Volta

Privacy Policy

Effective July 13, 2026

Volta Notetaker (“Notetaker”, “we”, “us”) is an internal tool operated by Volta Labs Inc. (“Volta”) at notetaker.voltaeffect.com. It joins video meetings on behalf of authorized users and lets authorized users record in-person meetings in the mobile app. It transcribes those recordings and stores the resulting transcripts so participants can review what was said.

This policy describes what information Notetaker collects, how it is used, who it is shared with, how long it is kept, and how to remove it. It applies to anyone who signs in to Notetaker, has a meeting recorded by it, or otherwise interacts with the service.

1. Information we collect

1.1 Account information

When you sign in with Google, we receive your name, email address, Google account ID, and profile picture URL. When you sign in with a magic link, we receive only your email address.

1.2 Google user data

With your consent, Notetaker requests the following Google OAuth scopes:

Notetaker does not request write access to your calendar, your Gmail, your Drive, or your contacts. We never modify calendar events.

1.3 Meeting content

For online meetings that you or another authorized user have chosen to record, Notetaker captures the meeting’s audio and video via a bot operated by Recall.ai and produces a speaker-labeled transcript. The bot announces itself in the meeting chat when it joins.

In the mobile app, Notetaker uses the microphone only after an authorized user selects Start recording. Before recording, that user must confirm that they have informed all participants and obtained their consent, and must agree to the processing described below. The audio stays on the device until the user selects Save & upload.

Saved in-person audio is uploaded to Volta storage and sent to AssemblyAI to create a speaker-labeled transcript. After the transcript is ready, Anthropic automatically creates a meeting summary. The app names both services before recording starts and again before the audio is uploaded.

We also store metadata about the meeting: title, start and end time, the conference URL, and the list of attendees (name, email, talk-time) as reported by the calendar invite and the meeting platform.

1.4 Operational information

We log standard operational data — request timestamps, IP addresses, user-agent strings, error traces — for security and debugging. These logs are retained for a short period (typically 30 days) and are not used for analytics or advertising.

2. How we use information

We use the information described above only to:

3. Google API Services — Limited Use disclosure

Notetaker’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

4. Who can see what

Access inside Notetaker is gated by role and by meeting attendance:

We do not sell or rent information about you to anyone. We do not share Google user data with third parties for their own purposes.

5. Sub-processors

We rely on the following service providers to operate Notetaker. Each one processes data only on our instructions and only to the extent needed to deliver their service:

6. Where data is stored

Notetaker’s primary database and file storage are hosted in Canada (Supabase ca-central-1). Application servers and edge functions run on Vercel’s global infrastructure. Recall.ai processes meeting audio and video on its own infrastructure in the United States.

7. Data retention

Transcripts and meeting metadata are retained for as long as your account is active, unless you delete them sooner. Encrypted Google OAuth refresh tokens are retained until you disconnect your calendar or your account is deleted. Operational logs are retained for approximately 30 days.

When you request account deletion, access is disabled immediately. We delete your authentication account, profile, calendar credentials, preferences, locally queued recordings, and owned in-person recordings, audio, transcripts, summaries, and speaker edits within 30 days. Your identifying participant fields and access links are removed from meetings owned by other people; those shared meetings are preserved for their independent owners and other participants.

After processing, we retain a minimal deletion audit containing the request identifier, status, timestamps, attempt count, and non-content error code when needed for security, legal, or compliance purposes. The email address and captured meeting or storage identifiers are removed from the completed audit. Backups containing deleted data may persist for up to an additional 90 days before being overwritten.

8. Your choices

9. Security

Data is transmitted over TLS. OAuth refresh tokens are encrypted at rest in Supabase Vault using AES-256. Row-level security policies in the database limit which authenticated user can read which records. Access to production systems is restricted to a small number of Volta operators.

10. Children

Notetaker is not directed to children under 13 and we do not knowingly collect information from them.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to active users at least 14 days before they take effect. The effective date at the top of this page indicates when the current version was published.

12. Contact

Questions or requests about this policy and your data: privacy@voltaeffect.com.

Volta Labs Inc.
1800 Argyle Street, Unit 801
Halifax, Nova Scotia, Canada