Privacy Policy

This Privacy Policy applies to personal information we collect through:

• our website and related landing pages;
• our Electron-based desktop application;
• user accounts, authentication, and profile management;
• payment, billing, and subscription flows;
• customer support, communications, and service operations; and
• any other interaction you have with ShadowMeet that links to or references this Privacy Policy.

This Privacy Policy does not apply to third-party websites, platforms, products, or services that are not operated by us, even if they integrate with or are accessible through the Services. Those third parties operate under their own privacy notices and terms.

• Controller / Business Name: Ranal Technologies Private Limited
• Country of Incorporation: India
• Privacy Contact: privacy@shadow-meet.com

Where required by applicable law, ShadowMeet acts as the "data controller" or "business" with respect to personal information collected for our own business purposes, such as account administration, payments, fraud prevention, analytics, support, and product improvement.

In some contexts, we may also process information on a user's behalf in connection with features the user intentionally activates in the Services.

The categories of personal information we collect depend on how you use the Services.

We collect personal information from the following sources:

• directly from you when you create an account, use the Services, upload content, make a purchase, or contact us;
• automatically from your device and browser when you interact with the Services;
• from authentication providers, such as Google, when you choose social login;
• from payment processors and billing providers in connection with subscriptions and transactions;
• from analytics, hosting, infrastructure, and security providers;
• from your use of the AI, transcription, and screenshot-processing features; and
• from other users or organizations where relevant to shared or collaborative use cases, if introduced in the future.

We use personal information for the following purposes:

1. To provide and operate the Services. This includes account creation, authentication, maintaining your subscription or credit balance, enabling app functionality, processing screenshots and files, generating transcripts, and returning AI-generated responses.
2. To deliver real-time meeting assistance features. This includes converting speech to text, analyzing user-provided context, generating live answers or suggestions, and supporting multimodal features.
3. To process transactions and manage billing. This includes subscriptions, credit purchases, payment confirmations, invoicing, refunds, fraud checks, and payment-related customer support.
4. To personalize and improve the Services. This includes troubleshooting, internal analytics, service quality monitoring, product development, feature testing, and improving system performance, reliability, and safety.
5. To communicate with you. This includes sending account notices, service announcements, security alerts, transactional messages, support responses, and, where permitted by law, marketing communications.
6. To protect the Services and our users. This includes detecting abuse, unauthorized access, fraud, misuse, policy violations, and security incidents, and enforcing our legal rights and agreements.
7. To comply with legal obligations. This includes tax, accounting, regulatory, law enforcement, dispute-resolution, and recordkeeping requirements.

If you are located in the European Economic Area, United Kingdom, or another jurisdiction requiring a legal basis for processing, we rely on one or more of the following legal bases, depending on the context:

• Performance of a contract where processing is necessary to provide the Services you request, such as creating your account, enabling login, processing purchases, generating transcripts, and returning AI responses.
• Legitimate interests where processing is necessary for our legitimate business interests, such as improving the Services, preventing fraud, securing our systems, providing support, analyzing usage, and defending legal claims, provided that those interests are not overridden by your rights.
• Consent where required by law, such as for certain cookies, certain optional processing activities, or certain marketing communications. Where we rely on consent, you may withdraw it at any time, subject to applicable law.
• Compliance with legal obligations where we must process information to comply with applicable laws, regulations, court orders, or lawful requests.

ShadowMeet may process information contained in live conversations, screenshots, uploaded files, and transcripts. Depending on how you use the Services, this information may include confidential, proprietary, or sensitive content.

You are responsible for ensuring that you have all necessary rights, notices, and permissions before submitting, recording, uploading, or otherwise processing any personal information, confidential information, or third-party content through the Services, including where meeting participants or other individuals may be involved.

We do not intentionally require users to provide special categories of personal data or other highly sensitive information unless the user chooses to submit it through the Services. Users should avoid submitting sensitive information unless it is necessary and lawful to do so.

ShadowMeet uses automated systems, including speech recognition, language models, and multimodal analysis tools, to provide transcription, contextual assistance, and response generation.

These systems may analyze audio, text, screenshots, files, and related inputs in order to generate outputs. AI-generated outputs may be inaccurate, incomplete, or inappropriate in some circumstances. Users remain responsible for reviewing outputs and for how they use the Services in interviews, meetings, and other real-world settings.

We may use service providers and model providers to process requests and return outputs, subject to contractual, technical, and organizational controls we consider appropriate for the Services.

We may disclose personal information as follows:

Our current service providers and infrastructure may include providers in categories such as:

• hosting and deployment providers, including Vercel;
• cloud data and storage providers, including MongoDB Atlas and Cloudinary;
• payment processors, including Razorpay;
• authentication providers, including Google OAuth and related identity tooling;
• analytics providers, including Google Analytics;
• email and communication tools, including Nodemailer or underlying mail infrastructure;
• AI and inference providers, which may include Groq and other model providers we use now or in the future;
• speech processing infrastructure, including self-hosted Whisper deployments and API fallback providers; and
• infrastructure partners such as RunPod.

We may change our providers from time to time as our business and technical architecture evolve.

ShadowMeet operates from India and may use service providers and infrastructure located in multiple countries, including the United States and other jurisdictions. As a result, your personal information may be transferred to, stored in, or processed in countries other than the country in which you reside.

Where required by applicable law, we take steps designed to provide appropriate safeguards for cross-border transfers, which may include contractual protections, standard contractual clauses, or reliance on another lawful transfer mechanism.

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain business records.

Based on our current practices:

• Account data may be retained for up to 2 months after account deletion, unless longer retention is required for legal, security, fraud prevention, or dispute-resolution purposes.
• Operational logs may be retained for longer periods where needed for security, debugging, fraud prevention, auditing, or service integrity.
• Meeting recordings, transcripts, uploads, and related content may be retained in accordance with user settings, service functionality, and operational needs, unless deleted earlier or retention is limited by law or future product settings.
• Billing and transaction records may be retained as needed for accounting, tax, legal, and compliance purposes.

Actual retention periods may vary depending on the nature of the data, user actions, legal obligations, technical requirements, and legitimate business needs.

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures may include encryption in transit, access controls, secure hosting practices, credential protections, monitoring, and vendor management.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for using appropriate security measures on your own devices and accounts.

Depending on your location, you may have certain privacy rights under applicable law.

We use cookies and similar technologies to operate and improve the Services, remember preferences, maintain sessions, understand usage patterns, measure marketing and product performance, and help secure our website and applications.

These technologies may include:

• strictly necessary cookies used for core site and account functionality;
• analytics cookies used to understand how users interact with the Services;
• preference cookies used to remember settings;
• security-related technologies used to maintain the integrity of the Services; and
• similar technologies such as local storage, SDKs, tags, or pixels.

Where required by applicable law, we will request consent before placing non-essential cookies or similar technologies. You can also manage cookies through your browser settings, although doing so may affect functionality.

We may send transactional or service-related communications, such as receipts, billing notices, security alerts, login notifications, feature updates related to your account, and customer support communications.

Where permitted by law, we may also send product updates, promotions, or marketing messages. You can opt out of marketing emails by using the unsubscribe link in the message or contacting us at privacy@shadow-meet.com. Even if you opt out of marketing messages, we may still send essential transactional or service-related communications.

The Services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 without authorization required by applicable law. If we learn that we have collected personal information from a child under 13 in violation of applicable law, we will take steps to delete that information.

If you believe a child has provided personal information to us unlawfully, please contact us at privacy@shadow-meet.com.

Some browsers and extensions offer privacy preference signals such as "Do Not Track" or Global Privacy Control. Because privacy preference signal obligations vary by jurisdiction and technical implementation, we will interpret and respond to such signals as required by applicable law.

Because ShadowMeet may be used in live meetings, interviews, and conversations involving other individuals, you are responsible for using the Services lawfully and ethically. This includes obtaining any required notice, consent, or permission before recording, transcribing, uploading, sharing, or analyzing audio, screenshots, documents, or other information through the Services.

You must not use the Services in violation of applicable privacy, employment, surveillance, wiretapping, confidentiality, intellectual property, or other laws.

We may update this Privacy Policy from time to time to reflect changes in our Services, technologies, legal obligations, or business practices. When we make changes, we will revise the "Last Updated" date above. If changes are materially significant, we may provide additional notice as required by law.

Your continued use of the Services after an updated Privacy Policy becomes effective means the updated version will apply to your use of the Services, subject to applicable law.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, you may contact us at: