Privacy Policy

Last updated: April 8, 2026

            Summary: AgendaPilot helps you track agenda items during meetings using speech recognition. We collect minimal data needed to provide the service. You can delete your data at any time.
        

Audio Handling

AgendaPilot never receives, stores, or saves your audio on our servers. Speech recognition is handled by your browser or device (e.g., Google's Web Speech API on Chrome). We receive only the converted text.

Meeting transcripts (text only) are stored as part of your meeting history for 90 days so you can review past meetings. You can also paste or upload transcripts from external tools. You can delete any meeting at any time.

1. Introduction

AgendaPilot ("we", "our", or "us") is a meeting productivity application that helps you track agenda items during meetings using speech recognition. This privacy policy explains what data we collect, how we use it, and your rights.

By using AgendaPilot, you agree to the collection and use of information in accordance with this policy and our Terms of Service.

Data Controller

For the purposes of GDPR and other data protection laws, the data controller is:

Entity: AgendaPilot
Contact Email: koalat@koalat.ai
Address: United States

For data protection inquiries, contact us at the email above. We will respond within 30 days.

2. Data We Collect

Account Information

Email address: Used for authentication via magic link sign-in
Display name: Optional name you can set in your profile
Subscription status: Whether you have an active subscription

Meeting Data

Agenda items: The meeting topics you enter
Session metadata: Meeting duration and item completion status
Meeting history: Completed meeting summaries (items covered/missed, duration, context) are stored for 90 days so you can review past meetings
Full transcripts: Meeting transcripts (captured via speech recognition, pasted manually, or uploaded from files) are stored as part of your meeting history for 90 days
Action items: Tasks extracted from meetings with owner, priority, and due date
Goals: Personal goals you create with progress tracking
Memories: Facts, decisions, and insights extracted from meetings
Agenda notes: Notes you save for upcoming meetings

Important - How Speech Recognition Works:

Your browser or device (not AgendaPilot) captures and processes your audio using its built-in speech recognition (e.g., Chrome uses Google's Web Speech API). We only receive the converted text for agenda tracking. See your browser/device privacy policy for how they handle audio.

Your Responsibility - Recording Consent: You are solely responsible for obtaining appropriate consent from all meeting participants before using AgendaPilot's speech recognition features. Many jurisdictions (including California, Illinois, and EU countries) require all-party consent to process conversations. See our Terms of Service for more details.

Uploaded Files

Transcript uploads: You may upload transcript files (.txt, .pdf, .docx, .md, .rtf, .csv) to import into meetings. Uploaded files are processed in memory to extract text and are not stored as files on our servers. Only the extracted text content is retained as part of your meeting transcript.

Omi AI Wearable Data

Omi UID: If you connect an Omi AI wearable device, we store your Omi user ID to link your device to your account
Webhook data: When your Omi device sends transcript data via webhook, we process it in real-time for agenda tracking. Transcript text is stored as part of your meeting history.

Technical Data

Browser type and version
Error logs for troubleshooting

3. How We Use Your Data

Purpose	Data Used	Legal Basis
Provide the service	Email, agenda items, session data, transcripts	Contract performance
Process payments	Email (shared with Stripe)	Contract performance
Send login links	Email	Contract performance
AI-powered features	De-identified transcript text (Pro tier)	Consent / Contract
Omi wearable integration	Omi UID, webhook transcript data	Consent / Contract
Improve the service	Anonymized usage patterns	Legitimate interest

4. Third-Party Services (Subprocessors)

We use the following third-party services to provide AgendaPilot. These are our data subprocessors:

Service	Purpose	Data Shared	Location
Stripe	Payment processing	Email, payment info	USA
Resend	Email delivery	Email address	USA
OpenRouter	AI analysis (Pro tier)	De-identified text only	USA
Google Web Speech API	Speech recognition (browser-side)	Audio (browser-side only)	USA
Replit	Application hosting and database	Account and meeting data	USA

Stripe (Payment Processing)

We use Stripe to process subscription payments. When you subscribe, Stripe receives your email address and payment information. Stripe is PCI-DSS compliant. Privacy policy: stripe.com/privacy

Resend (Email Delivery)

We use Resend to send magic link login emails. Your email address is shared with Resend for this purpose. Privacy policy: resend.com/legal/privacy-policy

OpenRouter (AI Features)

AI features use multiple models via OpenRouter for meeting analysis, coaching, and Council Mode (multi-model consensus analysis). We provide HIPAA PII de-identification tools that can remove sensitive information before text is sent to AI providers. Privacy policy: openrouter.ai/privacy

Web Speech API (Browser)

Speech recognition uses your browser's built-in Web Speech API. Audio processing is handled entirely by your browser (typically Google for Chrome). AgendaPilot never receives your audio. See Google's Privacy Policy.

5. Data Retention

Data Category	Retention Period	Purpose
Email address	Until account deletion	Authentication, communications
Display name	Until account deletion	Personalization
Subscription status	Until account deletion	Service access control
Meeting history	90 days (auto-deleted)	Review past meetings
Goals, action items, memories	Until manually deleted or account deletion	Productivity tracking
Magic link tokens	15 minutes	One-time authentication
Auth tokens	30 days	Session authentication
Audio	Never stored	N/A - processed browser-side only
Transcript text	90 days (with meeting history)	Review past meetings, AI analysis
Uploaded files	Not stored (processed in memory only)	Text extraction for transcript import

You can manually delete any meeting from the "Meeting History" section at any time. When you delete your account, all associated data is removed immediately.

6. Your Rights

Depending on your location, you may have the following rights:

For All Users

Access: Request a copy of your data
Deletion: Request deletion of your account and data
Correction: Update your email address or display name

For EU/EEA Users (GDPR)

Portability: Receive your data in a structured format
Restriction: Limit how we process your data
Objection: Object to processing based on legitimate interest
Withdraw consent: For AI features at any time

For US State Privacy Laws (CCPA, CPRA, VCDPA, CPA, CTDPA)

If you're a resident of California, Virginia, Colorado, Connecticut, or other states with privacy laws, you have the following rights:

Categories of Personal Information We Collect

Category	Examples	Collected
Identifiers	Email address, display name	Yes
Commercial information	Subscription history	Yes
Internet activity	App usage, meeting metadata	Yes
Geolocation	IP-based location	No
Biometric data	Voice recordings	No (audio is processed browser-side only, never received by AgendaPilot)
Sensitive personal info	Health, financial data	No

Your Rights

Know/Access: What personal information we collect about you
Delete: Request deletion of your personal information
Correct: Fix inaccurate personal information
Opt-out: Of sale or sharing for targeted advertising
Limit sensitive PI: Limit use of sensitive personal information
Non-discrimination: Equal service regardless of exercising rights

            Do Not Sell or Share My Personal Information: We do NOT sell your personal information. We do NOT share your personal information for cross-context behavioral advertising. Because we don't engage in these practices, there is no need to opt out.
        

To exercise any of these rights, email us at koalat@koalat.ai or use the "Export Data" and "Delete Account" features in the app. You may also designate an authorized agent to make requests on your behalf.

Healthcare Users (HIPAA Compliance)

            Important Context: AgendaPilot does not store or receive your audio. The core agenda tracking feature processes speech locally in your browser in real-time without sending audio data anywhere.
        

When does HIPAA de-identification apply? When you use AI analysis features, we provide PII de-identification tools that scan transcript text for sensitive information. When applied:

Text is scanned for sensitive information
PII is redacted and replaced with placeholders (e.g., [EMAIL], [SSN], [NAME])
Redacted text is what gets sent to AI providers

What we detect: Our de-identification covers 18 HIPAA Safe Harbor identifier categories including names, SSNs, dates of birth, addresses, phone numbers, emails, medical record numbers, health plan IDs, and more.

Note: While we provide tools to support HIPAA compliance for AI features, covered entities are responsible for their overall HIPAA compliance.

7. Data Security

We implement appropriate security measures including:

HTTPS encryption for all data in transit
SHA-256 hashing for authentication tokens
Database encryption at rest (provided by hosting infrastructure)
Magic link tokens with 15-minute expiration
Authorization checks on all API endpoints to prevent unauthorized data access

8. Children's Privacy

AgendaPilot is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

9. International Data Transfers

Your data may be processed in the United States where our servers and third-party providers are located.

For EU/EEA/UK Users

When we transfer personal data outside the European Economic Area or United Kingdom, we rely on:

Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide adequate safeguards
Data Processing Agreements: With each subprocessor listed in Section 4
Adequacy decisions: Where available for specific countries

You can request a copy of the safeguards we use by contacting us at koalat@koalat.ai.

Your Right to Complain

If you are in the EU/EEA and believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority (supervisory authority).

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through the app. The "Last updated" date at the top indicates when changes were made.

11. Contact Us

For privacy-related questions, data requests, or to exercise your rights:

Email: koalat@koalat.ai
Website: agendapilot.ai

We will respond to requests within 30 days.

← Back to AgendaPilot Terms of Service FAQ