NoteWave LogoNoteWaveBack to Home

Privacy Policy

Last updated: December 5, 2025

GDPR, POPIA & CCPA Compliant

1. Privacy Overview

NoteWave, a product of Blaze AI Solutions, is committed to protecting your privacy and handling your personal data with the highest level of care and security. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered meeting transcription services.

We comply with applicable privacy laws including the European Union's General Data Protection Regulation (GDPR),South Africa's Protection of Personal Information Act (POPIA), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations worldwide.

By using NoteWave, you confirm that you are at least 18 years of age. If you are under 18, you may not use the Service.

Your Privacy Rights

You have the right to access, correct, delete, or port your data. You can also restrict processing and withdraw consent at any time.

2. Your Privacy Rights

Under applicable privacy laws (GDPR, POPIA, CCPA), you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Object to processing for direct marketing or legitimate interests
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Withdraw Consent: Withdraw consent for data processing at any time
  • Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., South Africa's Information Regulator)

To exercise your rights, contact our privacy team at contact@blazesolutions.ai or use the contact information in Section 13. We will respond within 30 days.

3. Data We Collect

3.1 Account Information

  • Name, email address, and contact information
  • Account credentials and authentication data (passwords are encrypted)
  • Billing and payment information (processed securely by LemonSqueezy)
  • Profile preferences, settings, and user configurations
  • OAuth data from Google, Microsoft, or GitHub integrations

3.2 Meeting & Audio Data

  • Audio recordings uploaded or recorded through our service
  • Meeting metadata (date, duration, participant information, meeting titles)
  • Generated transcripts, summaries, and AI insights
  • User annotations, comments, edits, and action items
  • Meeting platform integration data (Zoom, Microsoft Teams, etc.)
  • Speaker identification and diarization data

3.3 Technical Information

  • Device information (type, operating system, browser version)
  • IP address and approximate geographic location
  • Usage analytics, feature usage, and app performance data
  • Cookies, local storage, and similar tracking technologies (see our Cookie Policy)
  • Error logs and diagnostic information for troubleshooting

3.4 Communication Data

  • Customer support requests and interactions
  • Feedback, survey responses, and user research data
  • Marketing communication preferences and engagement
  • Team collaboration and sharing activities

3.5 Zoom and Teams Integration Data

When you connect your Zoom or Microsoft Teams account, we collect:

  • Meeting metadata (start/end time, participants, meeting IDs)
  • Cloud recording files and associated transcripts
  • User email address associated with platform login
  • Platform account information and OAuth tokens
  • Recording processing status and webhook event data

This data is used solely for transcription, speaker identification, and summarization. We do not collect data from participants under 18 years of age, nor do we target services toward children.

4. How We Use Your Data

4.1 Core Service Provision

  • Processing audio recordings to generate accurate transcripts
  • Creating AI-powered meeting summaries, action items, and insights
  • Providing real-time transcription during live meetings
  • Storing, organizing, and managing your transcripts and data
  • Enabling collaboration, sharing, and team features
  • Supporting integrations with meeting platforms and tools

4.2 Account & Business Operations

  • Creating and maintaining your user account
  • Processing payments and managing subscriptions
  • Providing customer support and technical assistance
  • Sending important service notifications, updates, and security alerts
  • Managing team accounts and permissions
  • Enforcing our Terms of Service and detecting fraud

4.3 Third-Party AI Service Processing

To deliver transcription and AI-powered features, your audio recordings and meeting content are processed by third-party artificial intelligence service providers. These services operate under their own terms of service and privacy policies.

According to the service agreements with our AI providers, they process your data solely to deliver the requested services and do not use your data to train their general AI models or for purposes outside of providing services to you.

We use aggregated and anonymized usage data internally to:

  • Analyze service performance and reliability
  • Develop new features and functionality
  • Understand usage patterns to enhance user experience
  • Conduct product research and improvements

Data Minimization: If you prefer to limit sharing of your content with third-party AI services, you can contact us at contact@blazesolutions.ai to discuss alternative arrangements. Please note that this may affect the availability of certain AI-powered features.

4.4 Security & Legal Compliance

  • Enhancing security and preventing fraud, abuse, or unauthorized access
  • Complying with legal obligations and regulations (GDPR, POPIA, CCPA, etc.)
  • Responding to valid legal requests, court orders, and government inquiries
  • Enforcing our Terms of Service and protecting our rights and property
  • Investigating security incidents, policy violations, and disputes

5. Data Security & Protection

We implement comprehensive, enterprise-grade security measures to protect your data from unauthorized access, loss, misuse, or disclosure:

  • Encryption: TLS 1.3 for data in transit; AES-256 for data at rest (where supported by providers)
  • Infrastructure Security: Our providers (Supabase, Vercel, Fly.io) maintain SOC 2 and/or ISO 27001 certifications
  • Access Controls: Multi-factor authentication (MFA), role-based access control (RBAC), and regular access reviews
  • Monitoring: 24/7 security monitoring, automated threat detection, and intrusion prevention
  • Backups: Automated backups with disaster recovery procedures
  • Audits: Regular security audits and penetration testing
  • Employee Training: All employees undergo security and privacy training

Despite our best efforts, no system is 100% secure. We cannot guarantee absolute security but take all reasonable steps to protect your data.

6. Data Sharing & Transfers

We Do NOT Sell Your Data

NoteWave never sells, rents, or trades your personal information to third parties for marketing or advertising purposes.

We share data only in the following limited circumstances:

6.1 Trusted Service Providers

We share data with carefully selected service providers who process data on our behalf:

  • LemonSqueezy: Payment processing and subscription management
  • Supabase: Secure database storage, authentication, and real-time features
  • Vercel: Frontend hosting and content delivery
  • Fly.io: Backend Python hosting for transcription processing
  • ElevenLabs, OpenAI, Google Cloud Speech: AI transcription and processing services
  • Zoom, Microsoft Teams: Meeting platform integrations (when you connect your account)

All providers are contractually required to protect your data and use it only for specified purposes.

6.2 Legal Requirements

When required by law, court order, subpoena, or government regulation, or to:

  • Comply with legal processes and obligations
  • Protect our rights, property, or safety, or that of our users
  • Investigate fraud, security breaches, or Terms of Service violations
  • Respond to emergency situations involving potential harm

6.3 Business Transfers

In case of merger, acquisition, bankruptcy, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and provide opt-out options where possible.

6.4 With Your Consent

Any other data sharing requires your explicit consent, which you can withdraw at any time.

6.5 International Data Transfers

Your data may be processed in countries outside your location, including the United States and European Union. For transfers from the EEA, UK, or Switzerland, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection. Copies of SCCs are available upon request.

7. Data Breach Notification

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of the breach (GDPR requirement)
  • Inform relevant supervisory authorities as required by law
  • Provide clear information about the nature of the breach, potential consequences, and remedial actions
  • Take immediate steps to contain and remediate the breach

8. Data Retention

We retain data only as long as necessary for business purposes and legal obligations:

  • Account Data: Retained until account deletion, then purged within 30 days (except as required for legal/financial obligations)
  • Audio Files: Deleted immediately after transcription unless explicitly saved by user
  • Transcripts: Retained until user deletion or account termination
  • Analytics Data: Stored for 24 months; anonymized after 12 months
  • Backup Data: Retained for 90 days in encrypted backups, then permanently deleted
  • Legal/Financial Records: Retained for 7 years as required by South African law

User Control: You can request deletion of your data at any time through account settings or by contacting contact@blazesolutions.ai. We will process deletion requests within 30 days unless legally required to retain data.

9. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, see our Cookie Policy.

Types of cookies we use:

  • Essential Cookies (Required): Login sessions, authentication, security, and core functionality
  • Analytics Cookies (Optional): Usage metrics, performance optimization (Google Analytics)
  • Marketing Cookies (Optional): Advertising, remarketing campaigns (Google, Facebook, LinkedIn)
  • Preference Cookies (Optional): Language, theme, and display settings

You can manage cookie preferences through your browser settings or our consent banner. Disabling essential cookies may affect service functionality.

10. Children's Privacy

NoteWave is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. Under South Africa's POPIA, individuals under 18 cannot provide valid consent for data processing.

If we learn that we have collected information from a child under 18, we will take immediate steps to delete such information. If you believe a user is under 18, please contact us at contact@blazesolutions.ai.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or through prominent notice in the Service
  • Provide at least 30 days' notice for material changes that adversely affect your rights

Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Service.

12. Additional Information for International Users

California Residents (CCPA/CPRA)

California consumers have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of "sale" of personal information (we don't sell data)
  • Right to non-discrimination for exercising CCPA rights

To exercise CCPA rights, email contact@blazesolutions.ai with "CCPA Request" in the subject line.

EU/EEA and UK Residents (GDPR)

Under GDPR, you have enhanced rights including:

  • Right to lodge a complaint with your local Data Protection Authority
  • Right to object to automated decision-making and profiling
  • Right to withdraw consent at any time (where processing is based on consent)

Our legal basis for processing: (1) Contractual necessity, (2) Legitimate interests, (3) Legal obligations, (4) Your consent.

South African Residents (POPIA)

Under POPIA, you have rights including:

  • Right to access and correct personal information
  • Right to object to processing and lodge complaints with the Information Regulator
  • Right to request that we stop processing your data for direct marketing

POPIA Information Officer: Legal Department, Blaze AI Solutions (contact details in Section 13)

13. Contact Our Privacy Team

Privacy Department & Data Protection Officer / Information Officer (POPIA)

Blaze AI Solutions

NoteWave Development Team

Email: contact@blazesolutions.ai

Response Time: We aim to respond to privacy requests within 30 days (or as required by applicable law).

For GDPR inquiries, POPIA requests, or data subject access requests, please reference the applicable regulation in your subject line.

Global Privacy Compliance

This Privacy Policy complies with GDPR (EU/UK), POPIA (South Africa), CCPA/CPRA (California), PIPEDA (Canada), and other international privacy laws and best practices.

By creating an account or using NoteWave, you acknowledge that you have read and agree to this Privacy Policy and our Terms of Service. You confirm that you are at least 18 years of age.