memcircle

Privacy Policy

Last updated: May 16, 2026

1. Introduction

Memcircle ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI meeting notes service.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

We collect the following types of information:

  • Account Information: Email address (for registered users), password (encrypted)
  • Meeting Data: Audio recordings, transcripts, summaries, action items
  • Google Calendar Data: When you connect Google Calendar — event titles, start/end times, calendar IDs, and event IDs. We do not collect attendee email addresses or event descriptions unless you explicitly attach notes to a specific event.
  • Subscription Information: Billing details, subscription plan
  • Technical Data: IP address, browser type, device information, usage statistics

3. Google User Data and OAuth Scopes

Memcircle integrates with Google Sign-In and the Google Calendar API. When you choose to connect your Google account, we request the following OAuth permissions:

  • Email address (https://www.googleapis.com/auth/userinfo.email)

    Used solely to identify your Memcircle account and send service-related notifications such as meeting summaries. Your Google email address is never used for marketing without your explicit consent.

  • Read-only Google Calendar access (https://www.googleapis.com/auth/calendar.events.readonly)

    Used to detect your upcoming and recent meetings so you can attach notes and recordings to the correct calendar event inside Memcircle. This permission is read-only — Memcircle never creates, modifies, or deletes any of your calendar events.

What we store from Google Calendar: event title, start time, end time, calendar ID, and event ID. We do not persistently store attendee lists, event descriptions, conference links, or any other event fields.

Revoking access: You can disconnect Memcircle from your Google account at any time by visiting myaccount.google.com/permissions. Once revoked, all cached Google Calendar data associated with your account will be permanently deleted within 30 days.

Minimum necessary access: Memcircle requests only the scopes strictly required to deliver the features described above. We do not request write access to your calendar, access to your Google Drive, Gmail, contacts, or any other Google service.

4. Limited Use of Google User Data

Memcircle's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

AI/ML model training disclosure (Google Workspace APIs): Memcircle does not use any data obtained through Google Workspace APIs (including Google Calendar) to develop, improve, or train generalized or non-personalized AI and/or ML models.

  • Google user data is not used to serve advertisements of any kind, including personalized, interest-based, or retargeted advertising.
  • Google user data is not sold, rented, or transferred to any third party for advertising or any purpose unrelated to delivering the Memcircle features you explicitly requested.
  • Google user data is not used to train, improve, or develop generalized AI or machine-learning models. Any AI processing involving calendar-derived data is performed only to provide the specific in-session feature you triggered (e.g., matching a recording to a calendar event) and is not retained for model training purposes.
  • Google user data is not read by human employees or contractors, except: (a) with your explicit consent for a specific support request; (b) when required to investigate security incidents or abuse; (c) when required by applicable law; or (d) where data is fully aggregated and anonymized such that no individual can be identified.

5. Cookies and Tracking

Memcircle uses only essential cookies required for login functionality. We do not use marketing, advertising, or third-party tracking cookies.

Essential cookies we use:

  • Authentication cookies: To maintain your login session
  • Language preference: To remember your language setting (mc-lang)
  • Anonymous session ID: For users using the app without registration

6. How We Use Your Information

We use your information to:

  • Provide and maintain the Memcircle service
  • Transcribe and summarize your meeting recordings
  • Match recordings to the correct calendar event (when Google Calendar is connected)
  • Generate AI-powered action items and decisions
  • Process your subscription and manage billing
  • Send important service updates and security notifications
  • Improve our service and develop new features
  • Comply with legal obligations

7. Data Sharing and Third Parties

We do not sell your personal data. We share your information only in these limited circumstances:

  • AI Service Providers: Meeting audio and transcripts are sent to third-party AI service providers to produce transcripts, summaries, and action items. These providers are bound by data processing agreements that prohibit them from retaining your data after processing or using it to train their models. Google user data (calendar events, Google Sign-In email) is never shared with these providers for model training.
  • Payment Processors: Stripe processes subscription payments (they have their own privacy policies)
  • Cloud Infrastructure: We use secure cloud hosting to store your data
  • Legal Requirements: When required by law or to protect our rights

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encrypted password storage
  • Regular security assessments
  • Access controls and authentication
  • Secure cloud infrastructure

10. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. When you delete your account:

  • Your meetings and personal data are permanently deleted within 30 days
  • Backup copies are removed within 90 days
  • Billing records may be retained longer for legal compliance

Google data specifically: Cached Google Calendar event metadata (titles, times, IDs) is permanently deleted within 30 days of account deletion or Google OAuth access revocation, whichever comes first. Email obtained via Google Sign-In follows the same 30-day deletion and 90-day backup-purge schedule above.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

12. Children's Privacy

Memcircle is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the service. Your continued use after changes indicates acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us at:

support@memcircle.app

For GDPR-related requests, we will respond within 30 days as required by law.

To request deletion of Google-derived data (Google Calendar events or Google Sign-In email), email support@memcircle.app with the subject line "Google Data Request". We will respond and complete the deletion within 30 days.