HomeHow it WorksFeaturesUse CasesPricingFAQBlog

Privacy Policy

Last Updated: March 25, 2026

This Privacy Policy describes how Gantta ("we," "our," or "us") collects, uses, and protects your personal information when you use our AI meeting assistant platform. By using Gantta, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password, and profile information
  • Meeting Recordings: Audio and video recordings of meetings you choose to record
  • Transcriptions: Text transcripts generated from meeting recordings
  • Action Items: Tasks, checklists, and action items extracted from meetings
  • Integration Data: Messages and data from Slack, Gmail, and other integrated services

1.2 Automatically Collected Information

  • Usage Data: How you interact with our service, features used, and time spent
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP addresses, access times, pages viewed
  • Authentication Tokens: JWT tokens for secure session management

1.3 Third-Party Integration Data

  • Slack: Workspace information, messages, and channel data you authorize
  • Gmail: Email content and metadata you authorize
  • Meeting Platforms: Zoom, Microsoft Teams, Google Meet meeting data
  • API Tokens: OAuth tokens and API keys for third-party services

2. How We Use Your Information

  • Provide, maintain, and improve our AI meeting assistant services
  • Process meeting recordings and generate transcriptions
  • Extract action items, checklists, and project information using AI
  • Send automated follow-ups via Slack and Gmail (Chaser Bot functionality)
  • Authenticate users and manage account access
  • Process payments and manage subscriptions
  • Send service-related communications and updates
  • Respond to customer support requests
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations

3. AI Processing and Third-Party APIs

3.1 AI Service Providers

We use third-party AI services (OpenAI, Anthropic) to process your meeting data for transcription, summarization, and action extraction. When you use your own API keys, we do not have access to your API usage data or the data processed through your keys.

3.2 Data Processing

  • Meeting recordings and transcriptions are processed by AI services to extract insights
  • We do not train AI models on your personal data without your explicit consent
  • AI providers may process data according to their own privacy policies
  • You can bring your own API keys to maintain full control over AI processing

3.3 Third-Party Services

We use the following third-party services:

  • Supabase: Database hosting and authentication
  • OpenAI/Anthropic: AI processing services
  • Cloud Storage: Secure storage of meeting recordings and data
  • Email Services: Transactional and notification emails
  • Payment Processors: Secure payment processing

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data in the following circumstances:

  • Service Providers: With vendors who help us operate our service (under strict confidentiality agreements)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • Protection of Rights: To protect our rights, property, or safety, or that of our users
  • With Your Consent: When you explicitly authorize sharing

5. User Rights (GDPR, CCPA)

5.1 Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent for data processing

5.2 Exercising Your Rights

To exercise these rights, contact us at privacy@gantta.co. We will respond within 30 days (or as required by applicable law).

6. Data Retention

  • We retain your data while your account is active and for 30 days after account deletion
  • Some data may be retained longer for legal, accounting, or security purposes (in anonymized form where possible)
  • Meeting recordings are stored securely and can be deleted upon request
  • Backup data may persist for up to 90 days after deletion

7. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Authentication: JWT-based secure authentication
  • Access Controls: Role-based access control and least-privilege principles
  • Regular Audits: Security assessments and penetration testing
  • Employee Training: Security awareness training for all staff
  • Incident Response: Procedures for detecting and responding to security incidents

Note: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze service usage and improve functionality
  • Provide personalized experiences

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

9. Children's Privacy

Gantta is not intended for users under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Data processing agreements with all sub-processors
  • Compliance with applicable data protection laws

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our service. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

Email: privacy@gantta.co

Data Protection Officer: dpo@gantta.co