Privacy Notice
Last updated: September 17, 2025
Controller
Vexa.ai Inc. (for account, billing, website & analytics). Processor. Vexa.ai Inc. (for meeting/transcript data on your instructions).
Contact
EU contacts & authority
If Vexa has an EU establishment (e.g., main establishment in Portugal), the lead supervisory authority is CNPD (Portugal) under GDPR's one-stop-shop. If Vexa has no EU establishment, the one-stop-shop does not apply; we will appoint an EU Article 27 representative (with address listed here), and relevant EU/EEA authorities remain competent.
What we process
Account
name, email, company, billing info, plan, usage metrics.
Meetings (processor)
meeting metadata, transcript text, speaker labels (if provided), timestamps.
Diagnostics
service logs/IDs (no audio/video content stored).
Website/analytics
cookie identifiers, pages, device, referrers.
Purposes & Legal Bases
Provide Service & support
(contract).
Security/fraud prevention
(legitimate interests).
Billing & compliance
(legal obligation/contract).
Analytics & marketing cookies
(consent where required).
Retention
Transcripts
kept until you delete (you control deletion); not backed up for your restoration; we may delete for safety/abuse/space.
Account & billing
as long as you have an account + statutory periods.
Logs/analytics
short operational windows or as required by law.
Children
Service is 18+. We do not knowingly process children's data.
International Transfers
Primary hosting: Frankfurt, DE; may use other Vultr regions. Where vendors are outside the EEA/UK, we rely on SCCs and supplementary measures.
Your Rights (EEA/UK)
Access, rectify, erase, restrict, object, portability, and withdraw consent. Contact: info@vexa.ai. You may lodge a complaint with a supervisory authority.
Processors/Sub-processors
See /legal/subprocessors.
Do Not Sell/Share (US)
We do not sell personal information. State privacy rights honored as applicable.
Data Security
See /legal/security.