Privacy Policy
Last updated: 9 May 2026
1. Data Controller
auraLabs
Email: privacy@aurascribe.com
Located in France
If you have questions about this policy or wish to exercise your data rights, contact us at the email above.
2. What Data We Collect
When you use auraScribe, including its Meeting Bot feature, we may collect and process the following categories of personal data:
| Category | Description | Source |
|---|---|---|
| Account data | Name, email address, authentication credentials | Provided by you at registration |
| Audio recordings | Meeting audio captured by the Meeting Bot | Microsoft Teams, Google Meet via Meeting BaaS (Spoke) |
| Google Drive file data | File IDs, names, metadata, and contents of audio or video files you explicitly select with Google Picker | Google Drive, after OAuth consent and user selection |
| Transcripts | Verbatim text generated from audio | Generated by Gemini AI from recordings |
| Speaker profiles | Speaker identification labels linked to voice segments | Generated by AI diarisation |
| Behavioural analysis | Structured observations about communication patterns | Generated by AI analysis |
| Meeting metadata | Date, time, duration, platform, participant count | Collected automatically during recording |
| Usage data | Feature interactions, session data, error logs | Collected automatically |
Important: auraScribe does not perform emotion recognition as defined in EU AI Act Art. 3(39). A dedicated compliance agent rewrites any AI-generated emotion inferences into observable behavioural descriptions before output reaches you. See our AI Transparency page for details.
3. Third-Party Audio & AI Data Processing
auraScribe uses third-party services to process your audio and generate analysis. No data is sent to any third party until you have provided explicit consent via the in-app consent dialog.
3.1 Google Gemini (Google LLC)
Audio recordings, transcripts, speaker metadata, behavioural audio cues, user-provided context, and follow-up chat messages are sent to Google Gemini for transcription, analysis, and behavioural observation generation.
Under Google's Gemini API Terms of Service for paid API usage, data sent via the API is not used to train Google's models. Audio files and cached data are retained by Google only for the duration necessary to complete processing.
3.2 Meeting BaaS by Spoke
Meeting URLs you provide and audio recordings captured by the meeting bot are processed by Spoke Technologies. The bot joins the meeting on your behalf, records the audio, and transmits it to auraScribe's servers.
4. Google Drive OAuth Data Use
auraScribe requests Google Drive OAuth access only for user-initiated Drive features. For Import from Google Drive, you select files through Google Picker and auraScribe reads only those selected files so they can be copied to your private auraScribe storage path and processed for transcription and analysis.
For Save to Google Drive, you select a destination folder and auraScribe creates only the transcript, notes, or optional audio export files you ask it to save. auraScribe does not scan your Drive, read unselected files, or modify existing Drive files that it did not create.
Google Drive access tokens are used only to complete the requested import or export action. Google user data is not sold, used for advertising, used to determine creditworthiness, or used to train AI models.
5. Legal Basis for Processing
Direct users: Contract performance (Art. 6(1)(b) GDPR).
Meeting participants (non-users): Legitimate interest (Art. 6(1)(f) GDPR), balanced through in-meeting notice, identifiable bot name, right to object, and data minimisation.
Analytics and cost monitoring: Legitimate interest (Art. 6(1)(f) GDPR) — operational metadata only, no audio or content.
6. How We Use Your Data
- Transcription — converting audio to text
- Speaker identification — labelling who said what
- Meeting summaries — structured notes from transcripts
- Conversational coaching — behavioural observations for self-improvement
- Google Drive import — reading only the Drive files you select for analysis
- Google Drive export — creating only the Drive files or folders you request
- Service operation — account management, authentication, support
- Security and abuse prevention
7. Third-Party Processors
| Processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Storage, database, hosting | EU (europe-west) |
| Google Drive API and Google Picker | User-selected file import and export | Google infrastructure |
| Google Gemini AI | Transcription, analysis, behavioural observations | EU/US |
| Meeting BaaS by Spoke | Meeting bot deployment, audio capture | US |
8. International Data Transfers
Data is primarily stored within the EU (Google Cloud europe-west regions). Transfers outside the EU rely on EU Standard Contractual Clauses supplemented by encryption in transit and at rest.
9. Data Retention and Deletion
- User-controlled: Delete recordings, transcripts, and analysis at any time
- Account deletion: All data deleted within 30 days
- Backup retention: Encrypted backups purged within 30 days
- Non-user participants: Data deleted within 30 days of verified request
10. Your Rights
Under GDPR: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), complaint (Art. 77). Contact privacy@aurascribe.com. We respond within 30 days.
Supervisory authority: CNIL — www.cnil.fr
11. Security
Encryption in transit (TLS) and at rest (AES-256), access controls, regular security reviews, sub-processor assessments.
12. Children
auraScribe is not intended for use by anyone under 16. We do not knowingly collect data from children.
13. Changes to This Policy
Material changes will be communicated via email or in-app notification.