information to enhance user experience, understand user engagement and improve our services.

3. Data Obtained from Third Parties

• Firebase Analytics: Used to track in-app user interactions and subscription activity.

• Facebook SDK: Tracks advertising performance and user engagement derived from Facebook campaigns.

• Adjust: Used for both advertising attribution and subscription tracking, helping us evaluate marketing effectiveness.

• Google Account (Sign-In): When you log in using your Google account, we automatically receive your name, email address, and profile picture from Google. This basic account information is required to authenticate your identity and enable access to your account in the app.

• Apple Account (Sign-In): When you sign in with Apple, we receive your name and email address. If you choose Hide My Email, Apple provides a private relay email that forwards messages to your real inbox. We use this basic account information only to authenticate your identity and enable access to your account in the app. We do not receive your Apple ID password or other Apple account details. 

• Google Calendar: Meeting calendar information (event titles, times) accessed only when you connect your Google Calendar account, displayed in-app to facilitate meeting recording features. We do not modify, delete, or create events in your Google Calendar. Your calendar data is never shared with third parties, used for advertising, or stored beyond the duration necessary to provide this feature. All access complies with Google’s API Services User Data Policy, including the Limited Use requirements.

• Other Sources: Data about you may also be collected from publicly available sources to further enhance our services and customer understanding.

2. USE OF AUDIO-TO-TEXT SERVICES

IN SHORT: Audio recordings may be securely sent to third-party transcription services only with your explicit consent, and never without a visible recording indicator. 

• Explicit Opt-In: We will clearly inform you whenever your voice recording needs to be sent to a third-party service for transcription. We will ask for your explicit consent before any recording is shared. You can opt out at any time, and the App’s functionality that requires transcription will simply not be available.

• Encryption and Limited Use: Any audio sent to a third-party is encrypted both in transit (via SSL from mobile to backend and then to third-party) and encoded using secure formats (e.g., linear16). The third-party provider (such as a secure cloud-based speech-to-text service) is only permitted to use your recording for the sole purpose of converting speech to text. To the best of our knowledge, these providers do not retain or analyze your recording beyond that immediate conversion, and their handling of your data is subject to their own privacy policies and practices. 

• No Unintended Recording: The App will record audio only when you explicitly press record or use a voice feature. We do not run background audio recording or listen to ambient sounds. Whenever recording is active, you will see a clear on-screen indicator or hear an audible tone (in compliance with Apple’s guidelinesdeveloper.apple.com).

By default, your audio and transcripts are used only to fulfill your specific request. We do not use your transcripts or voice recordings for training any artificial intelligence models or other secondary purposes unless you provide separate explicit consent. Summarization and AI-based features are handled internally and never involve your transcript unless explicitly authorized.

When enabled by the organizer, Notica may record meetings and use AI to generate transcripts and summaries for the organizer’s use. This may include the voices and statements of all participants. Recording is announced in-meeting and a visible indicator remains active while recording. Data is stored securely and retained only as long as necessary for this feature or as required by law. We do not sell this data and we do not use recordings/transcripts to train machine-learning models unless you have provided explicit opt-in consent.

3. AI PROCESSING AND CHATBOT USE

IN SHORT: Our AI helps with transcription, summarization, and answering questions based on your transcripts; it doesn’t use external sources or your input for training.

Our application utilizes artificial intelligence (AI) services to support transcription, summarization, and question-answering functionalities based on user-generated audio content. These features are designed to operate strictly within the boundaries of user consent and data minimization principles.

AI Transcription 

When users engage the voice recording feature, the recorded audio may be transmitted to a secure third-party speech-to-text provider solely for the purpose of generating a transcript. Audio files are encrypted in transit, and only the voice content is included in the transmission — no additional personal data is shared.

These services are used solely to convert speech to text in real time, and audio data is transmitted securely with encryption. Based on the terms of use provided by the service providers, the submitted audio is not stored or retained beyond the transcription process.

We do not authorize the use of any recordings or transcripts for machine learning, analytics, or model training unless the user has explicitly opted in.

Summarization

After the transcription is completed, our system automatically processes the transcript using our in-house AI engine to generate a summary. This summarization is performed entirely within our secured infrastructure and does not involve any third-party data transmission.

The summary is generated based solely on the transcript content that was created within the app. We do not retain, reuse, or analyze user summaries for any purpose other than delivering that specific feature, unless the user has separately provided explicit consent. All summarization data remains tied to the user session and is under the user’s control.

AI Chatbot

The application includes an AI-powered chatbot that can answer questions based on user-generated meeting transcripts. When users access the chatbot from within a specific meeting recording, the chatbot only generates responses based on that transcript. Only users who have access to that recording can interact with the chatbot in this context. Users may also access the chatbot via the main navigation, in which case the chatbot operates based on prior interactions or prompts within the user’s own session.

To support these features, chat interactions may be stored on our secure servers to enable response generation and improve user experience across sessions. However, these interactions are not used to train machine learning models, and are not shared with third parties. Access to chat data is restricted and protected using industry-standard encryption and access controls.

The chatbot does not access external data sources (e.g., the internet), and responses are generated solely based on the content provided by the user or from within their transcripts.

Disclaimer

• Accuracy and reliability: While we strive to provide accurate and helpful responses, AI-generated content may occasionally contain outdated, incomplete, or inaccurate information. Users are encouraged to verify any critical information using reliable sources.

• Hallucinations: No AI system can fully guarantee freedom from hallucinations — inaccurate or fabricated content that appears plausible. This is a known limitation of large language models (LLMs). We implement safeguards (such as prompt constraints and transcript-based context) to reduce this risk and improve response accuracy.

• No legal or professional advice: Responses generated by the AI chatbot should not be considered professional, legal, medical, or financial advice. Please consult qualified professionals for any critical decisions.

• Data privacy and responsibility: Users are advised not to input sensitive, confidential, or personally identifiable information. Users are solely responsible for any actions taken based on chatbot responses.

• Use at your own risk: The chatbot is provided as-is. We do not guarantee uninterrupted operation or the complete reliability of any individual response.

4. YOUR CONSENT AND USAGE PERSONAL INFORMATION

IN SHORT: We process your data only with your consent and for purposes like improving services, communication, compliance, and personalization.

1. Granting Consent:

By registering or creating a profile on our platform, you explicitly agree to our processing of your personal data as detailed in this Privacy Policy. For processing sensitive data, such as voice recordings or precise location (if used), we will seek separate, informed consent before any processing or server-based analysis occurs.

We process Personal Data based on: (i) your consent (e.g., recording, ATT tracking); (ii) performance of a contract (providing the core features you request); (iii) our legitimate interests (e.g., service security, fraud prevention, troubleshooting), balanced against your rights; and (iv) legal obligations.

2. How We Utilize Your Information:

We use the personal information collected to:

• Enhance Service Delivery: Provide and maintain the quality of our services.

• Personalize Experience: Tailor content and advertisements to better match your interests and improve your overall service experience.

• Manage Your Account: Support the management of your service usage, enabling access to various functionalities as a registered user.

• Communicate: Contact you with updates, security alerts, and promotional messages through email or other forms of communication. 

• Security and Fraud Prevention: To detect, prevent, and address fraud, security risks, and other malicious or illegal activity.

• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

• Enforcing Terms: To enforce our Terms of Use and other policies.

3. Analytical Use and Compliance:

We analyze anonymized or aggregated data to enhance our services and ensure compliance with legal requirements, aiding in the prevention of fraud and illegal activities.

4. Advertisements and Analytics:

Third-party analytics may be used to understand service usage patterns and improve service delivery. These analytics are derived from data collected through cookies and similar technologies, which do not contain personally identifiable information.

5. Cookies:

Cookies are utilized to understand user interactions and store preferences related to your service use. You can manage these settings to adjust your privacy preferences.

6. Your Privacy Rights:

You have the right to opt out of receiving promotional communications and can manage, access, or modify your personal data, except where retained for legitimate business or legal reasons.

7. Policy Updates:

This Privacy Policy is subject to updates, which will be reflected in the revised document available on our platform. We encourage you to review this policy periodically. Continued engagement with our services after such updates constitutes your acceptance of the terms.

By using our services, you confirm that you understand and agree to the terms set out in this Privacy Policy, ensuring a secure and transparent user experience. 

5. SHARING AND DISCLOSURE OF PERSONAL INFORMATION 

IN SHORT: We never share your data without your consent, except when legally required. Our partners only access data essential to perform their services.

We do not share your data with other companies, organizations and individuals unless one of the following circumstances applies:

1. Sharing with your Consent:

We do not share your personal information with third parties without your explicit consent.

• For example, we may securely transmit your audio recordings to a trusted third-party speech-to-text provider only with your permission, for the sole purpose of generating transcripts. These providers are expected to process the data only for the requested service; however, we do not control or guarantee their data retention practices.

• Any transcripts or summaries you generate are only visible to you by default. No content is shared with third parties beyond what is needed for real-time transcription, unless you explicitly choose to share it.. No other users or external parties will have access unless you authorize it.

2. Legal Compliance and Protection of Rights:

We do not share audio recordings, transcripts, or any derived AI data with third parties unless required by law or with your explicit consent. We may only disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, court order, or other valid legal process.

• Protect and defend our rights or property.

• Prevent or investigate possible wrongdoing in connection with the Service.   

• Protect the personal safety of users of the Service or the public.   

• Protect against legal liability.

Such disclosures occur only under legally binding conditions, and never for commercial purposes.

3. Service Providers and Partners:

All of these providers only receive the minimum data necessary to perform their specific services, and only if you have given explicit consent (e.g., for voice transcription). None may use your data for other purposes such as marketing or training AI models without your prior consent. For clarity, third-party service providers we work with may include:

• Service Providers: We may share Personal Data with third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., cloud hosting, data storage, payment processing (e.g., Apple App Store In-App Purchase, Google Play Billing), customer support, analytics (e.g., Google Analytics, Firebase Analytics), marketing, and advertising (e.g., Google AdMob, Apple Search Ads) or speech-to-text processing (e.g., Deepgram). These service providers are expected to protect your data in accordance with applicable data protection regulations, and are granted access only to the information necessary to perform their functions. They are not authorized to use your personal information for their own marketing or profiling purposes unless you explicitly agree.

• Google Calendar Data Handling: Google Calendar data retrieved via API is processed exclusively within our secure systems for the purpose of displaying it to you in the App. We do not transmit your calendar data to any external party except as strictly necessary to fulfill the in-app feature you requested (e.g., syncing events for your view). This data is never sold, used for advertising, or shared for analytics, and is handled in compliance with Google’s API Services User Data Policy – Limited Use.

• Business Partners: We may share limited data such as: Contact details and demographic information, … with our business partners with whom we collaborate to provide you the best services or promotional offers. This is only done with your explicit consent and is strictly controlled under confidentiality agreements, ensuring compliance with privacy laws and limiting use to the agreed purposes.

Please note that when you interact with services or platforms connected to our App (e.g., cloud storage, payment processors, integrated third-party apps), your data may also be subject to their privacy policies. We recommend reviewing those policies to understand how your data may be handled.

No Cross-Sharing Between Identities: We do not share or merge data between your Guest profile and your SSO profile unless initiated by you during the Guest to SSO migration on the same device. We do not disclose Apple/Google sign-in data to third parties except to our processors as necessary to provide authentication and account services.

4. Business Transfers:

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Data may be shared or transferred as part of such a transaction, subject to standard confidentiality arrangements.

5. Public Interactions:

If you engage in activities on public areas of our services, your information can be seen by others and may be read, collected, or used by them. You are advised to exercise caution when deciding to disclose your personal information in these areas.

6. Cookies:

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interactions. This helps us offer better site experiences and tools in the future. You may manage your cookie preferences through your browser settings.

6. APP-SPECIFIC PERMISSIONS

IN SHORT: We only request essential permissions (e.g., mic, camera) to deliver key features. These are never used without your clear action.

Notica only requests permissions that are necessary for its core features. You will never be forced to grant a permission (like notifications or tracking) to use the app. In particular:

Permission 1: Privacy - Tracking Usage Description

This permission enables the app and its third-party analytics tools (such as Facebook SDK and Adjust) to track user activity across other apps and websites, in order to measure advertising performance and optimize marketing campaigns.

Permission 2: Privacy - Microphone Usage Description

This permission enables users to record audio within the app to support voice transcription features. Recordings are only captured when the user explicitly activates the feature. The app does not record in the background or without clear user action.

Permission 3: Privacy - Camera Usage Description

This permission enables users to capture photos or scan documents using their device camera, in order to process visual content for functions like OCR or document conversion.

Permission 4: Push Notification

This permission enables the app to send alerts and updates to the user’s device, in order to provide notifications about feature updates, system events, or content status.

These permissions are essential for the app to function properly and are strictly used in accordance with Apple Store's regulations to ensure a secure, efficient, and user-respecting operation. The app prioritizes user rights and privacy, implementing these permissions to enhance user experience without compromising privacy and security.

7. INFORMATION SECURITY AND TRANSFER OF PERSONAL INFORMATION

IN SHORT: We protect your data using HTTPS, TLS 1.2+, and AES-256 encryption. Only trusted providers with strict standards process your data.

1. International Data Transfers:

Your personal information may be transferred to and processed in countries outside of your country of residence, including where our servers are located or where our service providers operate. These countries may have data protection laws that are different from those in your jurisdiction.

We take appropriate measures to ensure that your personal information remains protected according to the security standards outlined in this Privacy Policy, regardless of where it is processed. This includes implementing strong contractual arrangements (such as Standard Contractual Clauses) and security measures to protect your data during international transfers.

2. Safeguarding Measures:

We implement strong contractual arrangements and security measures to protect your data when it is transferred internationally. This includes using encryption, secure data transfer protocols, and ensuring that all data handlers comply with our data protection and privacy standards.

3. Data Security Practices:

We maintain physical, administrative, and technical safeguards—such as encrypted servers, firewalls, and restricted access—to protect your data. All transmissions between your device and our systems are secured using HTTPS with TLS 1.2 or higher, and audio recordings, transcripts, and other user data are encrypted at rest using AES‑256.

We regularly audit our infrastructure and practices to uphold these protections. However, please note that no system is completely secure—transmitting information over the internet carries inherent risks, and we cannot guarantee absolute safety. You use our services at your own risk.

Any third-party service providers we engage (e.g. speech-to-text APIs) must adhere to these standards and are only granted access to data necessary for real-time processing.

4. Handling Data Risks:

While we endeavor to secure your data, the transmission of information over the internet can never be guaranteed to be completely secure. We encourage you to take precautions to protect your personal information when using digital services, including monitoring your account settings and access privileges.

5. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process, including encrypting data at rest and in transit, access controls, and secure development practices. However, please note that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

6. Data Retention And Deletion

We retain your Personal Data only for as long as necessary for the purposes stated in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

• Account Information: We generally retain your account information for as long as your account remains active.

• User-Generated Content and Usage Data: We retain user-generated content and usage data for as long as necessary to provide the services you use or for legitimate business purposes, unless you request earlier deletion.

• Audio recordings and their transcripts may be stored securely on our servers to support core features such as sharing, downloading, and cross-device access. These files are encrypted both in transit and at rest, and accessible only to the authenticated user. We do not use these files for analytics, advertising, or AI training unless we have received your explicit consent.

• Other Data: Other types of data are retained for periods necessary to fulfill the purposes for which they were collected.

Guest data is associated with your device identifier and retained on that device. If you uninstall the App, reset the device, or clear App data, your Guest data may be deleted and cannot be recovered. When Guest data is migrated to an SSO account (Apple/Google), it becomes part of your SSO account data and is retained in line with Account Information rules. If you later use Guest again after signing out, a new Guest profile will be created and previous Guest data will not be automatically restored.

When your account is deleted or upon receiving a valid data deletion request, we will securely delete or anonymize your Personal Data according to our internal procedures and applicable law, subject to any legal obligations or legitimate business needs (e.g., fraud prevention, dispute resolution) requiring us to retain certain information. Please note that residual copies may take some time to be fully removed from backup systems.

7. Correcting and Updating Your Information:

You have the right to request access to, correction of, or deletion of your personal information. If your personal data changes, or if you no longer wish to use our service, you may correct, update, or remove the information by making a direct request to us.

8. ACCESSING AND UPDATING PERSONAL INFORMATION

IN SHORT: You can access, correct, or delete your data using in-app options or by contacting support.

1. Your Rights to Access and Control Personal Data:

You have the right to access, review, and manage your personal data stored by us. Under applicable laws, you can request information about the data we hold on you, as well as request updates, corrections, or deletions of any inaccuracies.

2. How to Manage Your Information:

You can exercise your data protection rights through several options:

Update and Correct: Directly modify your personal details via your account settings.

Privacy Controls: Adjust settings to manage the use of your data, including opting out of targeted advertising and managing communication preferences.

3. Limitations on Access:

In certain circumstances, as permitted or required by law, your ability to access or control your personal data may be limited. The scope of access may also vary by the specific services and products you utilize.

4. Processing Requests:

We endeavor to promptly fulfill requests to access or modify personal information. You can initiate these requests through the contact options available on our platform.

5. Additional Support:

If certain personal data cannot be accessed or controlled via our standard tools or if you have specific inquiries regarding your data rights, please reach out to us directly for assistance.

6. Transparency and Accountability:

We regularly review and report on the requests we receive to access or control personal data, ensuring transparency and accountability in our data handling practices.

9. MINORS 

IN SHORT: We do not knowingly collect data from children under 13. Parents can review and request deletion of their child’s information.

1. Data Collection and Consent:

Our Service is not intended for use by children under the age of 13 (or a higher age threshold if required by applicable law in your jurisdiction). We do not knowingly collect personally identifiable information from children under this age without verifiable parental consent. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers promptly. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.

2. Parental Rights:

Parents or guardians have the right to review, manage, and delete their child’s information. We provide tools and support to facilitate these actions.

3. Revoking Consent:

At any time, parents or guardians can revoke their consent and request the deletion of their child’s information from our systems.

4. Reporting Issues:

For issues regarding the protection of minors’ data, please contact us immediately.

10. CHANGES TO THIS PRIVACY POLICY 

IN SHORT: We’ll notify you of significant policy changes via in-app notice or email.

We may revise our Privacy Policy from time to time to reflect changes in our practices or service offerings. When updates are made, we will notify you by sending an email and/or displaying a prominent notice on our service. Additionally, we will update the 'Last updated' date at the top of the Privacy Policy, which can be viewed on this page.

For significant changes, we may also send a push notification directly through the service.

We encourage you to review our Privacy Policy periodically to stay informed of how we are protecting the personal information we collect. Continued use of the service after any updates signifies your agreement to the revised policy.

11. CONTACT 

If you have any questions about our Privacy Policy or wish to make a request regarding certain personal information, you are encouraged to contact us. The contact information is:

Apero Technologies Group

support@apero.vn