Privacy Policy

Effective and last updated: July 17, 2026

saidtrack is a realtime meeting copilot operated by Prinsur Tech CO., LTD. (鈦溪科技股份有限公司), a company incorporated in Taiwan ("saidtrack", "we", "us"). This policy explains how we collect, use, store, and share personal data when you visit saidtrack.com or use the saidtrack service. It applies to account holders and also to meeting participants who are recorded during a meeting without holding an account. The English version of this policy controls; the Traditional Chinese version is provided for convenience.

1. Who is responsible for your data

Prinsur Tech CO., LTD. is the data controller for the personal data described in this policy. You can reach us at support@prinsur.com for any privacy question or request.

2. What we collect

  • Account data. Your name, email address, and optional profile picture, received through our identity provider WorkOS when you sign in with a one-time email code or with Google or GitHub. The Service uses no passwords.
  • Meeting audio. The live audio of meetings you record. Meetings are conversations, so the audio can include the voices of people other than you.
  • Transcripts and speaker labels. The text transcript of each meeting, segmented into turns and attributed to you or to other speakers.
  • Voiceprint (biometric data). If you choose to enroll, a numeric voice embedding derived from a short sample of your own voice. See section 5.
  • Meeting inputs. The meeting objective you enter, and the text extracted in your browser from files you choose to attach as meeting knowledge. The files themselves never leave your browser; only the extracted text is sent to us.
  • AI outputs and inferences. Summaries, suggestion cards, and emotion signals that our systems generate from the transcript.
  • Device and usage records. Our identity provider records the IP address and browser user agent of sign-in sessions so you can review and revoke them. Our servers keep operational logs for security and debugging.

3. Cookies and analytics

We use first-party cookies only. There are no third-party advertising cookies and no cross-site tracking.

  • Session cookie (wos-session): keeps you signed in. Set by our authentication layer, httpOnly.
  • Locale cookie (saidtrack_locale): remembers your language preference for up to one year.
  • Pending verification cookie (workos_pending_verification): set for up to 15 minutes while a sign-in needs its email address verified; contains a short-lived verification token and the email address being verified.
  • Pending meeting cookie (pending_meeting): if you fill in the new meeting form before signing in, holds your meeting objective for up to 30 minutes so it survives the sign-in step.
  • Interface cookies: remember sidebar state for up to 7 days. Your theme preference is kept in your browser's local storage.

We use Vercel Web Analytics and Vercel Speed Insights to understand aggregate page usage and performance across the site, including for visitors without an account. These tools do not set cookies and do not build cross-site profiles.

4. Meeting participants who are not account holders

saidtrack transcribes meetings, and meetings include people other than the account holder. If you were a participant in a recorded meeting but do not hold a saidtrack account, this section is for you.

  • The account holder who records a meeting is responsible for informing participants and obtaining any consent required by applicable law, as set out in our Terms of Service.
  • What we process about participants: their voice within the meeting audio (processed live and not stored), their words within the transcript, and speaker labels that distinguish them from the account holder.
  • We do not create voiceprints of participants, and we do not build participant profiles across meetings. Voiceprint enrollment exists only for the account holder's own voice.
  • You can contact us at support@prinsur.com to exercise your rights. We can delete a meeting in full and correct speaker labels. We do not currently have an automated tool to remove a single speaker's words from a transcript, so such requests are handled manually within a reasonable period.

5. Voiceprints and biometric data

A voiceprint is a numeric representation of your voice. It counts as biometric data in many jurisdictions, so we hold it to the strictest rules we apply to any data category.

  • Optional and self-only. Enrollment is optional, and the service only supports enrolling your own voice. Enrolling another person's voice is prohibited by the Terms of Service.
  • Single purpose. The voiceprint is used for exactly one thing: recognizing which parts of a meeting were spoken by you, so your transcript can be labeled correctly. It is not used for identification across services, advertising, or any other purpose.
  • Separate, recorded consent. Before any voice sample is processed, you must give explicit consent through a dedicated consent step, and we store the timestamp of that consent. For users in the European Economic Area this is the explicit consent basis under Article 9(2)(a) GDPR.
  • Storage and sharing. The voiceprint is stored as a numeric embedding in our database, encrypted at rest. It is never returned through any API, never shared with our speech-to-text provider or our LLM provider, and never leaves our systems.
  • Destruction. Your voiceprint is destroyed when you withdraw consent in settings or when you delete your account, whichever comes first.

6. How we use personal data

We use the data described above to provide realtime transcription and in-meeting suggestions, to generate summaries and reports after a meeting, to attribute speech to speakers, to manage your account, to keep the service secure, and to debug and improve the service using aggregate, non-identifying information.

  • We do not sell personal data.
  • We do not use your data for advertising.
  • We do not train AI models on your recordings, transcripts, or files, and our AI providers are, by contract or by their default policies, not permitted to do so either.

7. AI processing and our providers

  • Speech-to-text: Soniox. Meeting audio is streamed to Soniox for live transcription and is processed in real time. We do not store audio (see section 10). According to Soniox's public security statements, realtime audio and transcripts are not stored by Soniox and are not used to train its models. We rely on those statements and on our agreement with Soniox.
  • Language model: Anthropic. Transcript text, your meeting objective, and any attached knowledge text are sent to Anthropic's Claude models to generate summaries, suggestions, and emotion signals. Anthropic does not train its models on commercial API inputs or outputs by default. Under Anthropic's standard data retention policy, API inputs and outputs are retained by Anthropic for up to 30 days and then deleted.
  • Emotion signals are text inferences. Emotion signals shown in the product are inferences drawn by a language model from the text transcript. We do not analyze voice tone or any biometric signal to detect emotion.

8. Service providers

We share personal data only with the service providers that run the product for us, and only to the extent needed for their role. The providers central to the product are WorkOS (identity and sign-in), Soniox (speech-to-text), and Anthropic (language model). The full list, including hosting and storage providers, is maintained on our Subprocessors page.

9. International transfers

We operate from Taiwan. Persistent data (accounts, transcripts, summaries, voiceprints) is stored with database and compute providers in Singapore. Short-lived in-meeting state is held in a globally replicated cache for the duration of a meeting. Our speech-to-text, language model, identity, email delivery, and web hosting providers process data in the United States. Where the GDPR applies, transfers rely on recognized mechanisms such as the European Commission's Standard Contractual Clauses, implemented through data processing agreements with our providers. We handle cross-border transfers in accordance with Taiwan's Personal Data Protection Act.

10. How long we keep data

  • Meeting audio: not stored. Audio is processed in memory in a rolling buffer of roughly 90 seconds and immediately discarded. It is never written to disk or object storage, on our systems or at our direction.
  • Transcripts, summaries, suggestions, emotion signals: kept until you delete the meeting or your account.
  • Voiceprint: kept until you withdraw consent or delete your account.
  • Meeting knowledge and live meeting state: held in a memory cache during the meeting, actively cleared when the meeting ends, and in any case expiring within 6 hours.
  • Audit records: audit records tied to a meeting are deleted together with that meeting or your account. A small set of system-level audit records is retained for compliance and security. This includes the timestamp of your voiceprint consent, which we keep after withdrawal as evidence that consent existed and was revoked.
  • Account data: kept until you delete your account.
  • Server logs: retained by our hosting platforms for a limited period. Log contents are systematically masked and do not include transcript text.

Deleting your account permanently deletes your account, meetings, transcripts, summaries, voiceprint, and profile picture, and clears any live meeting state, subject only to the audit exception above.

11. Security

Data is encrypted in transit with TLS and encrypted at rest at the infrastructure layer. Internal service endpoints are protected by shared secrets, and logs are masked to keep transcript content out of them. Our providers maintain independent certifications such as SOC 2 and ISO 27001. No method of transmission or storage is completely secure, but we design the service so that the most sensitive data, your audio, is never stored at all.

12. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability. Residents of Taiwan have the rights set out in Article 3 of the Personal Data Protection Act, which cannot be waived in advance. Meeting participants without an account can exercise these rights too.

In the product you can delete meetings, delete your account, withdraw voiceprint consent, and export any meeting report as a DOCX or Markdown file. For anything else, or to exercise rights by request, email support@prinsur.com. We respond within a reasonable period and may need to verify your identity before acting on a request.

13. Sign in with Google or GitHub

Sign-in with Google. When you choose to sign in with Google, we receive only your basic profile information: your name, email address, and profile picture, through Google's standard identity scopes (openid, email, profile). We use this information solely to create and authenticate your saidtrack account and to display your identity within the product. We do not request or access your Gmail, Google Calendar, Google Drive, or any other Google content. saidtrack's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Sign-in with GitHub. When you sign in with GitHub, we receive only your basic GitHub profile and email address, used for the same account purposes.

Both sign-in flows are brokered by WorkOS, our identity provider, which processes this profile data on our behalf.

14. Children

The service is not directed to children under 16. By using saidtrack you confirm that you are at least 16 years old. If we learn that we have collected personal data from a child under 16, we will delete it.

15. Changes to this policy

We will post any changes on this page and update the date at the top. For material changes, we will provide notice in the product before the change takes effect.

16. Contact

Prinsur Tech CO., LTD. (鈦溪科技股份有限公司), Taiwan
support@prinsur.com