Privacy Policy

1. Introduction

Doxit.ai ("Doxit", "we", "us", or "our") is a product of HOOBR B.V., a company registered in the Netherlands (KvK: see contact section). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, iOS application, and related services (collectively, "the Service").

By using Doxit, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in through a third-party provider (Google or Microsoft), we receive basic profile information (name, email, profile picture) from that provider.

Uploaded Content

We store audio recordings, documents (PDF, DOCX, TXT, MD, SRT), and text that you upload or paste into the platform. This content is used solely to generate the outputs you request.

Generated Content

Documents generated by our AI (meeting reports, summaries, task lists, etc.) are stored in your account for your access and management.

Calendar Data

If you connect your Google Calendar or Microsoft Outlook calendar, we collect meeting titles, times, attendees, and meeting URLs to enable automatic recording features. Calendar data is only accessed after you explicitly grant permission through OAuth consent. You can disconnect your calendar at any time to stop this data collection.

Participant Data

We store participant names, roles, and company affiliations that you provide or that are automatically extracted from transcripts. This data helps personalize generated outputs and improve speaker recognition across sessions.

Usage Data

We collect information about how you use the service, including session counts, output types generated, feature usage, and interaction patterns. This data helps us improve the service.

Device and App Information (iOS)

When you use the Doxit iOS app, we may collect device type, operating system version, and app version for debugging and compatibility purposes. We do not collect location data, contacts, or other sensitive device data.

3. How We Use Your Information

To provide the service: Process your recordings and documents, generate AI outputs, and deliver them to you.
To enable calendar integration: Sync your calendar events and automatically schedule meeting recordings based on your preferences.
To improve speaker recognition: Use participant data to identify speakers across sessions and personalize generated outputs with correct names and roles.
To improve our service: Analyze usage patterns to enhance features, fix bugs, and improve AI output quality. We do not use your content to train AI models.
To manage billing: Process subscriptions, payments, and maintain billing records.
To communicate with you: Send service announcements, security alerts, and support responses.
To ensure security: Detect and prevent fraud, abuse, and unauthorized access.

4. Data Storage and Security

Your data is stored on infrastructure provided by Supabase, hosted in the European Union. All data is encrypted at rest and in transit using industry-standard encryption protocols (AES-256 and TLS 1.2+). OAuth tokens for calendar integrations are encrypted using Fernet symmetric encryption before storage.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

5. Third-Party Services

We use the following third-party services to provide our functionality. Each service only receives the minimum data necessary for its function:

Anthropic (Claude): AI language model for generating document outputs. Your transcript content is sent to Anthropic's API for processing. Anthropic does not use your data to train their models per their commercial API terms.
Deepgram: Speech-to-text transcription service for audio recordings. Audio data is processed by Deepgram and not retained after transcription is complete.
Recall.ai: Meeting bot service for automatic online meeting recording. When you schedule an AI notetaker, Recall.ai joins the meeting on your behalf to capture audio. Recordings are transferred to our platform and not retained by Recall.ai.
Google (Calendar API): If you connect your Google Calendar, we use the Google Calendar API to read your calendar events. We request read-only access and only sync meeting metadata (titles, times, attendees). Google's privacy policy applies to data processed by Google.
Microsoft (Graph API): If you connect your Microsoft Outlook calendar, we use the Microsoft Graph API to read your calendar events. We request read-only access and only sync meeting metadata. Microsoft's privacy policy applies to data processed by Microsoft.
Stripe: Payment processing for subscriptions and one-time purchases. Stripe handles all payment card data directly; we never store your card details.
Supabase: Database hosting, file storage, and authentication infrastructure, hosted in the European Union.
Vercel: Frontend web application hosting and content delivery.
Railway: Backend API hosting and processing infrastructure.
Inngest: Asynchronous task processing for background operations such as transcription, output generation, and calendar synchronization.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

Free plan: Session history retained for 30 days.
Pro plan: Session history retained for 1 year.
Business plan: Unlimited session history retention.
Audio files: Automatically deleted 3 days after successful transcription to minimize data storage. If you need the original audio, download it within this period. Transcripts and generated documents are not affected.
Calendar data: Meeting metadata is synced and retained while your calendar is connected. Disconnecting your calendar removes synced meeting data.
Shared links: Public share links remain active until their expiry date or until you revoke them.

You can request full account deletion at any time through Settings > Privacy & Data. When you request deletion, there is a 48-hour grace period during which you can cancel. After this period, all your data is permanently and irreversibly deleted, including your profile, sessions, outputs, uploaded files, participant data, calendar connections, and templates.

Billing records may be retained in anonymized form as required by applicable tax and accounting regulations.

7. Consent and Withdrawal

By creating an account and using Doxit, you consent to the processing of your data as described in this policy. You can withdraw consent or manage your data at any time:

Calendar access: Disconnect your Google or Microsoft calendar in Settings > Calendar to revoke calendar data access.
Account deletion: Delete your account and all data via Settings > Privacy & Data.
Data export: Download all your data in JSON format via Settings > Privacy & Data before deletion.
Third-party sign-in: Revoke Doxit's access through your Google or Microsoft account settings at any time.
Shared links: Revoke any active share links from the output sharing menu.

8. Your Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

Right of access: Request a copy of all personal data we hold about you. Use the "Download Your Data" feature in Settings.
Right to rectification: Update or correct your personal information through your profile settings.
Right to erasure: Request deletion of your account and all associated data.
Right to data portability: Export your data in a structured, machine-readable format (JSON).
Right to object: Object to certain types of data processing.
Right to restrict processing: Request that we limit how we use your data.

To exercise any of these rights, contact us at privacy@doxit.ai or use the self-service options in Settings.

9. Cookies

Doxit uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is needed as we only use strictly necessary cookies.

10. International Data Transfers

Your data is primarily stored within the European Union (Supabase EU region). When data is transferred to third-party processors outside the EU (such as Anthropic, Deepgram, and Recall.ai in the United States), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

Doxit is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

HOOBR B.V.
Baron de Coubertinlaan 6
2719 EL Zoetermeer, Nederland
Email: privacy@doxit.ai
Support: support@doxit.ai

Doxit.ai is a product of HOOBR B.V.

1. Introduction

By using Doxit, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

Uploaded Content

We store audio recordings, documents (PDF, DOCX, TXT, MD, SRT), and text that you upload or paste into the platform. This content is used solely to generate the outputs you request.

Generated Content

Documents generated by our AI (meeting reports, summaries, task lists, etc.) are stored in your account for your access and management.

Calendar Data

Participant Data

Usage Data

We collect information about how you use the service, including session counts, output types generated, feature usage, and interaction patterns. This data helps us improve the service.

Device and App Information (iOS)

3. How We Use Your Information

To provide the service: Process your recordings and documents, generate AI outputs, and deliver them to you.
To enable calendar integration: Sync your calendar events and automatically schedule meeting recordings based on your preferences.
To improve speaker recognition: Use participant data to identify speakers across sessions and personalize generated outputs with correct names and roles.
To improve our service: Analyze usage patterns to enhance features, fix bugs, and improve AI output quality. We do not use your content to train AI models.
To manage billing: Process subscriptions, payments, and maintain billing records.
To communicate with you: Send service announcements, security alerts, and support responses.
To ensure security: Detect and prevent fraud, abuse, and unauthorized access.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

5. Third-Party Services

We use the following third-party services to provide our functionality. Each service only receives the minimum data necessary for its function:

Anthropic (Claude): AI language model for generating document outputs. Your transcript content is sent to Anthropic's API for processing. Anthropic does not use your data to train their models per their commercial API terms.
Deepgram: Speech-to-text transcription service for audio recordings. Audio data is processed by Deepgram and not retained after transcription is complete.
Recall.ai: Meeting bot service for automatic online meeting recording. When you schedule an AI notetaker, Recall.ai joins the meeting on your behalf to capture audio. Recordings are transferred to our platform and not retained by Recall.ai.
Google (Calendar API): If you connect your Google Calendar, we use the Google Calendar API to read your calendar events. We request read-only access and only sync meeting metadata (titles, times, attendees). Google's privacy policy applies to data processed by Google.
Microsoft (Graph API): If you connect your Microsoft Outlook calendar, we use the Microsoft Graph API to read your calendar events. We request read-only access and only sync meeting metadata. Microsoft's privacy policy applies to data processed by Microsoft.
Stripe: Payment processing for subscriptions and one-time purchases. Stripe handles all payment card data directly; we never store your card details.
Supabase: Database hosting, file storage, and authentication infrastructure, hosted in the European Union.
Vercel: Frontend web application hosting and content delivery.
Railway: Backend API hosting and processing infrastructure.
Inngest: Asynchronous task processing for background operations such as transcription, output generation, and calendar synchronization.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

Free plan: Session history retained for 30 days.
Pro plan: Session history retained for 1 year.
Business plan: Unlimited session history retention.
Audio files: Automatically deleted 3 days after successful transcription to minimize data storage. If you need the original audio, download it within this period. Transcripts and generated documents are not affected.
Calendar data: Meeting metadata is synced and retained while your calendar is connected. Disconnecting your calendar removes synced meeting data.
Shared links: Public share links remain active until their expiry date or until you revoke them.

Billing records may be retained in anonymized form as required by applicable tax and accounting regulations.

7. Consent and Withdrawal

By creating an account and using Doxit, you consent to the processing of your data as described in this policy. You can withdraw consent or manage your data at any time:

Calendar access: Disconnect your Google or Microsoft calendar in Settings > Calendar to revoke calendar data access.
Account deletion: Delete your account and all data via Settings > Privacy & Data.
Data export: Download all your data in JSON format via Settings > Privacy & Data before deletion.
Third-party sign-in: Revoke Doxit's access through your Google or Microsoft account settings at any time.
Shared links: Revoke any active share links from the output sharing menu.

8. Your Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

Right of access: Request a copy of all personal data we hold about you. Use the "Download Your Data" feature in Settings.
Right to rectification: Update or correct your personal information through your profile settings.
Right to erasure: Request deletion of your account and all associated data.
Right to data portability: Export your data in a structured, machine-readable format (JSON).
Right to object: Object to certain types of data processing.
Right to restrict processing: Request that we limit how we use your data.

To exercise any of these rights, contact us at privacy@doxit.ai or use the self-service options in Settings.

9. Cookies

10. International Data Transfers

11. Children's Privacy

12. Changes to This Policy

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

HOOBR B.V.
Baron de Coubertinlaan 6
2719 EL Zoetermeer, Nederland
Email: privacy@doxit.ai
Support: support@doxit.ai

Doxit.ai is a product of HOOBR B.V.

Privacy Policy

1. Introduction

2. Information We Collect

Account Information

Uploaded Content

Generated Content

Calendar Data

Participant Data

Usage Data

Company Information

Device and App Information (iOS)

3. How We Use Your Information

4. Data Storage and Security

5. Third-Party Services

6. Data Retention and Deletion

7. Consent and Withdrawal

8. Your Rights

9. Cookies

10. International Data Transfers

11. Children's Privacy

12. Changes to This Policy

13. Contact Us

Privacy Policy

1. Introduction

2. Information We Collect

Account Information

Uploaded Content

Generated Content

Calendar Data

Participant Data

Usage Data

Company Information

Device and App Information (iOS)

3. How We Use Your Information

4. Data Storage and Security

5. Third-Party Services

6. Data Retention and Deletion

7. Consent and Withdrawal

8. Your Rights

9. Cookies

10. International Data Transfers

11. Children's Privacy

12. Changes to This Policy

13. Contact Us