Operating entity: Ilya Berdysh IE (Individual Entrepreneur), Getapnya 6, Dilijan 3901, Republic of Armenia
Product: Mymeet.ai Meeting Recording Bot & Service — server-side Zoom Meeting SDK integration
Version: 1.0 · Effective date: 21 April 2026 · Review cadence: annually, or upon material change
Classification: Internal · Policy owner: Ilya Berdysh IE
1. Purpose and Scope
This policy describes how Mymeet.ai classifies, protects, retains, and deletes data, with emphasis on meeting media and authentication tokens. It applies to all data processed by the orchestration service, the Meeting SDK bot, and the MongoDB, Redis, and Google Cloud Storage (S3-compatible API).
2. Data Classification
Sensitive: meeting recordings (MP3/MP4) and transcripts; Zoom credentials and tokens (SDK Client ID/Secret, OAuth, ZAK/OBF). Personal: account data (email, name, profile image URL from external sign-in), usage and diagnostic data, payment data, support communications, and bot-customization materials that identify a person. Sensitive and personal data receive the strongest controls.
3. Storage, Encryption, and Residency
Raw meeting audio and video are processed in-process inside the bot worker; only the final encoded MP3/MP4 outputs are persisted to storage. Production data is stored in Google Cloud Platform, Netherlands (europe-west4). Data is encrypted in transit (TLS) and at rest (server-side encryption on object storage). Access to stored recordings is least-privilege and access-controlled.
4. Access to Meeting Content
Meeting recordings and transcripts are processed in an automated pipeline. Personnel do not access meeting recordings, transcripts, or their content except where a user provides such data to us directly (for example, for technical support), and then only to the minimum extent necessary for the specific task.
5. Retention and Deletion
Customers retain ownership of their recordings and transcripts; Mymeet.ai acts as a custodian and does not sell customer data or use it for advertising.
Raw meeting audio/video: destroyed immediately after the transcription process completes. If transcription fails (does not complete), the raw file is retained for up to 3 calendar days, then destroyed.
Recordings and transcripts retained for the user: subject to a defined retention period of 30 days, after which they are deleted from storage.
Account and related personal data: retained while the account is active and deleted within 30 days of the relevant purpose ending (e.g., account closure), unless a longer period is required by law.
On uninstall / deauthorization of the Zoom app: associated data is deleted and deletion is confirmed to Zoom via its data-compliance callback.
On a valid deletion request, data is erased within the timeframe required by applicable law.
(Retention values above mirror current product behavior; confirm they remain accurate for the launched configuration.)
6. Data Subject Rights
Where applicable law grants rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent, Mymeet.ai honors them. Requests are handled within the timeframe required by law and routed to hello@mymeet.ai.
7. Sub-processors and Transfers
Data may be processed by vetted sub-processors bound by confidentiality and data-protection obligations. These fall into the following categories: cloud hosting and object storage (Google Cloud, Netherlands); speech-to-text / transcription; AI / LLM summarization; analytics; and payment processing. A current list of named sub-processors is available to customers on request. Third-party AI and transcription providers are contractually prohibited from training on customer content and operate under zero-/short-retention terms. A Data Processing Agreement (DPA) is made available to business customers. Ilya Berdysh IE is the data controller and contact for data-protection matters; where data is transferred across borders, appropriate safeguards are applied.
8. Consent for Recording
Recording permission is obtained from the meeting host, and the bot operates as a visible meeting participant. Users are responsible for obtaining any consents required from other participants before recording.
9. Minors and Special Categories
The service is not directed to children under 18, and biometric data is not intentionally processed. Personal data discovered to have been collected from a minor without appropriate consent is deleted promptly.
10. Review
This policy is reviewed at least annually and upon material changes to data flows, storage, or applicable law.