Privacy Policy V5

uvidx Privacy Policy

Last Updated · 24 May 2026

This Privacy Policy describes how uvidx (“uvidx,” “we,” “our,” or “us”) processes personal data when you use our websites (“Sites”) and our products and services (“Services”).

This Privacy Policy does not apply to third-party products or services that have their own privacy policies. If you enable third-party integrations, those providers process data under their own terms and privacy notices. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Privacy Policy. For information on how third parties that integrate our Services use your information, please review the third parties’ disclosures.

Contents
  1. Who We Are and Data Protection Roles
  2. Personal Data We Process
  3. Google and Microsoft API Services User Data
  4. How We Use Personal Data and Legal Bases (GDPR)
  5. How We Share Personal Data
  6. International Data Transfers
  7. Data Retention and Deletion Options
  8. Cookies and Similar Technologies
  9. Security
  10. Your GDPR Rights
  11. Children’s Privacy
  12. Changes to This Privacy Policy
  13. Contact Us
  14. Platform Policy Commitments

1. Who We Are and Data Protection Roles

uvidx is the data controller for personal data related to:

  • Account creation and authentication;
  • Billing and administrative records;
  • Support and direct communications;
  • Website and service security operations.

For customer meeting content processed through our Services (such as transcripts, recordings, meeting artifacts, and participant metadata), uvidx typically acts as a data processor on behalf of the customer organization, which acts as the data controller.

When we act as processor, we process data only on documented customer instructions and under applicable data processing terms.

2. Personal Data We Process

Depending on how the Services are used, we may process:

  • Account data (name, work email, organization, login identifiers);
  • Meeting and integration data (meeting IDs, participant display names, timestamps, transcript/recording-related metadata);
  • Content data (transcripts, uploaded files, generated summaries, action items, workflow outputs);
  • Technical and usage data (service logs, device/browser metadata, error and audit logs);
  • Support data (messages, attachments, and request history).

We receive personal data:

  • Directly from users and customer administrators;
  • From enabled integrations (including Google Workspace and Microsoft 365);
  • From customer-provided files, links, and workflow inputs.

3. Google and Microsoft API Services User Data

Our application uses Google Workspace APIs and Microsoft APIs (including Microsoft Graph and Microsoft 365 services) to provide meeting intelligence, transcript analysis, and workflow automation features.

What Google and Microsoft user data we access

Depending on configuration and permissions granted by the user or their Google Workspace/Microsoft 365 administrator, our application may access:

  • Basic account information, such as name and email address, for authentication and account identification;
  • Calendar and meeting metadata, such as meeting/conference identifiers, meeting space details, participant display names, and start/end timestamps;
  • Meeting transcript resources and transcript entries (for example, Google Meet transcripts and Microsoft Teams transcripts), when available;
  • Google Drive/Google Docs files that the user explicitly opens with the app, shares with the app, or that are created by the app, and SharePoint/OneDrive files related to meeting transcripts or recordings (including file metadata and file content required to process those artifacts);
  • In domain-wide delegation, delegated, or application-permission setups, the user identifier (such as email address or user ID) needed to impersonate or access an authorized account and permitted data.
  • Google Meet space metadata via https://www.googleapis.com/auth/meetings.space.readonly (sensitive scope), used only to read meeting-space metadata for meetings the user can access.

How we use Google and Microsoft user data

We use this data only to provide and improve user-facing features in our application, including:

  • Detecting when meeting artifacts (transcript or recording) are available;
  • Retrieving transcript content or recording files needed for processing;
  • Transcribing audio when a native transcript is unavailable;
  • Generating summaries, action items, next steps, and structured meeting outputs;
  • Displaying and storing requested outputs in the app;
  • Sending user or organization-requested outputs to enabled downstream tools (for example, configured CMS/CRM destinations).

How we store and protect Google and Microsoft user data

  • User data and derived outputs may be stored in our databases and cloud storage systems to provide the requested service.
  • We do not allow human access to Google Workspace API data unless:
    • (a) we have the user’s explicit consent for specific data;
    • (b) access is necessary for security purposes;
    • (c) access is required by law; or
    • (d) data is aggregated/anonymized for internal operations in compliance with applicable law.

How we share Google and Microsoft user data

We do not sell Google or Microsoft user data.

We may process or transfer Google or Microsoft user data only as necessary to provide requested app features, including to trusted subprocessors such as:

  • AI processing providers for transcript analysis and summary generation;
  • Transcription providers when audio-to-text is required;
  • Hosting, storage, and infrastructure providers;
  • Customer-enabled output integrations.

We do not use Google or Microsoft user data for advertising, retargeting, credit-worthiness, or lending decisions.

We do not transfer, sell, or use Google or Microsoft user data to create, train, or improve generalized or non-personalized AI or machine-learning models. For Google Workspace API data, we do not use that data to create, train, or improve models beyond a specific user’s requested and user-facing feature.

Additional Google Workspace Limited Use Commitments

For data obtained from Google Workspace APIs (including Sensitive or Restricted scopes), we additionally commit that:

  • We request and use only the minimum Google API scopes required for features that are visible and user-facing in the application.
  • We use Google Workspace API data only to provide or improve user-facing features that are prominent in the application interface.
  • We do not transfer Google Workspace API data except: (a) to provide or improve visible user-facing features, with user consent where required; (b) for security purposes; (c) to comply with applicable law; or (d) as part of a merger, acquisition, or sale of assets, with explicit prior user consent where required.
  • We do not transfer, sell, or use Google Workspace API data for advertising (including personalized or interest-based advertising), credit-worthiness, or lending decisions.

Google Authorization Disclosures and Consent Controls

When requesting Google API permissions, we provide in-product disclosures that explain what data is requested, why it is requested, and how it will be used and shared. These disclosures are presented in context with the authorization flow, and access is granted only after affirmative user consent.

4. How We Use Personal Data and Legal Bases (GDPR)

We process personal data under one or more GDPR legal bases, including:

  • Article 6(1)(b) Contract: to provide the Services, authenticate users, run requested workflows, and deliver outputs.
  • Article 6(1)(f) Legitimate Interests: to secure, monitor, maintain, and improve the Services, prevent abuse, and provide support.
  • Article 6(1)(c) Legal Obligation: to comply with legal, tax, accounting, and regulatory obligations.
  • Article 6(1)(a) Consent: where consent is required (for example, certain optional communications or non-essential cookies).

If transcript or recording content includes special categories of personal data, such data is processed only as permitted by applicable law and typically under customer-controller instructions.

If you do not provide data required for account setup or service delivery, we may be unable to provide some or all Services.

5. How We Share Personal Data

We may share personal data with:

  • Service providers/subprocessors that support hosting, storage, analytics, security, transcription, and AI processing;
  • Customer-enabled integrations selected by the customer;
  • Competent authorities where required by law;
  • Counterparties in a merger, acquisition, or corporate restructuring, subject to confidentiality and legal safeguards.

6. International Data Transfers

Your personal data may be processed in countries outside your country of residence, including outside the EEA.

Where required, we use appropriate safeguards for cross-border transfers, such as:

  • Adequacy decisions by the European Commission; or
  • Standard Contractual Clauses (SCCs) and supplementary measures where applicable.

7. Data Retention and Deletion Options

We retain personal data only for as long as necessary for the purposes described in this Policy, including contractual, legal, security, and operational needs.

We provide user-facing controls and documentation in the app to help users manage and delete their data.

For transcripts and recordings:

  • Users can soft delete transcripts and recordings from the dashboard; soft-deleted items are kept in Recycle Bin for up to 15 days unless restored or hard deleted;
  • Users can hard delete transcripts and recordings to permanently remove them from active systems;
  • Hard-deleted items cannot be recovered in the application;
  • Remaining copies in backups are removed through our backup rotation/overwrite cycle.

If data has already been exported to customer-enabled third-party integrations, deletion in those systems is controlled by those third parties.

8. Cookies and Similar Technologies

Our Sites may use cookies and similar technologies for:

  • Strictly necessary functionality (required for core site/service operation);
  • Optional analytics or similar features, where applicable.

Where required by applicable EU/EEA rules, we request consent before using non-essential cookies or similar technologies.

9. Security

We apply appropriate technical and organizational measures designed to protect personal data, including access controls, least-privilege principles, logging/monitoring, and secure storage/transmission practices.

No method of transmission or storage is completely secure, but we continuously work to reduce risk and improve safeguards.

10. Your GDPR Rights

Subject to applicable law, you may have the right to:

  • Access your personal data;
  • Rectify inaccurate data;
  • Erase data;
  • Restrict processing;
  • Object to processing based on legitimate interests;
  • Data portability;
  • Withdraw consent (where processing is based on consent).

You can submit requests by contacting us at dusan@uvidx.com.

If we are processing data as a processor for a customer organization, we may direct your request to the relevant customer controller.

We respond without undue delay and generally within one month, with extension rights where permitted by law.

11. Children’s Privacy

Our Services are not directed to children, and we do not knowingly collect personal data from children in connection with the Services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date and provide additional notice where required. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

13. Contact Us

If you have questions or requests about this Privacy Policy or personal data processing, contact us at:

dusan@uvidx.com

You also have the right to lodge a complaint with your local supervisory authority in the EEA, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

14. Platform Policy Commitments

The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Where Google Workspace APIs are used, we also adhere to the Google Workspace API User Data and Developer Policy, including applicable Additional Requirements for Sensitive and Restricted scopes.

For https://www.googleapis.com/auth/drive.file (non-sensitive scope), access is limited to per-file access as authorized by the user, rather than broad access to all files in Google Drive.

For https://www.googleapis.com/auth/meetings.space.readonly, we request the minimum necessary access and use the data only for prominent, user-facing features in the application.

The use of information received from Microsoft APIs will adhere to applicable Microsoft API Terms and Microsoft Graph requirements.

← Back to uvidx