Privacy Policy

1. Who this policy applies to

This policy applies to visitors to the public website, account holders, workspace users, and people whose personal data is included in meeting recordings, transcripts, notes, or other workspace content processed through Bearbits.io.

If you use Bearbits.io on behalf of an employer, client, or other organization, that organization may also act as a controller of some meeting content and may have separate privacy obligations to meeting participants.

2. Data we collect

Account and profile data: This includes your email address, sign-in credentials submitted through the authentication flow, your display name, locale, and workspace preferences.

Meeting and workspace content: This includes live microphone audio, optional system audio, transcripts, summaries, suggestions, project metadata, people records, tasks, glossary terms, and other meeting-related context that you or your workspace create.

Billing and subscription data: This includes Paddle customer and subscription identifiers, price and plan information, billing status, billing period timestamps, and webhook event records used to manage access to the service.

Technical and device data: This includes browser metadata necessary to operate the product, authentication tokens, local recovery drafts stored in your browser, selected microphone metadata, analytics consent choices, and service logs needed for security, debugging, reliability, and product analytics where consent has been given.

3. How we use personal data and our legal bases

To provide the service (Performance of a contract, or steps taken at your request before entering into a contract.): We process account data, meeting content, transcription data, and subscription status so you can sign in, record meetings, generate notes, export data, and access paid features.

To secure, maintain, and improve the product (Legitimate interests.): We process logs, technical metadata, and operational information to prevent abuse, diagnose faults, maintain service integrity, and improve performance and product quality.

To manage billing, tax, and compliance (Performance of a contract and compliance with legal obligations.): We process subscription and transaction-related information to collect payment, enforce access rules, maintain accounting records, and satisfy legal obligations where applicable.

Where consent is required (Consent.): If a specific use of data legally requires consent, we will rely on that consent and you may withdraw it where the law gives you that right. You remain responsible for obtaining any meeting participant notices or consents required for recording or transcription in your jurisdiction.

Where you opt in to analytics cookies, we use PostHog to measure onboarding and product flows, build funnels, and review session replay on supported routes. Admin pages, shared routes, and impersonation sessions are excluded from that tracking, and sensitive inputs or marked workspace content are masked or blocked in replay.

4. Processors and recipients

We disclose personal data to service providers only where needed to operate the service, process billing, secure infrastructure, or comply with the law.

Transcription provider: Speech-to-text transcription of meeting audio.

OpenRouter and underlying model providers: Generation of summaries, suggestions, and other AI outputs derived from transcript content.

Convex: Application hosting, database storage, server-side functions, and authentication infrastructure.

Paddle: Subscription billing, payment processing, and customer portal management.

PostHog: Product analytics, funnel measurement, and session replay after analytics consent is given.

We may also disclose personal data to regulators, law enforcement, courts, auditors, or professional advisers where required by law or reasonably necessary to protect our rights, users, or the security of the service.

5. International transfers

The service and its subprocessors may process data in countries outside the country where you or your organization are located. Where required by applicable law, we rely on contractual and organizational safeguards intended to support lawful international transfers.

6. Retention

We retain account, workspace, and meeting data for as long as needed to provide the service, maintain security and business records, resolve disputes, and comply with legal obligations.

Meeting records and settings remain in the service until you delete them or your workspace removes them. Subscription and billing records may be retained longer where reasonably necessary for accounting, fraud prevention, dispute resolution, or legal compliance.

Browser-stored recovery drafts remain on your device until they are cleared by the application or removed from your browser storage.

7. Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. No system can guarantee absolute security, and you should use the service only in environments that are appropriate for the sensitivity of your meeting content.

8. Your rights

Depending on applicable law, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, and to receive a copy of certain data in a portable format.

The product currently supports self-service export and deletion through Settings. If you need additional privacy assistance, contact the business contact or support channel associated with your Bearbits.io account or workspace. In-product privacy controls are also described in our Help topic Settings and privacy.

If you are in the EEA, UK, or another jurisdiction with similar rights, you may also have the right to complain to your local supervisory authority.

You can also change analytics and session replay consent for this browser at any time from cookie settings.

9. Automated processing

Bearbits.io uses automated systems to transcribe audio and generate summaries, suggestions, and related outputs. These features are assistive tools and may produce inaccurate or incomplete results. They are not intended to make legal, employment, credit, insurance, or similarly significant decisions about individuals without human review.

10. Children

Bearbits.io is intended for business and professional use and is not directed to children. If you believe a child has provided personal data unlawfully through the service, request deletion through the relevant workspace owner or support contact.

11. Changes to this policy

We may update this Privacy Policy from time to time. The version posted on this page is the current version, and the date at the top indicates when it was last updated. Material changes should be reviewed before continued use of the service.

12. Important practical note for customers

If you use Bearbits.io to record calls or meetings, you are responsible for determining whether notice, consent, employment consultation, or other legal steps are required before recording or uploading personal data. Privacy and recording laws vary by country and state, and your obligations may depend on who is in the meeting and where they are located.