1. Introduction

Derisqo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered platform ("Service") for meeting transcription, document analysis, AI chat assistance, and decision support.

By using Derisqo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us:

• Account Information: Name, email address, password (encrypted), and profile information
• User Content: Meeting recordings, transcripts, documents, contracts, notes, AI chat conversations, and any other content you upload or create
• Payment Information: Payment card details and billing information (processed securely through Stripe; we do not store full card numbers)
• Communications: Messages you send to our support team or through contact forms

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: Features used, actions taken, time spent, pages viewed
• Device Information: Browser type, operating system, IP address, device identifiers
• Cookies and Tracking: We use cookies and similar technologies to maintain your session and improve user experience
• Analytics: Aggregated usage statistics to improve our Service

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Process meeting transcriptions, analyze documents, generate summaries, provide AI-powered insights, enable interactive AI chat for follow-up questions, and link related meetings and documents
• Account Management: Create and manage your account, authenticate users, and provide customer support
• Payment Processing: Process subscriptions, credit purchases, and manage billing
• Service Improvement: Analyze usage patterns to improve features, fix bugs, and develop new functionality
• Communication: Send service-related emails, account notifications, and respond to inquiries
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. AI Processing and Third-Party Services

Important Notice: Your content (meeting recordings, transcripts, documents) is processed using third-party AI services, including OpenAI's API. To protect your privacy, we automatically redact sensitive information (PII, secrets, keys) from documents and transcripts before storing them. Only the redacted text is persisted and sent to external AI providers for transcription and analysis.

4.1 Data Processing Agreements

We have entered into Data Processing Agreements (DPAs) with all third-party service providers that process your data:

• OpenAI: Standard Contractual Clauses (SCC) for EU-US data transfers under GDPR
• Stripe: PCI-DSS compliant, GDPR-compliant DPA
• Brevo: GDPR-compliant email service provider (EU-based)

For a copy of our DPAs or to exercise your data protection rights, contact derisqo.app@gmail.com.

4.2 Subprocessors

We use the following subprocessors to provide our services:

• OpenAI: AI transcription (Whisper) and analysis (GPT-4). Sensitive information is redacted before processing. OpenAI does not use data submitted via their API to train their models. Location: United States. See OpenAI Privacy Policy.
• Stripe: Payment processing. We do not store your full payment card details. Location: United States/EU. See Stripe Privacy Policy.
• Brevo: Transactional email delivery. Location: European Union.
• Cloud Infrastructure: Secure database storage with industry-standard encryption. Original files are never stored.

5. Data Security

We implement industry-standard security measures to protect your data. Original files are never stored - they are parsed in memory and immediately discarded. We redact sensitive information from documents and transcripts before storage and analysis so that unredacted PII or secrets are never persisted or sent to third-party services.

• Encryption in transit (HTTPS/TLS)
• Secure authentication using JWT tokens with HttpOnly cookies
• Password hashing using industry-standard algorithms
• Regular security audits and vulnerability assessments
• Access controls and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time.

6.1 Retention Periods

6.2 How to Delete Your Data

• Account Deletion: Delete your account through account settings. This permanently deletes your profile, meetings, documents, and associated data within 30 days.
• Individual Content: Delete individual meetings or documents anytime through the dashboard.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (right to be forgotten)
• Portability: Request your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails (service emails are required for account operation)
• Cookies: Manage cookie preferences through your browser settings

To exercise these rights, please contact us at derisqo.app@gmail.com.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country. By using our Service, you consent to such transfers.

9. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Your California Rights

• Right to Know: Request details about the personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for advertising purposes
• Right to Limit Use of Sensitive Information: We only use sensitive information as necessary to provide services
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

10.2 How to Exercise Your Rights

To exercise these rights, contact us at derisqo.app@gmail.com with the subject line "California Privacy Rights Request". We will respond within 45 days of receiving your request.

10.3 Information We Collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, user ID)
• Commercial information (payment history, subscription details)
• Internet activity (usage data, device information)
• Professional information (meeting content, documents)
• Inferences (preferences, characteristics derived from usage)

10.4 We Do Not Sell Your Personal Information

We do not sell personal information to third parties, and we have not sold personal information in the past 12 months. We do not share personal information for cross-context behavioral advertising.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: derisqo.app@gmail.com

General Inquiries: derisqo.app@gmail.com