Privacy Policy

SN Horizon ("Company", "we", "us", "our") operates SN Scribe ("Service", "Platform"), an AI-powered meeting intelligence platform. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (stored as a bcrypt hash — we never store plaintext passwords)
• Organization name
• Profile image (if provided via SSO)

1.2 Meeting Data

When you use the Service to process meetings, we collect and process:

• Audio recordings: Meeting audio files uploaded or recorded through the platform
• Transcripts: Text transcriptions generated from audio by AI speech-to-text providers
• AI-generated summaries: Executive summaries, key points, action items, decisions, and risk assessments generated by large language models
• Meeting metadata: Title, date, duration, attendees, and calendar event associations
• Tasks and decisions: Action items and decisions extracted or manually created from meetings

1.3 Usage Data

We automatically collect information about how you interact with the Service:

• Pages visited and features used
• Timestamps and session duration
• Device type, browser, and operating system
• IP address
• Error logs and performance data

1.4 Calendar Data

If you connect a calendar integration (Microsoft 365), we access your calendar events to display upcoming meetings and enable automatic meeting association. We collect event titles, times, attendees, meeting URLs, and descriptions.

2. How We Use Your Information

We use your information to:

• Provide the Service: Process audio recordings, generate transcriptions and AI summaries, manage tasks, and deliver meeting intelligence features
• Improve quality: Analyze usage patterns to improve platform performance, reliability, and features
• AI processing: Send audio and text data to AI providers for transcription, summarization, and task extraction
• Communication: Send meeting summaries, task reminders, overdue alerts, and service-related notifications
• Security: Detect and prevent fraud, unauthorized access, and other harmful activities
• Compliance: Maintain audit logs and comply with legal obligations

3. Data Storage & Security

3.1 Infrastructure

All data is hosted on Amazon Web Services (AWS) infrastructure. Our databases, file storage, and application servers operate within secure AWS environments with industry-standard security controls.

3.2 Encryption

• Data at rest: Database records are stored in PostgreSQL with AWS-managed encryption. Audio files are stored in AWS S3 with server-side encryption.
• Data in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• API key encryption: Third-party AI provider API keys stored in the platform are encrypted using AES-256-GCM encryption with unique initialization vectors.

3.3 Access Controls

The platform enforces multi-tenant isolation. Users can only access data within their organization. Role-based access control (Owner, Admin, Member) governs permissions within each organization.

4. Data Retention

• Audio recordings: Stored in AWS S3 and automatically deleted after 30 days. This retention period is not configurable.
• Transcripts and summaries: Retained in the database according to your organization's retention policy, configurable up to 3 years (default: 2 years / 730 days).
• Account data: Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days.
• Audit logs: Retained for compliance purposes as configured by the organization.
• Usage logs: Retained for analytics and billing purposes for up to 2 years.

5. Third-Party Services

We use the following third-party services to provide the Platform. Data is shared with these providers solely for the purpose of delivering the Service and is not sold or shared for advertising purposes:

5.1 AI Providers

• Deepgram: Audio data is sent to Deepgram for real-time and batch speech-to-text transcription. See Deepgram's Privacy Policy.
• OpenAI: Transcript text is sent to OpenAI (GPT-4o, Whisper) for summarization, task extraction, and transcription. See OpenAI's Privacy Policy.
• Anthropic: Transcript text may be sent to Anthropic (Claude) for summarization and analysis. See Anthropic's Privacy Policy.

Your organization administrator selects which AI providers are used via the platform's AI configuration settings. Data is processed according to each provider's data processing terms.

5.2 Infrastructure

• Amazon Web Services (AWS): Cloud hosting, database (RDS), file storage (S3), and compute services.

6. Microsoft Single Sign-On (SSO)

If you sign in using Microsoft Azure AD SSO, we receive the following data from Microsoft:

• Email address
• Display name
• Profile photo (if available)
• Azure AD account identifier

We do not receive or store your Microsoft password. Calendar integration requires separate authorization and provides access only to calendar event metadata, not email or file content.

7. Cookies & Analytics

We use the following types of cookies and tracking technologies:

• Essential cookies: Required for authentication and session management (e.g., NextAuth session token, organization selection).
• Functional cookies: Store your preferences such as theme selection and UI settings.

We do not use third-party advertising cookies or trackers. Analytics data is collected using internal usage logging and is not shared with third-party analytics platforms.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Export / Data Portability: Export your meeting data (transcripts, summaries) in standard formats (DOCX, PDF).
• Restriction: Request restriction of processing of your data in certain circumstances.
• Objection: Object to processing of your data for certain purposes.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@snhorizon.com. We will respond within 30 days.

9. Children's Privacy

SN Scribe is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@snhorizon.com.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States where our cloud infrastructure is hosted. When we transfer data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all third-party service providers
• Encryption of data in transit and at rest

11. GDPR Compliance (European Economic Area)

If you are located in the European Economic Area (EEA), the following additional provisions apply:

• Legal basis for processing: We process your data based on (a) your consent, (b) performance of our contract with you (these Terms of Service), (c) our legitimate business interests, or (d) compliance with legal obligations.
• Data Protection Officer: You may contact our data protection team at privacy@snhorizon.com.
• Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.
• Data retention: We retain personal data only as long as necessary for the purposes described in this policy or as required by law.

12. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• No Sale of Personal Information: We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.

To exercise your CCPA rights, contact us at privacy@snhorizon.com or submit a verifiable consumer request.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email or through a notice within the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Privacy inquiries: privacy@snhorizon.com
• General inquiries: legal@snhorizon.com
• Company: SN Horizon