Privacy Policy
Effective July 13, 2026
Volta Notetaker (“Notetaker”, “we”, “us”) is an internal tool operated by Volta Labs Inc. (“Volta”) at notetaker.voltaeffect.com. It joins video meetings on behalf of authorized users and lets authorized users record in-person meetings in the mobile app. It transcribes those recordings and stores the resulting transcripts so participants can review what was said.
This policy describes what information Notetaker collects, how it is used, who it is shared with, how long it is kept, and how to remove it. It applies to anyone who signs in to Notetaker, has a meeting recorded by it, or otherwise interacts with the service.
1. Information we collect
1.1 Account information
When you sign in with Google, we receive your name, email address, Google account ID, and profile picture URL. When you sign in with a magic link, we receive only your email address.
1.2 Google user data
With your consent, Notetaker requests the following Google OAuth scopes:
openid,email,profile— to identify you and create your account.https://www.googleapis.com/auth/calendar.readonly— to read the list of calendars on your account so you can choose which one Notetaker should watch.https://www.googleapis.com/auth/calendar.events.readonly— to read upcoming events on the calendars you have authorized, so Notetaker can detect meetings with a video conference link and schedule a bot for them according to your preferences.
Notetaker does not request write access to your calendar, your Gmail, your Drive, or your contacts. We never modify calendar events.
1.3 Meeting content
For online meetings that you or another authorized user have chosen to record, Notetaker captures the meeting’s audio and video via a bot operated by Recall.ai and produces a speaker-labeled transcript. The bot announces itself in the meeting chat when it joins.
In the mobile app, Notetaker uses the microphone only after an authorized user selects Start recording. Before recording, that user must confirm that they have informed all participants and obtained their consent, and must agree to the processing described below. The audio stays on the device until the user selects Save & upload.
Saved in-person audio is uploaded to Volta storage and sent to AssemblyAI to create a speaker-labeled transcript. After the transcript is ready, Anthropic automatically creates a meeting summary. The app names both services before recording starts and again before the audio is uploaded.
We also store metadata about the meeting: title, start and end time, the conference URL, and the list of attendees (name, email, talk-time) as reported by the calendar invite and the meeting platform.
1.4 Operational information
We log standard operational data — request timestamps, IP addresses, user-agent strings, error traces — for security and debugging. These logs are retained for a short period (typically 30 days) and are not used for analytics or advertising.
2. How we use information
We use the information described above only to:
- authenticate you and maintain your session;
- watch your calendar for eligible meetings and schedule notetaker bots according to your stated preferences;
- record, transcribe, and store meetings you have chosen to record;
- display transcripts to you, to other meeting attendees within Volta who have access, and to authorized Volta team members;
- send transactional emails (magic-link sign-in links, account notifications);
- secure the service, prevent abuse, and meet legal and contractual obligations.
3. Google API Services — Limited Use disclosure
Notetaker’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Google user data is used only to provide and improve the user-facing features described in this policy.
- We do not transfer Google user data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
- We do not allow humans to read Google user data unless we have obtained your affirmative agreement for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.
4. Who can see what
Access inside Notetaker is gated by role and by meeting attendance:
- Admins can see all transcripts and manage the allowlist.
- Contributors can record meetings and see transcripts of any meeting they were invited to.
- Viewers can sign in and see transcripts of meetings they were an invited attendee of, and nothing else.
We do not sell or rent information about you to anyone. We do not share Google user data with third parties for their own purposes.
5. Sub-processors
We rely on the following service providers to operate Notetaker. Each one processes data only on our instructions and only to the extent needed to deliver their service:
- Supabase (database, authentication, encrypted secret storage) — stores user accounts, transcripts, calendar metadata, and OAuth refresh tokens (encrypted at rest in Supabase Vault).
- Vercel — hosts the web application and runs scheduled jobs.
- Recall.ai — operates the meeting bot that joins, records, and transcribes meetings.
- AssemblyAI — receives saved in-person meeting audio and produces speaker-labeled transcripts.
- Anthropic — automatically generates AI summaries from completed meeting transcripts.
- Resend — delivers transactional emails (magic-link sign-in links).
- Google — provides the OAuth and Calendar APIs.
6. Where data is stored
Notetaker’s primary database and file storage are hosted in Canada (Supabase ca-central-1). Application servers and edge functions run on Vercel’s global infrastructure. Recall.ai processes meeting audio and video on its own infrastructure in the United States.
7. Data retention
Transcripts and meeting metadata are retained for as long as your account is active, unless you delete them sooner. Encrypted Google OAuth refresh tokens are retained until you disconnect your calendar or your account is deleted. Operational logs are retained for approximately 30 days.
When you request account deletion, access is disabled immediately. We delete your authentication account, profile, calendar credentials, preferences, locally queued recordings, and owned in-person recordings, audio, transcripts, summaries, and speaker edits within 30 days. Your identifying participant fields and access links are removed from meetings owned by other people; those shared meetings are preserved for their independent owners and other participants.
After processing, we retain a minimal deletion audit containing the request identifier, status, timestamps, attempt count, and non-content error code when needed for security, legal, or compliance purposes. The email address and captured meeting or storage identifiers are removed from the completed audit. Backups containing deleted data may persist for up to an additional 90 days before being overwritten.
8. Your choices
- Disconnect Google.You can revoke Notetaker’s access to your Google account at any time at myaccount.google.com/permissions. This stops new meetings from being detected and prevents bots from being scheduled.
- Cancel an in-person recording. Before you select Save & upload, you can discard the recording. Its local audio is removed and is not sent to AssemblyAI or Anthropic.
- Stop recording. You can change your auto-join preference in Settings so that bots are never scheduled automatically.
- Delete a transcript. Contact privacy@voltaeffect.com and we will remove the meeting record and all derived data.
- Delete your account. In the iOS app, open Settings and select Delete Account. Review the consequences and confirm the irreversible request. Your access is disabled immediately and deletion is completed within 30 days. You may also contact privacy@voltaeffect.com if you cannot access the app.
9. Security
Data is transmitted over TLS. OAuth refresh tokens are encrypted at rest in Supabase Vault using AES-256. Row-level security policies in the database limit which authenticated user can read which records. Access to production systems is restricted to a small number of Volta operators.
10. Children
Notetaker is not directed to children under 13 and we do not knowingly collect information from them.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email to active users at least 14 days before they take effect. The effective date at the top of this page indicates when the current version was published.
12. Contact
Questions or requests about this policy and your data: privacy@voltaeffect.com.
Volta Labs Inc.
1800 Argyle Street, Unit 801
Halifax, Nova Scotia, Canada