Privacy policy

Intonation Labs Pte. Ltd., 68 Circular Road, #02-01, Singapore 049422 (UEN: 202607645W) (“we”, “us”) operates IntoMeeting (the “Service”). We are incorporated in Singapore.

We are the data controller for your personal data under applicable data protection laws.

We aim to handle personal data in line with the Singapore Personal Data Protection Act 2012 (PDPA). Where users are in the European Economic Area (EEA) or the United Kingdom, the EU/UK GDPR applies. Where users are California residents, the California Consumer Privacy Act (CCPA) applies. This policy is designed to satisfy all three frameworks.

For privacy and data protection enquiries, contact our Data Protection Officer at privacy@intonationlabs.com

• Account: Email, display name, identifiers from email/password or single sign-on.
• Meeting audio: When you start capture, audio may be streamed for real-time transcription and AI features. Retention depends on our architecture (often processed in real time; confirm in your deployment docs).
• Transcripts and AI output: Text from speech, AI suggestions, summaries, notes, and similar artefacts stored in your workspace.
• Knowledge base: Documents or text you upload for retrieval during meetings.
• Usage and technical data: Logs, diagnostics, and usage metrics to run and secure the Service.
• Billing: If you subscribe, payment data is handled by our payment processor (Stripe); we typically receive limited billing metadata (e.g. last four digits of card, billing address), not full card numbers.
• Local storage: Preferences (e.g. theme) may be stored in your browser.

• Provide transcription, AI assistance, meeting history, search, and sharing features you request.
• Authenticate users, enforce limits, billing, and security.
• Send service-related messages (e.g. verification, receipts) and optional product emails if you opt in.
• Comply with law and protect rights.

We do not sell your personal data. We do not use your meeting transcripts or knowledge documents to train shared or public AI models for advertising or unrelated purposes. Third-party cloud and model providers process data on our instructions to operate the Service—see Section 7.

The Service uses automated processing, including machine learning models, to generate transcripts, suggestions, summaries, and similar output. Specifically, we use Google Vertex AI (Gemini 2.0 Flash) for AI-generated answers, coaching, and summaries; Google Cloud Speech-to-Text for transcription; and text-embedding-005 for semantic search over your knowledge base.

Output may be wrong or incomplete; you should verify important information. Question detection uses confidence scoring (a threshold above which the system treats spoken content as a question). This processing is part of delivering the Service, not automated decision-making with legal or similarly significant effects about you under GDPR Article 22.

Transparency (including EEA users): When you use live transcription, AI answers, summaries, meeting prep, coaching tips, or similar features, you are interacting with an automated system that generates content. It is not a human and may produce errors; you should treat outputs accordingly. For your responsibilities when relying on AI output, see our Terms of Service (Section 8 — AI-generated outputs).

You can disable AI features by not starting a meeting capture session.

Where the GDPR applies, we process your personal data on the following legal bases:

You may withdraw consent at any time via Settings > Data & Privacy. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell your personal data. To exercise your CCPA rights, contact privacy@intonationlabs.com.

We use the following subprocessors to deliver the Service. They receive only the data needed for their stated purpose and are bound by data processing agreements.

Data is processed primarily in the United States (GCP region us-central1). For transfers from the EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission (and the UK International Data Transfer Agreement / Addendum where applicable).

We will notify users of material changes to our subprocessor list via email or in-app notice.

• Meeting transcripts and AI output: retained per your plan tier — 14 days (Free), 30 days (Starter), 90 days (Pro). After the retention window, data is permanently deleted.
• Knowledge base documents: retained while your account exists.
• Vector embeddings: deleted when the corresponding source document is deleted.
• Account data: retained while your account exists; permanently deleted within 30 days of account deletion.
• Billing records: retained for up to 7 years as required under Singapore tax law (IRAS requirements) and applicable financial regulations.
• Security and audit logs: retained for up to 12 months.
• Backup copies: purged within 30 days of primary data deletion.

Depending on your location and applicable law, you may exercise the following rights with respect to your personal data:

1. Right of access (GDPR Art 15) — obtain confirmation of whether we process your data, and receive a copy.
2. Right to rectification (Art 16) — correct inaccurate or incomplete personal data.
3. Right to erasure (“right to be forgotten”) (Art 17) — request deletion of your personal data where there is no compelling reason for continued processing.
4. Right to restrict processing (Art 18) — request that we limit how we use your data in certain circumstances.
5. Right to data portability (Art 20) — receive your data in a structured, commonly-used, machine-readable format. You can export your data at any time from Settings > Data & Privacy > Export All Data.
6. Right to object (Art 21) — object to processing based on legitimate interests or for direct marketing purposes.
7. Right to withdraw consent (Art 7(3)) — where processing is based on consent, you may withdraw it at any time via Settings > Data & Privacy. Withdrawal does not affect prior lawful processing.
8. Right not to be subject to solely automated decisions (Art 22) — our AI features assist you but do not make decisions with legal or similarly significant effects about you. See Section 4 for details.
9. Right to lodge a complaint with a supervisory authority (Art 77) — if you believe your data protection rights have been violated, you may complain to a supervisory authority (see below).

To exercise any of these rights, contact privacy@intonationlabs.com. We will respond to data subject requests within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you of the extension and the reasons for it.

Supervisory authorities: EEA residents may lodge complaints with their local data protection authority. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.

We use technical and organisational measures appropriate to the risk, including: encryption in transit (TLS 1.3), encryption at rest (AES-256 via Google Cloud default encryption), Firebase App Check for API abuse prevention, Content Security Policy headers, rate limiting, role-based access controls, and Firestore security rules enforcing tenant isolation. We conduct periodic security reviews.

No method of transmission or storage is perfectly secure. If you discover a vulnerability, please report it to info@intonationlabs.com.

The Service is not directed at children under 16. If you believe we have collected a child's data, contact us and we will take steps to delete it.

We may update this policy. We will post the new version and, for material changes, provide notice (e.g. email or in-app) where appropriate. We encourage you to review this page periodically.

Data Protection Officer / Privacy: privacy@intonationlabs.com
General support: info@intonationlabs.com
Postal address: Intonation Labs Pte. Ltd., 68 Circular Road, #02-01, Singapore 049422