Privacy Policy

Last Updated: December 28, 2025
Effective Date: December 28, 2025

Introduction

Welcome to KenzNote (“KenzNote”, “we”, “us”, or “our”).
KenzNote provides AI-powered meeting recording, transcription, and note-taking services designed to help individuals and teams capture, organize, and act on conversations.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our websites, applications, browser extensions, and related services (collectively, the Service).

Privacy Commitment

We are privacy-first and consent-first. Your content belongs to you.

We do not use your meetings, recordings, or transcripts to train our own or third-party AI models. Data is processed solely to provide and improve the Service, in accordance with this Policy and our contractual obligations with service providers.

Definitions

The following terms have the meanings ascribed:

• "Cookies" means small sets of data stored in the User's device.
• "Data" means all information provided by any User or obtained by the Service about a User.
• "Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Information, including the security measures concerning the operation and use of this Service. The Data Controller, unless otherwise specified, is KenzNote.
• "Data Processor" or "Service Provider" means the natural or legal person, public authority, agency or other body which processes Personal Information on behalf of the Controller, as described in this notice.
• "Data Subject" means the natural person to whom the Personal Information refers.
• "Personal Information" or "Personal Data" means any information that identifies or relates to a reasonably identifiable individual.
• "Service" means the services provided by KenzNote including meeting recording, transcription, AI-powered note-taking, and related features as described on our website at kenznote.com.
• "Usage Data" means information collected automatically through the Service (or third-party services employed in the Service), which can include: IP addresses or domain names of the computers utilized by Users, URI addresses (Uniform Resource Identifier), the time of requests, the method utilized to submit requests to the server, the size of files received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and operating system utilized by the User, the various time details per visit (e.g., the time spent on each page) and the details about the path followed within the Service with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
• "User" means the individual using this Service who, unless otherwise specified, coincides with the Data Subject. Users are also referred to individually throughout these terms as "you".

1. Information We Collect

1.1 Information You Provide

Account Information

• Name
• Email address
• Password (hashed and encrypted)
• Organization or workspace name (if applicable)
• Subscription and billing details (processed by third-party payment processors)

User Content

• Audio recordings of meetings
• Transcripts generated from recordings
• Notes, summaries, action items, and highlights
• Comments, tags, and metadata you add

1.2 Information Collected Automatically

Usage and Technical Data

• Device and browser type
• Operating system
• IP address and approximate location (country/region)
• Log files (timestamps, features used, session duration)
• Performance and error data

Cookies and Similar Technologies

We use essential cookies and, where legally permitted, analytics and preference cookies.
See Section 9 for more details.

1.3 Information from Third Parties

Authentication Providers

If you sign in using providers such as Google or Microsoft, we receive basic profile data such as your name and email address.

Calendar Integrations

When you explicitly connect your calendar, we may access meeting titles, times, and links.

2. Legal Bases for Processing (GDPR)

For users located in the EU, EEA, UK, or Switzerland, we process personal data under the following legal bases:

• Contract Performance – to provide the Service you request
• Legitimate Interests – to operate, secure, and improve the Service
• Consent – for optional features and marketing communications
• Legal Obligation – to comply with applicable laws

3. How We Use Your Information

3.1 Providing the Service

• Recording and transcribing meetings
• Generating summaries, action items, and insights
• Enabling search and content organization
• Providing customer support and account management

3.2 Communications

• Transactional emails (account notices, summaries, billing updates)
• Marketing communications (only with your consent)

You may opt out of marketing emails at any time.

3.3 Service Improvement

We use aggregated and de-identified data to improve performance, reliability, and user experience.

3.4 Security and Compliance

• Detect and prevent fraud or abuse
• Enforce our Terms of Service
• Comply with legal and regulatory requirements

4. Data Storage and Security

4.1 Data Storage

• Data is stored using secure cloud infrastructure, including Supabase and AWS
• Audio files are stored in encrypted cloud storage

4.2 Security Measures

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Personal Information. The processing of Personal Information is carried out using computers and IT systems, following organizational procedures and modes strictly related to the purposes indicated.

Security measures include:

• Encryption in transit (TLS/SSL)
• Encryption at rest for stored data
• Role-based access controls
• Multi-factor authentication for account access
• Continuous monitoring and security updates
• Regular security audits and vulnerability assessments
• Secure data centers with physical access controls

Security Limitations and Disclaimers:

Despite our efforts to store Personal Information in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of Personal Information during its transmission or its storage on our systems.

Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties from illegally obtaining access to Personal Information. We do not warrant or represent that Personal Information about you will be protected against loss, misuse, or alteration by third parties.

Your Responsibility: You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account. Please notify us immediately of any unauthorized use of your account.

4.3 Data Retention

Personal Information shall be processed and stored for as long as required by the purpose for which it has been collected.

• Active Accounts: Data is retained while your account is active and you continue to use the Service
• Account Deletion: When you delete your account, Personal Information is deleted or anonymized within 30 days, except where retention is legally required
• Meeting Content: Individual meetings can be deleted at any time and are permanently removed within 7 days
• Backups: Deleted data may persist in encrypted backups for up to 90 days before permanent deletion
• Legal Retention: Personal Information collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes
• Contractual Obligations: Personal Information collected for purposes related to the performance of a contract between KenzNote and the User shall be retained until such contract has been fully performed and for a period of up to four years thereafter (or such longer time as is necessary to enforce or protect our interests or as required by law)
• Compliance Requirements: We may be obligated to retain Personal Information for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority

Note: Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after expiration of the retention period.

5. Third-Party Service Providers

We rely on trusted third-party providers to help us deliver the Service. Personal Information is collected for the following purposes and using the following Service Providers:

5.1 Analytics

The services contained in this section enable KenzNote to monitor and analyze web traffic and can be used to keep track of User behavior.

PostHog (PostHog, Inc.) PostHog is a product analytics service that helps us understand how users interact with our Service.

• Personal Data collected: Usage Data, IP addresses, browser fingerprint, operating system, device type, visitor country
• Place of processing: United States – Privacy Policy

5.2 Hosting and Backend Infrastructure

This type of service has the purpose of hosting Data and files that enable the Service to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of the Service. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Information is stored.

Supabase (Supabase, Inc.) Supabase is a hosting and backend service that provides database, authentication, and storage infrastructure.

• Personal Data collected: Account information, user content, usage data as specified in Section 1
• Place of processing: United States – Privacy Policy

Cloudflare (Cloudflare, Inc.) Cloudflare provides content delivery network (CDN), DDoS mitigation, and security services.

• Personal Data collected: IP addresses, system configuration information, usage data
• Place of processing: United States – Privacy Policy

5.3 AI Processing and Transcription Services

OpenAI (OpenAI, L.L.C.) OpenAI provides AI-powered transcription and content analysis services.

• Personal Data collected: Audio recordings, transcripts, meeting content
• Data Usage: We have contractual agreements prohibiting the use of your data for model training
• Place of processing: United States – Privacy Policy

Note: We do not use your meetings, recordings, or transcripts to train our own or third-party AI models. Our service providers are contractually restricted from using your data for their own purposes, including AI training.

5.4 Payment Processing

We use third-party payment processors to handle billing and payment transactions securely on our behalf.

• Personal Data collected: Billing information, payment card details, transaction history
• Data Storage: KenzNote does not store full payment card details. All payment information is processed and stored securely by our payment processor in compliance with PCI-DSS standards

The specific payment processor and their privacy policy will be disclosed during the payment process.

5.5 Email Communications

Resend (Resend, Inc.) Resend delivers transactional and marketing emails on our behalf.

• Personal Data collected: Email addresses, names, email engagement data
• Place of processing: United States – Privacy Policy

5.6 Calendar Integration Services

Google Calendar API (Alphabet Inc.) When you connect your Google Calendar, we use Google's API to access meeting information.

• Personal Data collected: Calendar event titles, meeting times, participant information (with your explicit permission)
• Place of processing: United States – Privacy Policy

Microsoft Graph API (Microsoft Corporation) When you connect your Microsoft/Outlook calendar, we use Microsoft's API to access meeting information.

• Personal Data collected: Calendar event titles, meeting times, participant information (with your explicit permission)
• Place of processing: United States – Privacy Policy

Service Provider Requirements

All third-party service providers:

• Process data only under our instructions
• Are contractually obligated to protect your Personal Information
• Are prohibited from using your data for their own purposes, including AI model training
• Must comply with applicable data protection laws (GDPR, CCPA, etc.)

6. International Data Transfers

Your data may be transferred and processed outside your country of residence. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses and encryption.

7. Disclosure of Personal Information

We may disclose Data that does not identify any individual without restriction. In addition, we may disclose Personal Information that we collect or you provide as described in this Privacy Policy:

7.1 Service Providers and Business Partners

• To our subsidiaries and affiliates
• To contractors, service providers, and other third parties we use to support our business (as described in Section 5), solely for purposes of providing such services and for no other purpose
• To third-party integrations you explicitly authorize (e.g., calendar services, collaboration tools)

7.2 Business Transfers

• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of KenzNote's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by KenzNote about our Service users is among the assets transferred
• In such cases, we will notify you via email and/or a prominent notice on our Service before your Personal Information is transferred and becomes subject to a different privacy policy

7.3 Legal Requirements and Protection

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request
• To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of KenzNote, our customers, or others
• To detect, prevent, or otherwise address fraud, security, or technical issues

7.4 With Your Consent

• For any other purpose disclosed by us when you provide the Personal Information
• With your explicit consent for specific disclosures not covered above

Note: We do not sell your Personal Information to third parties for their marketing purposes.

8. Your Privacy Rights

Depending on your location, you may have the right to:

• Access: Learn if Personal Information about you is being processed by KenzNote, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Personal Information undergoing processing
• Rectification: Verify the accuracy of Personal Information and ask for it to be updated or corrected
• Deletion: Request that Personal Information be deleted or otherwise removed (right to erasure)
• Restriction: Restrict the processing of Personal Information about you under certain circumstances
• Objection: Object to the processing of Personal Information about you if the processing is carried out on a legal basis other than consent
• Data Portability: Receive Personal Information about you in a structured, commonly used, and machine-readable format and, if technically feasible, have it transmitted to another controller without any hindrance
• Withdraw Consent: Withdraw consent at any time where you have previously given consent to the processing of Personal Information about you
• Lodge a Complaint: File a complaint with a competent data protection authority regarding our processing of your Personal Information

8.1 Details About the Right to Object to Processing

Where Personal Information is processed for the purposes of our legitimate interests, you may object to such processing by providing a ground related to your particular situation to justify the objection.

You may opt out of the use by KenzNote of Personal Information for marketing purposes at any time by:

• Clicking the "unsubscribe" link in marketing emails
• Adjusting your account settings
• Contacting us at [email protected]

No justification is required for opting out of marketing communications.

8.2 How to Exercise These Rights

Any requests to exercise your rights can be directed to KenzNote through the contact details provided in this notice or via your account settings.

Response Timeline:

• These requests can be exercised free of charge
• We will address requests as early as possible and in any event no later than within 30 calendar days of receipt
• If we need additional time, we will notify you of the extension and the reasons for it

Verification: To protect your privacy, we may need to verify your identity before fulfilling your request. We will request only the information necessary to verify your identity.

9. U.S. State Privacy Rights

9.1 California Privacy Rights

California Civil Code Section 1798.83 permits users of our Service that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes.

Your California Privacy Rights under CCPA/CPRA:

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purpose for collecting, and the categories of third parties with whom we share Personal Information
• Right to Delete: Request deletion of Personal Information we have collected from you, subject to certain exceptions
• Right to Correct: Request correction of inaccurate Personal Information we maintain about you
• Right to Opt-Out of Sale/Sharing: Opt out of the "sale" or "sharing" of your Personal Information
• Right to Limit Use of Sensitive Personal Information: Limit our use and disclosure of your sensitive Personal Information
• Right to Non-Discrimination: You have a right not to be treated in a discriminatory manner for the exercise of your California privacy rights

Do Not Sell or Share My Personal Information:

In the last 12 months, we have not sold Personal Information collected in and through the Service. We do not sell Personal Information to third parties for monetary or other valuable consideration.

How to Exercise Your California Rights:

To make a request under the CCPA/CPRA, please:

• Email us at [email protected] with "California Privacy Rights" in the subject line
• Use the privacy settings in your account dashboard
• Write to us at the address provided in the Contact Us section below

We will verify your identity before processing your request and respond within 45 days (or notify you if we need additional time, up to 90 days total).

9.2 Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to those described above, including rights to access, correct, delete, and opt out of certain processing activities.

To exercise these rights, please contact us at [email protected].

10. Cookies and Tracking Technologies

We use:

• Essential cookies for authentication and security
• Analytics cookies where legally permitted
• Preference cookies to remember your settings

You can manage cookies through your browser or in-app settings.

Cookie Policy

For detailed information about the cookies we use and your choices, please refer to our Cookie Policy.

Managing Cookies:

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since certain features of the Service may no longer function properly.

11. Do Not Track Signals

The Service does not currently respond to "Do Not Track" (DNT) browser signals or similar mechanisms.

To determine whether any of the third-party services we use honor DNT requests, please read their privacy policies. You may also exercise control over tracking through the following industry opt-out initiatives:

• European Union Users: European Interactive Digital Advertising Alliance (EDAA)
• United States Users: Network Advertising Initiative (NAI) and Digital Advertising Alliance (DAA)
• Canadian Users: Digital Advertising Alliance of Canada (DAAC)
• Japanese Users: Data Driven Advertising Initiative (DDAI)

We recommend that Users make use of these resources in addition to the information provided in this Privacy Policy.

12. Children's Privacy

KenzNote is not intended for children under the age of 16.
We do not knowingly collect personal data from children.

11. Recording Consent and User Responsibility

You are responsible for ensuring all meeting participants are informed of and consent to recording and transcription in accordance with applicable laws.

KenzNote provides tools to support transparency, but legal compliance remains your responsibility.

12. Data Breach Notification

If a data breach occurs that poses a risk to users' rights or freedoms, we will notify affected users and relevant authorities as required by law.

13. Additional Information About Data Collection and Processing

13.1 System Logs and Maintenance

For operation and maintenance purposes, the Service and any third-party services may collect files that record interaction with the Service (system logs) and use other Personal Information (such as IP Address) for this purpose.

System logs help us:

• Diagnose technical problems
• Monitor system performance
• Detect and prevent security incidents
• Analyze usage patterns to improve the Service

13.2 Providing Additional Information

In addition to the information contained in this Privacy Policy, the Service may provide you with additional and contextual information concerning particular features or the collection and processing of Personal Information upon request.

To request additional information about our data practices, please contact us at [email protected].

14. Changes to This Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time by giving notice to Users on this page and possibly within the Service and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to us.

Please check this page often, referring to the date of the last modification listed at the top of this page.

Should the changes affect processing activities performed on the basis of your consent, we will collect new consent from you, where required. If new consent is not given and is legally required, further use of the Service may not be possible.

Material changes will be communicated via:

• Email notification to your registered email address
• In-app notification when you next access the Service
• Prominent notice on our website

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Mail: KenzNote Attn: Privacy Officer [Değirmendere Yalı Mah. Faruk Demirer Cad. 49/5 Berrin Apt. - Kocaeli - Turkey]

Data Protection Officer (if applicable): For users in the European Union, you may contact our Data Protection Officer at: [email protected]

We will respond to your inquiry within 30 days.

KenzNote is committed to transparency, security, and user trust.