Privacy 🤝

1. Introduction

This policy describes what information we collect when you use tldx’s site, services, products, and content (“Services”). It also provides information about how we store, transfer, use, and delete that information, and what choices you have with respect to the information.

This policy applies to tldx’s online meeting recording & transcription tool, including the website and web applications, and other tldx websites (collectively “the Websites”), as well as other interaction (e.g. customer support conversations, user surveys and interviews etc.) you may have with tldx.

This policy applies where we are acting as a Data Controller with respect to the personal data of users of our Services; in other words, where we determine the purposes and means of the processing of that personal data. For content and data that you upload to or make available through the Service (“User Content”), you are responsible for ensuring this content is in accordance with our Terms of Service, and that the content is not violating other users’ privacy.

2. Data Collection

We at tldx are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users who need to record, index and store meeting recordings, and does not rely on widespread collection of general user data. We will only collect and process information that we need to deliver the service to you, and to continue to maintain and develop the service.

tldx does not access your recordings and transcripts at any point, unless you personally share access with individual employees for technical support. Also in those cases only recordings and transcripts with access rights given to the support team member will be accessed.

tldx may collect, store and process various kinds of data, with different legal grounds, as listed below. We will not sell collected data to other companies.

User account information

Users that choose to register in tldx are asked to sign up with an external authentication service, e.g. Google Sign-In or similar. We will fetch and store email address, name and profile image URL from this service.

Usage information

When you as a user interact with the Services, we collect and process metadata to provide additional context about the way the Service is being used. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our server software and our analytics tracking system.

Product analytics data

tldx logs activities by you and other users when the users interact with our websites or apps, when a page or a room is visited or where there is a conversation. We will never access the content in conversations, unless upon specific request by the user who recorded this content with our Services.

Video recordings

We alert participants via email/calendar-notification/chat-message when they join meetings if you are recording a meeting with our service. Participants have the option to leave the meeting. As you are using tldx to record meetings, you are responsible for collecting consents from all participants in the meeting prior to starting the recording. The transcript, which may also contain personal data, is treated the same way as the video recording. Video recordings and transcripts will not be accessed by tldx, unless upon specific request by the user who created such recordings with tldx.

Technical log data

Like most digital services, our servers automatically collect information when Websites or Services are accessed or used and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited within the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

Device information

tldx may collect and process information about devices used to access the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect and process some or all of this information depends on the type of device used and its settings.

Cookies

tldx uses cookies on the tldx Site and other aspects of the tldx Services. Cookies, including local shared objects, are small pieces of information that are stored by your browser on your computer’s hard drive which work by assigning to your computer a unique number that has no meaning outside of the tldx Services. Most web browsers automatically accept cookies, but you can usually configure your browser to prevent this. Not accepting cookies may make certain features of the tldx Services unavailable to you. Through using our Services you agree to our usage of cookies to fulfill our service agreement with you.

Location information

We receive information from you and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location. tldx may also collect location information from devices in accordance with the consent process provided by your device.

The legal basis for this processing is our legitimate interests cf. GDPR art. 6 (1) item f, namely using this data for the purpose of ensuring the proper administration of our Website and business, analyzing the use of the website and services, monitoring and improving our Website and Services, improving the user experience, preventing abuse, and assisting users with support inquiries.

Customer support information

We may process information that you send to us, should you choose to submit a ticket to our customer support. If you contact us, we may use your Account, Transaction or Usage Information to respond.

Processing this information is required for performing the contract we entered into with you, at your request (our Terms of Service), as well as our legitimate interest of handling your requests cf. GDPR art. 6 (1) item f.

Product & Marketing communication

We may process information that you provide to us for the purpose of subscribing to our email newsletters. You can opt out by sending an email to [email protected]

The notification data may be processed for the purposes of sending you relevant product information or newsletters. The legal basis for this processing is your consent cf. GDPR art. 6 (1) item a.

Transaction information

Customers that choose to purchase a paid version of the Services provide tldx (and our payment processors) with billing details such as credit card information, billing email, banking information, location at the time of transaction and/or a billing address.

The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. This data may be used for the purpose of delivering the Services to you. Processing this information is required for fulfilling the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) item b. Additionally, this information needs to be retained in order to comply with accounting and tax regulation cf. GDPR art. 6 (1) item c.

Service and transactional notifications

Sometimes we’ll send you emails about your account, service changes or new policies. You can’t opt out of this type of “service or transactional” emails (unless you delete your account) as they are necessary information for the Services.

The legal grounds for processing this information is that it is required for performing our commitment about communicating changes in plans and pricing to you in the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) item b, and our legitimate interest of communicating important information about your account to you, cf. GDPR art. 6 (1) item f.

Correspondence information

We may process information that you choose to share with us if you participate in a focus group, research interview, contest, activity or event, apply for a job, interact with our social media accounts or otherwise communicate with tldx

The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests cf. GDPR art. 6 (1) item f, namely the proper administration of our website and business and communications with users.

For all categories of data that require your consent, we will actively ask you for consent before collecting any data. You can give and revoke your consents by writing an email to [email protected].

3. Data Use

tldx uses the collected data for various purposes:

(1) to provide and maintain our Service;

(2) to notify you about changes to our Service;

(3) to allow you to participate in interactive features of our Service when you choose to do so;

(4) to provide customer support;

(5) to gather analysis or valuable information so that we can improve our Service;

(6) to monitor the usage of our Service;

(7) to detect, prevent and address technical issues;

(8) to fulfill any other purpose for which you provide it;

(9) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;

(10) to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;

(11) to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;

(12) in any other way we may describe when you provide the information;

(13) for any other purpose with your consent.

4. Data Retention

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Transaction information will be retained for a minimum period of 5 years following the date of the transaction, and for a maximum period of 10 years following the date of the transaction.

In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

(1) Account information will be retained until you decide to delete your account.

(2) Information about you used for Product & Marketing communication will be retained as long as you have given us consent to use this information.

(3) The period of retention of usage information will be determined based on the need for historical data to determine statistical validity and relevance for product decisions and technical monitoring.

(4) Sensitive personal information, including meeting recordings, is by default deleted after 3 months of inactivity for a given user.

Regardless of the provisions above, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

5. Data Transfer

We may share information about with third parties in some circumstances, including:

(1) with your consent;

(2) to a service provider or partner who meets our data protection standards (Information might only be delivered to necessary providers to fulfill our service agreement with you. We will not sell data to third parties);

(3) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other legal process;

(4) to protect the vital interest of others, when we have reason to believe that doing so will prevent harm to someone or illegal activities.

Our categories of service providers and partners are:

Hosting/infrastructure/storage providers
Payment processors
Analysis tools providers
Customer support tools providers
Marketing and email providers
Internal communication tools providers

6. International Data Transfers

All personal data collected through our platform is primarily processed and stored within facilities located in the European Economic Area (EEA), in line with the standards set forth by the European Union’s General Data Protection Regulation (GDPR).

We are committed to safeguarding your data within the EEA wherever possible. However, for specific features involving artificial intelligence services, we partner with Anthropic, an AI provider that may process data outside the EEA.

To generate insights, we securely transmit limited portions of user transcripts to Anthropic’s facilities, which may be located in countries outside the EEA. We have ensured that appropriate safeguards are in place for these transfers, namely, the use of standard data protection clauses adopted or approved by the European Commission.

By using our website and services, you acknowledge that personal data submitted for publication may be accessible, via the internet, to users worldwide. While we take robust measures to protect this data, we cannot prevent potential use (or misuse) by third parties. For more details on content responsibilities, please refer to our Terms of Service.

7. Your Rights to Access, Export or Remove Personal Data

If you have provided your consent to your processing of personal data, you may also withdraw your consent at any time by writing an email to [email protected]. You may instruct us at any time not to process your personal information for marketing purposes, by writing an email to [email protected]. You can delete single recordings at any time via our web interface. If you delete your account, your information and content will be unrecoverable after that time. We may withhold personal information that you request to the extent permitted by law.

As an individual you are granted rights according to the applicable data protection law:

(1) The right to access to your personal data.

(2) The right to rectification of your personal data.

(3) The right to object to and restriction of our processing of your personal data.

(4) The right to be forgotten; erasure of your data.

(5) The right to data portability.

The rights are not absolute, and you may read more about your rights in the EU general data protection regulation Chapter III, or at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en

To exercise your rights or if you otherwise have any questions regarding our processing of your personal data, we encourage you to contact us as described below. However, we also notify you that you may raise a complaint to a data protection authority. As a German company, tldx uses the Federal Commissioner for Data Protection and Freedom of Information as a supervising authority. You may find further information on their website: https://www.bfdi.bund.de/EN/Home/home_node.html. You may contact your national/state supervisory authority, but tldx will retain the Federal Commissioner for Data Protection and Freedom of Information as our lead supervisory authority.

8. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All connections to tl;dv are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. tl;dv hosts its software in Google Cloud Platform and Amazon Web Services (AWS) facilities. Google and AWS data centers are certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 1 and 2 compliant. Our database is located in a Virtual Private Cloud (VPC) with Google and protected by restricted security groups. Only the minimal required communication to and between the servers is allowed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Children’s Privacy

We do not knowingly collect or process personal data from children under the age of 16, and no part of our Services is directed to them. If you are a parent or guardian and you learn that your child has provided us with personal data, please contact us at [email protected]. If we become aware that we have collected personal data from a child without verification of parental consent, we take steps to remove that information from our systems.

10. Changes to this Policy

We can change these Terms at any time. If a change is material, we’ll let you know before it takes effect. By using tldx on or after that effective date, you agree to the new Terms. If you don’t agree to them, you should delete your account before they take effect, otherwise your use of the Service and Content will be subject to the new Terms.

11. Company Acquisition

In the case where we are involved in a merger, acquisition, bankruptcy, reorganization or sale of assets such that your information would be transferred or become subject to a different privacy policy, we will notify you in advance and give you the option to delete your data before the transfer.

12. Contact

To make a request, please contact our Privacy Team at [email protected] or by writing to the following address:

tldx Solutions GmbH

Kaiser-Friedrich-Allee 51

52074 Aachen

Germany