Privacy Policy

Last updated: April 2026

This Privacy Policy describes how Parrot ("Parrot", "we", "us", or "our") collects, uses, and discloses your personal information when you use our AI-powered meeting minutes platform, including our website, web application, desktop recorder, CLI tools, and API (collectively, the "Service"). By using the Service, you agree to the collection and use of information as described in this policy.

Parrot processes audio recordings of meetings to generate transcripts, identify speakers, produce structured minutes, and deliver them to your inbox. This policy explains what data we collect, how we process it, who we share it with, and what rights you have over your data.

1. Information We Collect

1.1 Account Information

When you create an account or are invited to an organisation, we collect:

Identity data: your full name and email address.
Organisation data: your company name and your role within the organisation (user, org admin, or team admin).
Authentication data: login tokens (temporary, single-use) and API keys (securely hashed before storage — we never store plaintext keys).

1.2 Meeting Content

When you upload a meeting recording, we collect and process:

Audio recordings: uploaded files in supported formats (.wav, .mp3, .m4a, .mp4, .ogg, .flac, .webm). Audio is stored temporarily in secure encrypted storage and deleted after processing by default.
Transcripts: text generated from your audio by our transcription system.
Speaker labels: speaker identifications produced during processing.
Minutes: structured summaries, decisions, and action items generated by AI from the transcript.
Meeting metadata: title, upload date, processing status, visibility settings, team assignment, and speaker names.

1.3 Usage and Operational Data

Meeting statistics: number of meetings processed, storage used, and feature usage counts.
Audit data: IP addresses, user agents, timestamps, and a record of every significant action (login, upload, access, configuration change). This audit log is immutable and tamper-protected.
Device data: browser type, operating system, and IP address collected automatically during requests.

1.4 Billing Data

We store your organisation's subscription tier, trial status, and seat count. We do not currently collect or store payment card information. When we introduce payment processing, it will be handled by a third-party payment processor, and we will not store your full payment card details on our servers.

1.5 Information We Do Not Collect

We do not use cookies for advertising or tracking. We do not collect demographic data, social media profiles, or information from data brokers. We do not use analytics tools that track your browsing behaviour across other websites.

2. How We Use Your Information

2.1 Providing the Service

Processing your audio recordings into transcripts, speaker-labelled dialogue, and structured minutes.
Delivering meeting minutes to your email inbox and making them available in the dashboard.
Powering search, Ask Parrot (natural-language Q&A across your meetings), and Prep briefs.
Authenticating you and managing your session securely.
Enforcing access controls so you only see meetings you are permitted to view.

2.2 Operating and Improving the Service

Monitoring service health, diagnosing errors, and debugging issues.
Enforcing usage limits and feature gates based on your organisation's subscription tier.
Generating aggregate, anonymised statistics to understand how the Service is used (we do not use your meeting content for this purpose).

2.3 Security and Compliance

Maintaining an immutable audit log for security monitoring and compliance purposes.
Detecting and preventing fraud, abuse, and unauthorised access.
Complying with applicable laws, legal processes, and regulatory requirements.

2.4 Communications

Sending you meeting minutes when processing completes.
Sending login emails and account invitation emails.
Notifying you of service issues that affect your account.

We do not send marketing emails. All communications from Parrot are transactional and directly related to your use of the Service.

2.5 What We Do Not Use Your Data For

We do not sell your personal information or meeting content to anyone.
We do not use your meeting content to train AI models. Your transcripts and minutes are processed solely to provide the Service to you.
We do not serve advertisements or share your data with advertising networks.
We do not profile you for marketing or behavioural targeting purposes.

3. How We Process Meeting Audio

Understanding how your audio is processed is important. Here is how it works:

You upload an audio file. It is stored in secure encrypted storage.
Our background processing system converts the audio to a standard format and runs it through transcription and speaker identification.
The transcript text is sent to an AI model to generate structured meeting minutes.
The transcript and minutes are stored securely. The minutes are emailed to you.
By default, the original audio file is deleted after processing. If your organisation has enabled audio retention, it is kept for the configured period and then deleted.

3.1 Cloud vs. On-Premises Processing

We use a combination of local AI systems and third-party AI services to process your meeting recordings. The specific providers may change as we improve our technology.

Cloud deployment (default): When using cloud processing, your audio is sent to our transcription provider for transcription and speaker identification. Your transcript text is sent to our AI provider for minutes generation. These providers process your data under their own privacy policies and data processing agreements.
On-premises deployment (Enterprise): All processing happens on your own infrastructure using locally-hosted AI models. No audio, transcripts, or minutes leave your network.

4. Third-Party Services

In our cloud deployment, we share data with the following categories of third-party services to operate Parrot:

Category	Purpose	Data Shared
Transcription provider	Converts audio to text and identifies speakers	Audio files
AI language model provider	Generates structured meeting minutes	Transcript text
Email delivery provider	Sends meeting minutes to your inbox	Recipient email, meeting minutes content
Cloud infrastructure	Hosting, storage, and database services	All service data (encrypted at rest and in transit)

We do not share your data with advertising networks, data brokers, or any other third parties beyond those listed above. On-premises deployments eliminate all external data sharing except email delivery (if configured to use an external email provider).

5. Data Retention

Data Type	Retention Period
Audio recordings	Deleted after processing by default. If audio retention is enabled, kept for the configured period (up to 1 year on Business, configurable on Enterprise), then deleted.
Transcripts and minutes	Retained while your account is active. Deleted meetings are retained for a compliance period, then permanently removed.
Account data	Retained while your account is active. Permanently deleted when your organisation is deleted.
Audit log	Minimum 1 year, recommended 3 years. The audit log is immutable and cannot be modified or selectively deleted — this is by design for security and compliance.
Login tokens	15 minutes (single-use, automatically expired).
Sessions	24 hours for user sessions, 8 hours for admin sessions.

6. Data Security

We implement multiple layers of security to protect your data:

Data isolation: Each organisation's data is completely isolated — other customers cannot access your meetings, transcripts, or minutes. This isolation is enforced at the database level, independent of application-level access controls.
Encryption: Your data is encrypted at rest and in transit.
Secure authentication: Browser sessions use secure, encrypted cookies. API keys are securely hashed before storage — we never store plaintext credentials.
Audit logging: Every login, data access, configuration change, and administrative action is recorded in an immutable audit log.
Abuse prevention: All public endpoints are rate-limited and protected against common web vulnerabilities.
Audio deletion: Audio recordings are deleted after processing by default.
On-premises option: On-premises deployment is available for organisations requiring full data sovereignty.

We conduct regular security reviews and are designed for SOC 2 Type II compliance. While we take extensive measures to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

7. Your Rights

You have the following rights regarding your data:

Access: View all your meeting data, transcripts, and minutes through the Parrot dashboard at any time.
Export: Download your transcripts as text files and your minutes as PDF documents via the dashboard or API.
Portability: All your data is accessible via our API, allowing you to programmatically retrieve everything we store about you.
Deletion: Delete individual meetings through the dashboard. Request deletion of your entire account by contacting your organisation administrator or us directly.
Correction: Update your meeting titles and metadata through the dashboard. Contact us to correct account information.
Organisation deletion: When an organisation is deleted, all associated data — users, meetings, teams, transcripts, minutes, and audit logs — is permanently deleted.

To exercise any of these rights, you can use the Parrot dashboard directly or contact us at hello@arisk.ai.

8. European Users (GDPR)

If you are located in the European Economic Area or the United Kingdom, the following additional provisions apply:

Controller: Parrot is the data controller for personal data processed through the Service.
Legal bases: We process your personal data on the following bases: contractual necessity (to provide the Service you signed up for), legitimate interests (to operate, secure, and improve the Service), and compliance with law (to meet legal obligations such as audit requirements).
Additional rights: In addition to the rights described in Section 7, you have the right to restrict processing, object to processing based on legitimate interests, withdraw consent (where applicable), and lodge a complaint with your local data protection authority.
International transfers: If you are in Europe and use our cloud service, your data may be transferred to and processed in the United States. We implement appropriate safeguards for such transfers, including standard contractual clauses where required.

For on-premises deployments, your data is processed entirely within your own infrastructure and jurisdiction.

9. Children

Parrot is a business tool designed for enterprise teams. The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

10. On-Premises Deployments

Enterprise customers who deploy Parrot on their own infrastructure have full control over their data. In an on-premises deployment:

No audio, transcripts, or minutes are sent to Parrot or any external service (unless the customer configures cloud AI providers).
All data resides on the customer's own servers and is governed by the customer's own data policies.
Parrot does not have access to the customer's data unless the customer grants access for support purposes.
This Privacy Policy applies to the cloud-hosted version of Parrot. On-premises customers should refer to their own data processing policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email:hello@arisk.ai
Company: Parrot