Privacy Policy
Last updated: March 2026
1. Introduction
Conference Companion ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.
Conference Companion is developed and operated from Utrecht, the Netherlands. We comply with the EU General Data Protection Regulation (GDPR) and Dutch data protection laws.
2. Data Controller
| Company | Conference Companion |
| Location | Utrecht, the Netherlands |
| KvK number | 99939681 |
| DUNS number | 473839823 |
| Contact | hello@conferencecompanion.io |
3. Data We Collect
3.1 Account Data
When you create an account, we collect:
- Name and email address (via Apple Sign In or email registration)
- Authentication tokens
3.2 Meeting Notes & Voice Recordings
- Voice recordings captured during the note-taking process
- Transcribed text from voice recordings
- AI-generated structured meeting summaries
- Manual text notes
3.3 Contact Data
- Business card photos (processed for OCR, then deleted)
- Badge photos (processed for OCR, then deleted)
- Extracted contact information: name, company, title, email, phone
- Contact notes and tags
3.4 CRM Integration Data
- CRM authentication tokens (Salesforce, HubSpot)
- Mapping data between app contacts and CRM records
3.5 Usage & Device Data
- App usage analytics (via Vercel Analytics)
- Device type and operating system version
- App version
- Crash reports (anonymized)
4. How We Use Your Data
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Provide the service | Account, notes, contacts | Contract performance |
| AI note processing | Voice recordings, transcriptions | Contract performance |
| OCR scanning | Badge/card photos | Contract performance |
| CRM synchronisation | Contacts, notes, CRM tokens | Consent |
| Email follow-up generation | Meeting notes, contact info | Contract performance |
| Service improvement | Usage analytics (anonymised) | Legitimate interest |
| Support & communication | Email, name | Contract performance |
5. Third-Party Services
We use the following third-party services to operate Conference Companion:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Database & authentication | Account data, notes, contacts | EU (Frankfurt) |
| OpenAI | AI note processing & summaries | Transcribed text (no audio) | US |
| Apple | Authentication (Sign in with Apple) | Email, name (user-controlled) | US |
| Vercel | Website hosting & analytics | Anonymous usage data | US |
| Stripe | Payment processing | Payment data (via App Store) | US |
Important: Voice recordings are processed by OpenAI for transcription only. We use OpenAI's API with data processing agreements in place. Audio files are not used for model training and are deleted after processing.
6. Data Storage & Security
- Your data is stored in Supabase (EU region – Frankfurt, Germany)
- All data is encrypted in transit (TLS 1.3) and at rest
- Authentication tokens are stored securely on your device using platform-native secure storage
- Voice recordings are processed in memory and are not permanently stored on our servers
- Business card and badge photos are deleted immediately after OCR processing
- We implement access controls and regular security reviews
7. Data Retention
- Active account: Data is retained for as long as your account is active
- After deletion: All personal data is deleted within 30 days of account deletion
- Voice recordings: Deleted immediately after transcription (typically within seconds)
- Card/badge photos: Deleted immediately after OCR processing
- Analytics data: Anonymised data may be retained for up to 12 months
8. Your Rights (GDPR)
Under the GDPR, you have the right to:
- Access — Request a copy of your personal data
- Rectification — Correct inaccurate personal data
- Erasure — Request deletion of your personal data ("right to be forgotten")
- Portability — Receive your data in a structured, machine-readable format
- Restriction — Request restriction of processing
- Object — Object to processing based on legitimate interest
- Withdraw consent — Withdraw consent at any time (for consent-based processing)
To exercise any of these rights, contact us at hello@conferencecompanion.io. We will respond within 30 days.
9. Account Deletion
You can delete your account and all associated data by:
- Using the "Delete Account" option in the app (Settings → Delete Account)
- Visiting conferencecompanion.io/delete-account
- Emailing us at hello@conferencecompanion.io
10. Children's Privacy
Conference Companion is not designed for children under 16 years of age. We do not knowingly collect personal data from children under 16.
11. International Data Transfers
Some of our third-party providers (OpenAI, Apple, Vercel) are based in the United States. These transfers are governed by:
- EU-U.S. Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the App. The "Last updated" date at the top will always reflect the most recent version.
13. Contact & Complaints
For privacy-related questions or complaints, contact us at hello@conferencecompanion.io.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl .