Privacy Notice

Last updated: September 17, 2025

Controller

Vexa.ai Inc. (for account, billing, website & analytics). Processor. Vexa.ai Inc. (for meeting/transcript data on your instructions).

Contact

info@vexa.ai.

EU contacts & authority

If Vexa has an EU establishment (e.g., main establishment in Portugal), the lead supervisory authority is CNPD (Portugal) under GDPR's one-stop-shop. If Vexa has no EU establishment, the one-stop-shop does not apply; we will appoint an EU Article 27 representative (with address listed here), and relevant EU/EEA authorities remain competent.

What we process

Account

name, email, company, billing info, plan, usage metrics.

Meetings (processor)

meeting metadata, transcript text, speaker labels (if provided), timestamps.

Diagnostics

service logs/IDs (no audio/video content stored).

Website/analytics

cookie identifiers, pages, device, referrers.

Purposes & Legal Bases

Provide Service & support

(contract).

Security/fraud prevention

(legitimate interests).

Billing & compliance

(legal obligation/contract).

Analytics & marketing cookies

(consent where required).

Retention

Transcripts

kept until you delete (you control deletion); not backed up for your restoration; we may delete for safety/abuse/space.

Account & billing

as long as you have an account + statutory periods.

Logs/analytics

short operational windows or as required by law.

Children

Service is 18+. We do not knowingly process children's data.

International Transfers

Primary hosting: Frankfurt, DE; may use other Vultr regions. Where vendors are outside the EEA/UK, we rely on SCCs and supplementary measures.

Your Rights (EEA/UK)

Access, rectify, erase, restrict, object, portability, and withdraw consent. Contact: info@vexa.ai. You may lodge a complaint with a supervisory authority.

Processors/Sub-processors

See /legal/subprocessors.

Do Not Sell/Share (US)

We do not sell personal information. State privacy rights honored as applicable.

Data Security

See /legal/security.