Earmark - Product Managers: Stop Working Nights. Start Working Smarter.

Effective Date: July 30, 2025

TL;DR

Your meeting data stays with you. Earmark is designed with privacy in mind. We don’t store your meeting audio or transcripts on our servers. In fact, meeting audio never reaches our servers. Your voice is transcribed in real-time by our partner service, and once you end a meeting, the audio and transcript aren’t kept by us.
We only collect what’s necessary. To provide and improve Earmark, we collect some data like your account info (e.g. email, name), usage analytics (e.g. when meetings start/end, features you use), and any content you choose to submit (like feedback or prompts). We do not use your data to train AI models, and we contractually prevent our partners from doing.
Trusted partners, secure processing. When you use Earmark’s AI features (like live transcription or meeting summaries), the necessary data (such as your audio or query text) is sent securely to our trusted providers (e.g. our speech-to-text or AI partner) to get you results. They are obligated not to use your data for anything other than answering your request (no training or selling). In some cases, our AI partners may briefly retain data (for example, up to 30 days) to monitor for abuse, then delete it.
You’re in control. While we don’t store your meeting data, you can delete your account at any time We will never sell your personal information.
Recording responsibly is up to you. If you use Earmark to record meetings, you must ensure you have consent from everyone being recorded. Earmark provides the tool, but you are responsible for following applicable laws and obtaining any required permissions before recording others.

We built Earmark to help you capture and summarize meetings while respecting your privacy. Below is our full Privacy Policy with all the details. If you have any questions, reach out to us at support@tryearmark.com.

Privacy by Design Principles

Earmark is built on these privacy principles:

Most of your data lives on your device. Meeting audio is streamed directly from your device to our transcription service in real-time – it never reaches Earmark’s servers. Transcripts are stored locally in your app/session unless you choose to save or share them. When you use Earmark’s AI features, the relevant transcript is securely transmitted through Earmark’s servers to our AI providers for processing. Transcripts are never stored on our servers. They are relayed in real-time, used only to generate your requested output, and never used for model training or any other purpose. All data in transit is protected using industry-standard TLS encryption.
Data is shared only to provide the service. We share data with third-party providers only when necessary to run Earmark’s features. For instance, we send audio to our speech-to-text provider to get a transcript, or send a question to our AI partner to get an answer. These partners are under strict agreements not to store your data longer than needed or use it for their own purposes (no training their models, etc.). You can delete data anytime. While we don’t store meeting data, you can delete your account anytime.
Your data is not for sale. We will never sell your personal data. We use your information only to provide and improve Earmark’s services for you, and for legal/safety requirements as described below – nothing else.

(No fine print hidden here – those are our core principles. Now, onto the detailed policy.)

Introduction

What this Privacy Policy covers: This Privacy Policy explains how Earmark (“we” or “us”) collects, uses, and shares information about you (“Personal Data”) when you use our application and services (collectively, “Earmark” or the “Services”). It’s incorporated into our Terms of Use, and by using Earmark you agree to the practices described in this Policy. This Policy does not apply to any third-party services you might connect to Earmark (like Google or Microsoft for calendar integration) or other companies we don’t control; those are governed by their own privacy practices. We may update this Policy from time to time as we continue to improve Earmark. If we make material changes, we’ll notify you (for example, by email or a notice in the app). Your continued use of Earmark after changes means you accept the revised Policy.

What is Personal Data? In this Policy, “Personal Data” means any information that identifies or relates to you or your household, and any other information defined as “personal data” or “personal information” under applicable law. It can include obvious things like your name or email, as well as less obvious things like IP address or recordings of your voice. Below we explain the categories of Personal Data Earmark may collect and process.

Categories of Personal Data We Collect

1. Personal Data You Provide – information you knowingly give us:

Account Information: When you sign up for Earmark, we collect your contact and login details. This may include your name, email address, and login credentials. If you choose to sign up via a third-party identity provider (like Google or Microsoft single sign-on), we receive basic profile info from them (such as your name, email, and profile photo). We use a secure authentication service to manage passwords and logins, so we don’t store your raw password.
Workspace and Profile Details: If you create or join a team workspace on Earmark, we collect details like the workspace/organization name you provide and any profile details you fill in. For example, during onboarding you may input your company or team name, an optional company size, and how you heard about Earmark. You might also upload a profile picture or a workspace logo. These are used to personalize your experience (e.g. showing your name and picture in the app, or your team’s name and logo) and for internal analytics and improvements.
Calendar Data (if you connect a calendar): Earmark may offer an option to connect your Google or Microsoft Calendar. If you choose to do this, we will access your calendar events to help you stay on top of meetings. This can include event details like meeting titles, times, invitee names or emails, and agendas/notes in the calendar entry. We use this information only to provide Earmark’s features – for example, to remind you of upcoming meetings, display who’s invited, and help prepare meeting agendas. (We do not use your calendar info for any other purpose, like marketing, and you can disconnect your calendar at any time.)
Meeting Content You Generate: This includes any content you actively share or create during your use of Earmark. For example:
- Audio and Transcripts: If you use Earmark to record and transcribe a meeting, your audio is streamed directly from your device’s microphone to our transcription partner in real-time. We do not store the raw audio or transcripts on our servers. When you use AI-powered features (like summaries or action items), the relevant transcript is securely relayed through our servers to our AI providers solely to process your request. Transcripts are never stored on our servers, never used for model training, and all data is encrypted in transit. The transcript may be temporarily stored locally in your app or device for your viewing and editing during the meeting session.Artifacts (Notes, Summaries, Tasks): Earmark lets you generate meeting notes, summaries, action items, and other outputs (we call these “artifacts”). These artifacts may be created by you directly or with help from Earmark’s AI features (e.g. by prompting our assistant to draft meeting minutes). The content of these artifacts are only stored locally in your browser session and not stored on Earmark’s servers. Feedback and Support Communications: If you reach out to us for support or give us feedback, we’ll collect whatever information you choose to provide. For example, if you email our support or use a feedback form in the app, you might give us your contact info and a message describing the issue or your suggestions. Earmark also occasionally prompts you for feedback within the app (for instance, a quick survey asking “How can we improve?”). If you respond, we collect your response. This could include text feedback about the service or feature requests. We use this info to help resolve your issue, respond to your request, and improve Earmark.

2. Personal Data We Collect Automatically – information collected as you use Earmark:

Usage and Analytics Data: Like many apps, Earmark logs certain usage information to understand how our users interact with the service and to improve it. This includes things like:
- Feature Usage Events: We track events in the app such as when you start or end a meeting, when you create or delete an artifact (note), when you copy text from the app, or open certain features. For example, Earmark may log an event when a meeting recording is started/stopped (with a timestamp and meeting ID), or when you use a particular template or hit an action button. These events help us ensure the app works properly and understand which features are most useful.
- Templates: If you select from one of the Earmark templates from our template library, we log which template was used to determine what is most valuable to our users.
- Application Logs: Our systems automatically record technical information when you use Earmark. This can include your IP address, device type, operating system, browser type (if using the web app), pages or screens you visit, and the date/time of activity. For example, when you navigate within the app, we record page view events with the current URL. We also note if you encountered errors or crashes (which might be logged via our error tracking tool).
- Cookies and Similar Technologies: We (and service providers acting on our behalf) use cookies and similar tracking technologies in our website and app. These are small data files stored on your device that help us recognize you and collect usage data. For instance, when you log in, a cookie keeps you logged in on that device. We also use cookies for analytics to see how users navigate our site. See the Cookies section below for more details.
Device and Network Information: We receive info about the device and network you use to access Earmark. This includes your device’s IP address (which can give a general location, e.g. city or region), your device’s operating system and version, browser type, and possibly unique device identifiers. We use this to troubleshoot and optimize Earmark for common devices, and for security (like preventing unauthorized access or detecting suspicious login patterns)..

3. Personal Data from Others (Third-Party Sources):

Third-Party Accounts and Integrations: If you choose to connect third-party services to Earmark, we may receive personal data from them. For example, as noted, if you sign in via Google or Microsoft, we get your basic profile info from those accounts. If you connect a calendar, we retrieve event data from Google or Microsoft as needed. These external services only share information with us when you explicitly authorize it, and the data received is governed by this Privacy Policy (as well as the third party’s privacy terms).
Service Providers and Partners: We may receive information from service providers we work with. For instance, our payment processor might notify us of your subscription status or if a payment was successful (but not your full card number), or our analytics providers might provide aggregated insights about usage. We could also receive marketing lead information from partners (e.g. if you were referred by an affiliate, we might be told who referred you).
Other Users: If someone invites you to Earmark (say, a colleague adding you to a workspace), they might provide us your email or name to send the invite. We’ll collect that info as part of handling the invitation. We use it only to contact you about the invite and do not use it for other purposes unless you join Earmark.

We will not collect additional categories of personal data or use your data in materially different ways than described above without notifying you first. Now, let’s look at how we use this information.

How We Use Your Personal Data

We use the personal data we collect for the following purposes:

a. To Provide and Maintain Earmark’s Services. First and foremost, we use your information to deliver the functionality of Earmark to you and to fulfill the requests you make. This includes:

Account Creation and Management: We use your account info to set up and secure your account, authenticate you when you log in, and manage our relationship (for example, using your email to send important account notices).
Meeting Transcription and Analysis: If you record a meeting, we process the audio through our transcription partner to convert it to text for you. If you ask our AI to summarize or extract tasks, we send the necessary transcript data to our AI partner and return the answer to you. These processes require your data (audio, transcript text, questions) to fulfill your request – we use it solely to generate the result you asked for.
Feature Functionality: We use various data to power features you use. For example, your calendar data is used to remind you of meetings and populate your agenda; your workspace info lets us organize content among your team; your profile name and photo are used to personalize the app interface; and so on. When you copy text or create an artifact, the app uses that data internally to execute the action (and we might log it as an event for your timeline).
Communication Features: If Earmark offers sharing of meeting notes or collaborating with team members, we use the relevant data (like the notes content and the team members’ identities) to enable that. Similarly, if you schedule a support call or use an in-app chat for help, we’ll use your info to facilitate those communications.

b. To Improve and Develop the Services. We want to make Earmark better over time. We rely on usage data, feedback, and research to do so:

Usage Analytics and Research: We analyze the usage data we collect (clicks, page views, feature use frequencies, etc.) to understand what’s working and what isn’t. For example, we might see that a new feature is rarely used, indicating it’s hard to find or not useful, and that insight comes from aggregating event data. We might perform internal analysis on query logs (which are de-identified from user accounts) to improve our AI’s understanding of requests. Any content data used for analysis is handled carefully – if we ever use real meeting content to improve our services, we will de-identify it so it’s not linked to you, and we will only do so if you’ve opted in or it’s permissible under law. (Currently, by default, Earmark does not retain or use your meeting transcripts or audio for improving our AI; any model training or tuning we do is on separate data.)
Debugging and Support: We use data like error logs, crash reports, and user communications to fix bugs and resolve issues. For instance, if an error report indicates a transcription failed at a certain point, our engineers may inspect logs (which could include the error context and relevant transcript snippet) to identify the problem. We also might contact you via email to notify you of a fix or follow up on a support request.
Testing and New Features: We might use some data in testing new features (with appropriate safeguards). For example, before rolling out a new summary feature, we might test it internally using sample meeting transcripts. If we ever used any real user data for testing, we would remove identifying details or get permission. Generally, we use synthetic or volunteer-provided data for such purposes.

c. To Communicate with You. We use your contact information to send you service-related communications and, if you opt-in, promotional communications:

Service and Account Communications: We may send emails or in-app notifications about important service updates: confirmations of account actions, reminders (upcoming meeting notifications if enabled), security alerts (like new login to your account), password resets, or policy changes. These are necessary messages, not marketing, so you may receive them even if you opt out of marketing emails.
Product News and Offers: If you have given consent (or if applicable law allows), we might send occasional emails about Earmark product updates, new features, or promotions from us. For example, we might announce a major new capability or invite you to beta-test something. You can unsubscribe from these communications at any time. We do not share your email with third-party advertisers.
Feedback Requests: We might reach out to ask for your feedback or to partake in a survey about Earmark. For instance, after a few weeks of using Earmark, we might email asking how your experience has been. Responding is totally optional, but we appreciate any insights to improve the product.

d. For Payment and Subscription Processing. If you purchase a paid plan or subscription, we (through our payment processor) will use your Payment Data to process the transaction and manage billing. For example, if you subscribe to a premium tier, our processor (Stripe) charges your card and we keep a record of your subscription status. We use your billing address or VAT info if needed for tax purposes or invoicing. We do not store your full credit card details on our systems; those are handled by the secure payment provider. We may store basic payment details like the card type, expiration, and last 4 digits (and your billing name/address) – this helps with things like showing you what payment method you’re using, detecting fraud, or complying with accounting rules.

e. To Ensure Safety, Security, and Legal Compliance. Regardless of anything else, we may use your data as necessary to meet our legal obligations or protect everyone’s interests:

Security and Fraud Prevention: We monitor usage for security threats and fraud. For instance, we might use IP and login data to detect if someone is attempting to breach accounts, or we might use cookies to recognize if a device has shown malicious behavior before. If we believe an account is compromised or someone is abusing our service, we will investigate and use relevant data (logs, user info) to mitigate the issue.
Enforcing Our Terms and Policies: We use data to enforce our Terms of Service and other policies. For example, if we receive reports of a user uploading unlawful content, we may review the relevant content to confirm and take action. Similarly, if necessary, we could use data to prevent a banned user from re-registering.
Legal Requirements and Protection: We will use or disclose personal data where we are legally required to do so – for instance, to comply with a valid subpoena or investigation by law enforcement. We may also process data if needed to protect your vital interests or those of others (e.g., in a safety emergency) or to exercise our legal rights or defend against legal claims. This might involve preserving data beyond our typical retention period if needed by law.

We will not use your Personal Data for any purpose that is incompatible with the purposes outlined above without asking for your consent.

How We May Disclose Your Personal Data

We do not sell your personal information to third parties. However, we do share certain categories of data with others in the following circumstances, to run Earmark and as required by law:

1. Service Providers (Processors). We employ a number of trusted third-party companies to perform tasks on our behalf (often called “service providers” or “subprocessors”). We only share the data with them that they truly need to perform their function, and they are contractually obligated to use it solely for that purpose and to keep it confidential. These include:

Cloud Hosting and Storage Providers: We use secure cloud infrastructure to host our application and databases in the United States. Any personal data stored in our backend (like your account info, saved artifacts, etc.) resides on these cloud servers. Our cloud providers have no independent right to access your data except as needed to maintain the service (e.g., backups, security monitoring).
User Authentication and Account Management: We rely on an identity management provider (we use Clerk) to handle user sign-ups, logins, password storage, and organization/workspace management. This means your account data (email, name, profile info, and organization memberships) is processed by that provider on our behalf. They are highly security-focused and store passwords in a hashed form. Clerk also helps manage invitations and team accounts for Earmark.
Payment Processor: For handling subscriptions or purchases, we use Stripe, Inc. All payment transactions are processed through Stripe. They receive your payment card details and billing info as needed to process payments and comply with law (they may store your card info to facilitate billing). Stripe is prohibited from using your Payment Data for any purpose other than carrying out payments for us. (See Stripe’s own privacy policy for more on their practices.)
Analytics and Usage Monitoring: We use analytics tools to understand how Earmark is used. In particular, we use PostHog (an analytics platform) to capture usage events. This means some of your data (like a unique user ID, and events like “meeting_started” or “artifact_created”) is sent to PostHog’s servers for analysis. We’ve configured our analytics to avoid collecting unnecessary sensitive data; however, some events may include certain user inputs for context (e.g. feedback text or a truncated query). Analytics providers help us visualize usage patterns and do not share our data with others. We also use error-tracking and performance monitoring services (like Sentry) to automatically report crashes or bugs – these reports may include device info or app state at time of error, and occasionally user identifiers or snippet of data that caused the error. All such providers are bound to use this information only to help us maintain and improve Earmark.
Audio Transcription Partner: When you record a meeting through Earmark, the audio is streamed to our real-time speech-to-text partner, Assembly.AI, which converts speech to text. Assembly.AI will receive the audio data and return a transcript. Assembly.AIdoes not retain your audio or transcripts after delivering the transcription (except possibly briefly in memory or for technical buffering). We also set parameters to opt out of any data retention or model training programs they offer. Assembly.AI is under contract to not use Earmark users’ audio/transcript data to improve their models.
AI Processing Partner: For generating summaries, extracting action items, or other AI-powered features, we send relevant meeting content (like transcript text or your prompt) to an AI language model service (for example, OpenAI, Anthropic, or a similar provider). This provider will temporarily receive the data in order to process your request and output a result. We ensure that any AI service we use is either running on our controlled infrastructure or is a reputable partner with strong privacy commitments. Our agreements with such providers prevent them from using your content to train their general AI models. By default, they will only store the data transiently (OpenAI, for instance, may retain API request data for 30 days for abuse monitoring, then delete it). They will not use your content to improve their services without separate consent.
Communications and Support Tools: We use certain tools to communicate with you or provide support, which may process your contact info or messages. For example, if we send transactional emails or support emails, we might use an email delivery service like SendGrid or Gmail. If we offer live chat support in-app, that chat is facilitated by a third-party support platform, which would process the messages. These providers use any personal data only to carry out our customer support/communication instructions.

2. Parties You Authorize or Integrate With: If you purposely connect Earmark with third-party services or authorize sharing, we will share data as needed with those parties, but only at your direction. For example:

Calendar Providers: If you choose to connect your Google or Microsoft calendar, we will share certain authentication tokens and data between Earmark and those providers to sync your meetings. This could involve us sending a request to Google/Microsoft to fetch your upcoming events, or writing an event (if we ever allow scheduling through Earmark). Google or Microsoft’s use of that data is governed by their own privacy policy, but they will be accessing your data because you asked us to connect.
Other Users in Your Workspace: If you are using Earmark as part of a team or organization workspace, some of your personal data will be shared with other members of that workspace. For instance, your name and profile may be visible to your teammates, and any artifacts or notes you mark as shared within the workspace will be accessible to them. If you co-edit a document or meeting notes with colleagues, they will see the content you contribute. Essentially, anything you deliberately share in a collaborative context is disclosed to those collaborators by your choice.
Third-Party Services via API: Earmark might integrate with other services at your request – for example, if in the future you export a meeting transcript to a Google Doc or send tasks to a project management tool, we will send the necessary data to that service with your authorization. Such actions will be clear to you (triggered by you), and the third-party’s terms will apply to the data they receive.

3. Legal and Compliance: We may disclose your personal data to third parties (such as courts, law enforcement, or regulators) when we believe in good faith that such disclosure is required to:

Comply with a law, regulation, legal process, or valid governmental request (e.g., a court order or subpoena).
Enforce our Terms of Service or other agreements, or investigate potential violations thereof.
Detect, prevent, or address fraud, security, or technical issues.
Protect the rights, property, or safety of Earmark, our users, or the public. (This could include exchanging information with other companies or organizations for fraud protection and credit risk reduction, or in response to verified lawful requests relating to national security or law enforcement.)

We will make an effort to notify you of legal demands for your data when appropriate, unless prohibited by law or court order or when the request is an emergency.

4. Business Transfers: If Earmark (or our company) is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Data may be transferred to a successor or affiliate as part of that transaction. We will ensure the new owner continues to honor the privacy commitments we’ve made in this Policy. If a new entity will handle your data, we will notify you and give you an opportunity to opt out of the transfer where required by law.

5. Aggregated or De-Identified Data: We may share data that has been aggregated or de-identified such that it can no longer reasonably be used to identify you. For instance, we might publish usage statistics (e.g., “X% of Earmark users record at least one meeting per week”) or share generalized insights with partners. This information will not include personal details or anything that can be linked back to you. We may disclose such anonymized data with interested third parties or use it for business purposes like analytics, research, or marketing.

We do not disclose your Personal Data to third parties for their own marketing or advertising purposes. We do not “sell” or “share” your personal information as those terms are defined under California law (and have not done so in the past 12 months). We also do not use or disclose your sensitive personal data for any purposes other than those allowed by law (for instance, if you provide audio that potentially contains sensitive info, we only process it to provide the transcription service and not to infer characteristics about you).

Cookies and Tracking Technologies

Like many online services, Earmark’s website and application use cookies and similar technologies (such as web beacons, pixels, and local storage) to collect and store information. Here’s how we use them:

Essential Cookies: These are necessary for the website/app to function properly. For example, when you log in to Earmark, we use a cookie to keep you authenticated as you navigate between pages. Essential cookies also help us enforce security features and allow you to use features like recordings (which might require local storage for buffering audio). Without these, certain services you’ve asked for can’t be provided. These cookies are always on when you use Earmark (you can’t opt out of them if you want to use the service, as they are integral to security and basic functionality).
Preference Cookies: We might use cookies to remember your preferences and settings. For instance, a cookie may store your chosen audio input device or your preference for light/dark mode. This makes your experience smoother by remembering choices you’ve made, so you don’t have to set them every time.
Analytics Cookies: These cookies collect information about how visitors use our site or app, so we can understand and improve the user experience. They might track things like which pages you visit, how long you stay, which features you click on, and if you encounter errors. We use these cookies to compile reports and metrics that help us analyze usage patterns. For example, our analytics (via PostHog) uses cookies to distinguish between new and returning users and to see overall navigation flows. The information collected is typically aggregated and not identifying you personally (and if any personal identifiers are collected, we treat them as personal data and protect them accordingly).
Third-Party Cookies: Currently, the primary third-party cookies in Earmark are from our own service providers (like the analytics tools mentioned). We do not serve third-party advertising, so you shouldn’t see tracking cookies from ad networks in Earmark. If in the future we integrate content from others that might set cookies (for example, a video player or a calendar widget from Google), we will update our cookie disclosures.

Your Choices: When using Earmark’s web interface, you can manage cookies through your browser settings. You have the option to refuse or delete cookies. However, please note that if you disable cookies entirely, some parts of Earmark may not function properly. For instance, you might not be able to stay logged in or use certain features. Most browsers also offer “Do Not Track” (DNT) signals; but because there is not yet a common standard for DNT, our site may not respond differently to a DNT header. We continue to monitor industry developments around these signals.

For more information about cookies and how to manage them, you can visit resources like AllAboutCookies.org. Additionally, if we deploy any non-essential cookies that require consent (for users in certain jurisdictions), we will provide a cookie consent banner or settings for you to control those.

Data Security

We take the security of your Personal Data seriously and use a combination of administrative, technical, and physical safeguards to protect it. Here are some of the measures we have in place:

Encryption: All communications between your device and Earmark (including to our APIs and to our third-party partners) are encrypted in transit using HTTPS/TLS. This means outsiders can’t easily intercept and read your data as it travels. Additionally, sensitive data we store (such as passwords, which are hashed, or any personal content stored on our servers) is encrypted at rest on our databases or storage systems.
Access Controls: Access to personal data within our organization is limited on a need-to-know basis. Only authorized personnel or service providers with valid needs (like support staff helping you, or system administrators) can access personal data, and even then, they’re bound by confidentiality. We employ authentication safeguards (like two-factor authentication and key-based access) for our internal systems to prevent unauthorized access.
Network and Application Security: We use firewalls, intrusion detection systems, and secure network architectures to protect our cloud infrastructure. Our application code is reviewed and tested for common security issues. We also keep our software and dependencies up to date with security patches. For example, Earmark’s infrastructure operates in a virtual private cloud with restricted entry points, and we monitor for unusual activity.
Audits and Testing: We periodically review our security policies and practices. We may run security audits or penetration tests via third parties to probe for weaknesses. Any findings are promptly addressed. Our providers (like AWS, Clerk, Stripe) are also industry-leading in security and undergo regular audits (e.g., SOC 2 compliance).
Physical Security: Although we rely on cloud services, those providers maintain physical security controls at data centers (guards, surveillance, access logs, etc.). Within our office (if applicable), we secure any devices or printed sensitive info and enforce clean desk policies.
Employee Training: We train our team about data privacy and security, including how to identify phishing or social engineering attempts and how to properly handle user data.

Despite all these measures, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You should also play a role in keeping your account secure: choose a strong password and keep it confidential, restrict access to your devices, and log out of the app when you’re done, especially on shared devices. If you suspect any unauthorized access to your account or any security vulnerabilities, please contact us immediately so we can help secure your account.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. The exact duration depends on the type of data and the context of processing. Here are some general guidelines we follow:

Account Information: We keep your profile and account data (like your name, email, workspace memberships, subscription status) for as long as you have an active account with us. If you delete your account or we close it due to prolonged inactivity, we will delete this information from our production systems, except to the extent we need it to comply with legal obligations (e.g., maintaining records of transactions for financial/reporting laws) or to resolve disputes.
Meeting Content: Audio recordings are not stored on our servers once processed – they are transient. Transcription text is kept in your session and, if you save it as part of an artifact/note, it becomes part of that artifact’s content. Un-saved live transcription data is discarded when your meeting session ends. Artifacts (notes, summaries, etc.) that you choose to save in Earmark will persist in your account until you delete them. You can delete any artifact or transcript snippet, and we will remove it from our systems (active databases). Please note that removed content might linger in secure backups for a short period but will be overwritten in due course as backups cycle, and it will not be accessible or used except for disaster recovery until it’s deleted.
Calendar Data: If you connect a calendar, we do not import and store all your events indefinitely. We typically fetch upcoming meeting info on the fly or cache it short-term to display in the app. We might store identifiers of calendars linked and basic metadata needed for syncing (like a token and calendar ID) while your account is linked. If you disconnect your calendar integration, we delete any cached calendar content and revoke access.
Analytics Data: Event logs and analytics records are generally kept for a reasonable period to allow us to analyze and improve service performance. This could be on the order of 1-2 years, depending on the data. We may aggregate or anonymize older analytics data and retain those aggregate insights indefinitely (since they no longer identify any individual). If we discover any analytics event contained personal content (e.g., a user’s query text) that we no longer need, we will either delete or anonymize that after analysis.
Communications: If you contact support or provide feedback, we may retain those communications and our responses for a period of time to ensure we have context for any follow-up and to improve our support processes. Typically, support emails or chat logs are kept for at least a year, unless you request deletion and we have no overriding need to keep them.
Legal and Backup Retention: As noted, we might retain certain information for longer if necessary to comply with laws (for example, financial records of payments are kept for the duration required by tax and accounting laws, which can be several years). Also, our system backups might retain fragments of data for a few weeks beyond deletion, but these are protected and eventually deleted as those backups expire. We will not restore deleted personal data back into an active database except in unusual cases like by user request or if required for legal reasons.

When we no longer have a legitimate need or legal obligation to retain your personal data, we will securely dispose of it. In some cases, rather than complete deletion, we may choose to anonymize the data so it can no longer be associated with you. For example, we might convert a usage log into an aggregated statistic. Once anonymized, we may retain and use that information indefinitely without further notice, as it no longer contains personal data.

Some examples of retention periods:

If you delete your account, we aim to remove personal data from active systems within 30 days (and revoke any third-party access like calendar or AI tokens immediately).
Meeting artifacts you delete are removed from the app immediately and from all backups within ~30-60 days.
IP addresses we collect via logs are typically rotated or anonymized after a few months, unless needed longer for security analysis.
Web cookies set for analytics may persist on your browser for up to a year (unless you clear them), but the data they send to us is subject to the retention policies above.

Children’s Privacy

Earmark is not directed to individuals under the age of 18, and we do not knowingly collect personal data from children. If you are under 18, please do not attempt to use Earmark or send any personal information about yourself to us. If we learn that we have collected personal data from a child under 18, we will take steps to delete that information as soon as possible. Parents or guardians who believe that a minor in their care has provided personal information to us without consent should contact us at our support email so we can investigate and delete it.

(Note: Some jurisdictions have lower age thresholds – e.g., 16 or 13 – for certain data processing consent. To be safe, our rule is no users under 18. If you are between 13-18, you should only use Earmark with parental permission and under supervision, and if you’re under 13 you may not use Earmark at all.)

U.S. State Privacy Rights

Residents of certain U.S. states (including California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia) are afforded specific rights regarding their personal data under state laws. If you are a resident of one of these states, you may have some or all of the following rights (depending on the law in your state):

Right to Access: You can request that we disclose to you the personal data we have collected about you and how we use and share it. This includes letting you know the categories of personal information, the sources of that information, the business or commercial purpose for collection, and the categories of third parties with whom we have shared it. You also have the right to obtain a copy of the specific pieces of personal data we collected about you in a portable format.
Right to Deletion: You can request that we delete personal data we have collected from you. Note that there are exceptions – for example, we might retain data needed to complete a transaction you requested, to detect security incidents, to comply with legal obligations, or other purposes allowed by law. If an exception applies, we will let you know in our response. Deleting your account through your settings (or by contacting us) will remove most of your data as described in the Data Retention section, but if you have data stored in backups or in use for a legal purpose, we will isolate and secure it from further use until it can be deleted.
Right to Correction: If you believe that any personal data we maintain about you is inaccurate or incomplete, you have the right to request that we correct it. For example, if your name or email on file is wrong, or if you think some profile information is outdated, let us know and we will correct it (you can also directly edit certain information in your account profile). We will take into account the nature of the personal data and the purposes of processing when considering correction requests.
Right to Data Portability: In some states, you have the right to receive a copy of your personal data in a readily usable format that allows you to transmit it to another entity. If applicable, we will provide this as part of an access request. For example, we could provide you with a JSON or CSV file containing your account information, meeting artifacts, etc., that we have about you, so you could provide it to another service.
Right to Opt-Out of “Sale” or “Sharing” / Targeted Advertising: You have the right to opt out of the sale of your personal data or the sharing of your personal data for targeted advertising purposes. However, as stated, we do not sell your personal data or share it for targeted advertising (and have not done so in the past 12 months). Therefore, there is no need for you to opt out; by default, we don’t engage in those practices. If that ever changes, we will update this Policy and provide a means for you to opt out.
Right to Limit Use of Sensitive Personal Data: You may have the right to direct us to limit the use of certain “sensitive” personal data. Earmark generally does not process sensitive personal data except to provide the service (for instance, audio of your voice could be considered sensitive biometric data under some laws, but we only process it to transcribe your meetings for you, not to identify you or infer traits about you). If you provide any sensitive personal data to us (e.g., you volunteer health information in a support request, or your meeting content contains sensitive info), we will not use it to infer characteristics about you. We only use sensitive data to provide Earmark’s functionality or for other limited purposes allowed by law (such as ensuring security or with your consent).
Right to Non-Discrimination: We will never discriminate against you for exercising any of your privacy rights. This means we won’t deny you our Services, give you a different level of service, or charge you a different price just because you exercised your rights. However, please be aware that deleting or limiting use of your data may affect our ability to provide certain features – for example, if you ask us to delete all your data, you will no longer be able to use Earmark because it relies on some personal data to function. Rest assured, we will not retaliate or penalize you for any privacy requests.
Other State-Specific Rights: Some states (like California) allow residents to request certain information about what personal data is shared with third parties for those third parties’ direct marketing purposes. Earmark does not share personal data with third parties for their own direct marketing, so there is nothing to disclose in that regard. Nevada law allows residents to opt out of any sale of personal data; as we do not sell data, this is not applicable, but Nevada residents may still contact us with questions.

Exercising Your Rights: If you are a resident of a U.S. state with privacy rights, you (or your authorized agent) can submit requests to exercise those rights by contacting us at support@tryearmark.com. Please include in your request: (1) enough information so we can verify your identity and residency (we need to be sure the person making the request is actually you or someone authorized by you), and (2) a clear description of what right you are trying to exercise and the scope of the request. For example, if you want a copy of your data, let us know you’re requesting access/portability; if you want something deleted, specify what; if correcting, tell us what is inaccurate. We may ask for additional information if needed to verify identity or clarify the request. You do not have to create an account to make a request, but you will need to provide us with sufficient contact information to reach you with a response. We will only use information provided in a request to verify and fulfill that request.

We aim to respond to valid requests within the timeframe required by your state’s law (typically around 45 days for California and other CPRA-like laws, with a possible extension of another 45 days if necessary). If we need more time, we will let you know and explain why. In general, our services are designed to give you direct access to much of your data (for example, you can log in and download your meeting notes, or see your profile info), so we encourage you to use those self-service features when possible. For requests we fulfill, we will confirm with you once done. If we deny your request, we will explain the reason (e.g., we could not verify your identity, or the data requested is exempt from disclosure). Some data we may not be able to provide or delete if an exemption applies; for instance, we will not delete data needed to complete an ongoing transaction or data that is required for legal compliance. But we will never simply ignore a legitimate request.

Authorized Agents: If you are using an authorized agent (like a lawyer or someone with power of attorney) to submit a request on your behalf, we will take steps to verify the agent’s authority. For example, we may ask for proof of your written permission for that agent to act for you, and also still verify your identity with you directly. This is to prevent fraud. If you have given an agent such power, they can contact us as described with the subject line “Privacy Request – Authorized Agent” and we will guide them through our verification process.

Appeal Process (for Certain States): Residents of Colorado, Connecticut, Delaware, Illinois, Montana, New Jersey, New Mexico, Virginia and other states with similar laws have the right to appeal if we deny a privacy rights request. If we inform you that we are unable to honor a request, you may appeal our decision by replying to our response (or emailing us at support@tryearmark.com with the subject “Appeal of Privacy Request”) and providing the reasons you believe our initial decision was incorrect. We will re-evaluate your request and respond within the timeframe required by law (generally 45 days). Our response will explain the outcome of the appeal. If the appeal is denied, we will provide any further recourse available under applicable law (for example, you may contact your state’s Attorney General to submit a complaint).

European, UK, and Swiss Data Subject Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you are entitled to additional rights and information under the General Data Protection Regulation (GDPR) or UK GDPR. Earmark is the “data controller” of your personal data for the services it provides (assuming you use Earmark for personal or business purposes and not via an enterprise that has its own contract with us). This section outlines the legal bases we rely on for processing your data and the rights you have under GDPR.

Legal Bases for Processing: We only process your personal data when we have a valid legal basis to do so under Article 6 of the GDPR. The bases we rely on are:

Contractual Necessity: We process certain personal data because it is necessary to fulfill our contract with you – namely, to provide the Earmark services you request under our Terms of Use. When you sign up and agree to our Terms, a contract is formed, and we need to process data to perform that contract. This includes:
- Providing the core Earmark services (transcribing meetings, generating notes, storing your content, etc.). We cannot do these without processing the content you input (audio, text) and associated account data.
- Managing your account and user profile (so you can log in, have a workspace, etc.).
- Payment processing for paid plans. If you subscribe, processing your payment info is contractually required to provide the service.
- Basic communications related to the service (emails about critical updates, etc.).
  In short, if you don’t provide this data, we wouldn’t be able to deliver the service to you. Examples: We need your email for login (contractual), and we need to process your microphone audio to transcribe a meeting as per your request (contractual).
Legitimate Interests: We process the following categories of data based on our legitimate interests (or those of third parties) in operating and improving Earmark, provided those interests are not overridden by your data protection rights:
- Usage data and analytics: We have a legitimate interest in understanding how our service is used, so we collect and analyze usage information to improve functionality and user experience. We also have an interest in securing our platform and preventing fraud, which involves processing logs and some personal identifiers.
- Feedback and communications: It’s in our interest to keep users happy and engaged, so we might use your feedback to improve our service or send you certain communications (product updates for existing customers).
- Marketing to existing customers: We may send product news or feature updates to our users; this is generally considered a legitimate interest under GDPR (sometimes called the “soft opt-in” for customers), but you always have the right to opt out of such emails.
- De-identified data: We might use de-identified data to improve our algorithms or insights, which is a legitimate interest in enhancing our product.
  We always consider your rights and expectations – for instance, we will not use sensitive meeting content in marketing without consent, and we do not intrusively profile you for advertising. When we rely on legitimate interests, we ensure that we’ve balanced those interests against your privacy rights.
Consent: In certain cases, we may ask for your consent to process data. For example:
- If we ever want to use your meeting recordings or transcripts to improve our AI models (de-identified or not), we would seek your consent (e.g., via a settings toggle to opt in to data sharing for improvement).
- If we send you certain marketing communications in jurisdictions that require consent, we will obtain it (e.g., an email sign-up form).
- If we integrate with your calendar or other third-party accounts in a way not strictly necessary for our service, we will ask your permission for that data access.
  Where we rely on consent, you have the right to withdraw it at any time. For example, you can disconnect a calendar (withdrawing consent to read your calendar data) or unsubscribe from marketing emails (withdrawing consent to receive those). Withdrawing consent will not affect the legality of processing that happened before the withdrawal.
Legal Obligation: We will process data if needed to comply with a legal obligation. For instance, retaining transaction records for tax law, or providing information if properly compelled by authorities under law. This is a basis when the law specifically requires the processing.
Vital Interests and Public Interest: These bases are less likely to apply, but if ever necessary, we could process data to protect someone’s life (vital interests) or for a task in the public interest. An example of vital interest would be if we became aware of an imminent threat to someone’s life during a recorded session and had to provide information to authorities to prevent harm – extremely unlikely and never done as of now. Public interest processing would typically only apply if we were required to do something like that by law.

We will clarify at the point of collection if any data is collected on the basis of consent or if required by law. Otherwise, assume it’s either contractual or legitimate interest as outlined. If you have questions about the specific legal basis for any particular processing, feel free to contact us.

Your GDPR Rights: As an EU/EEA, UK, or Swiss data subject, you have the following rights regarding your personal data:

Right to Access: You can ask us to confirm if we’re processing your personal data and request a copy of that data (similar to the access right in the US section). This allows you to see what information we have about you. We will provide this in a commonly used electronic form. Much of your data is also accessible by logging into your account (e.g., your profile, your meeting notes, etc.), but you can always request the full scope.
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to have it corrected or completed. You can update some info directly (like editing your profile), or you can reach out and ask us to fix something (for example, if there’s a typo in data we store that you can’t edit). We’ll make the correction as long as we can verify the new info is accurate.
Right to Erasure (Right to be Forgotten): Under certain circumstances, you can request that we delete your personal data. This is similar to the deletion right described above. You may exercise this by deleting your Earmark account in your settings (which removes your personal data from the service), or by specifically requesting deletion of certain data. We will erase the data except where retention is permitted or required by law (we’ll let you know if that’s the case). Once your data is deleted, it can’t be recovered, so be sure this is what you want.
Right to Restrict Processing: You can ask us to limit the processing of your data in certain situations. For example, if you contest the accuracy of data, you can request we restrict processing it (just store it) until we verify accuracy. Or if you object to our use of your data based on legitimate interest, you can request restriction while we consider your objection. When processing is restricted, we will still store your data but not actively use it (other than storing it) until the issue is resolved.
Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (or public interest). If you object, we must stop processing unless we have compelling legitimate grounds that override your rights or if processing is needed for legal claims. You also have an absolute right to object to use of your data for direct marketing. In practice: you can object to certain analytics uses or to receiving any newsletters (though it’s easier to just unsubscribe). If you object to any processing, please explain your situation so we can assess it properly.
Right to Data Portability: You can request to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that to another controller. This applies to data processed by us on the basis of consent or contract, and by automated means. We will provide an export (likely in JSON or CSV form) of your account data and content if you request it, which you could then provide to another service. Where technically feasible, you can also ask us to send it directly to another company, if for example you were moving to a competing service and they have a mechanism to receive such data.
Right to Withdraw Consent: If we are processing any of your data based on your consent, you have the right to withdraw that consent at any time. For instance, if you gave consent for us to use your data to improve our AI, you can later opt out and we will stop that processing. Withdrawing consent won’t affect the lawfulness of processing done before the withdrawal. If you withdraw consent for something essential (like processing audio for transcription), note that we might not be able to provide that feature to you afterwards – but we will inform you if that’s the case.
Right not to be subject to Automated Decision-Making: Earmark does not make any legal or similarly significant decisions about you purely by automated means without any human involvement. We may use AI to assist with providing the service (like summarizing text) but this doesn’t produce decisions affecting your rights or status. If we ever did, you would have the right to human review and to contest the decision.
Right to Complain: If you have concerns about our data handling, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, that would be the authority in your country of residence (a list can be found at edpb.europa.eu). UK residents can complain to the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns first by contacting us directly, as we strive to resolve privacy issues in a satisfactory way for our users.

International Data Transfers: Earmark is operated from the United States, and using Earmark will involve sending your personal data to the U.S. (and potentially to other countries where our service providers are located or have backup servers, such as EU or Canada). The data protection laws of these countries might be different from those in your home country. However, when we transfer personal data out of the EU/UK, we ensure appropriate safeguards are in place under GDPR, such as the European Commission’s Standard Contractual Clauses (SCCs) or other approved mechanisms, to protect your information. By using Earmark, you acknowledge that your data will be transferred to and processed in the U.S. and possibly other jurisdictions. We ensure that any third-party service providers we use for EU/UK user data have agreed to GDPR-standard data protection commitments. If you’d like more information on or copies of the specific transfer mechanisms we rely on (for example, SCCs), please contact us.

Your Responsibility for Meeting Recordings

We want to reiterate an important point: If you use Earmark to record meetings or calls, it’s your responsibility to ensure that you’re complying with all applicable laws regarding recordings. Different jurisdictions have different “consent” laws – some require that all participants consent to being recorded, others require only one-party consent (the recorder’s consent), etc. Earmark cannot determine for you whether a particular meeting can be legally recorded. You must make sure you have any necessary consent from the people being recorded before you start recording with Earmark. This might mean informing participants that you are using Earmark to record and transcribe the meeting and getting their OK to proceed. By using the recording features, you represent that you have the legal right to do so. We disclaim liability for misuse of the recording features in violation of others’ privacy rights – so please use Earmark responsibly and respectfully.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how Earmark handles your data, please reach out to us:

Earmark, Inc. (the provider of the Earmark service)
Email: support@tryearmark.com (for general inquiries or to exercise privacy rights)

We’re here to help and will do our best to address any issues. Your privacy is important to us, and we welcome feedback about how we can improve our policies or practices.

Thank you for trusting Earmark with your meeting notes and conversations. We hope this Privacy Policy gives you a clear understanding of our commitment to protecting your data.