Legal

Privacy Policy

Last updated: May 26, 2026

MeetingPrep (“MeetingPrep,” “we,” “our,” or “us”) respects the right to privacy of our users (“you,” “your,” or “Customer”). This Privacy Policy details what information we collect, how we use the information, and what rights you have with regards to such information.

This Privacy Policy applies to all websites operated by MeetingPrep, including meetingprep.ca, our Chrome extension, and our applications and services (collectively, the “Service” or “Services”). By using our Services, you expressly agree to MeetingPrep’s collection, storage, use, processing, and disclosure of your information as described in this Privacy Policy.

GDPR Compliance

MeetingPrep has taken steps to comply with the EU General Data Protection Regulation (“GDPR”) regarding the collection, use, transmission, processing, and retention of personal identifiable data of natural persons from European Union member countries. MeetingPrep is committed to protecting your data in a secure and transparent manner. We process, use, and exchange personal data for our legitimate business purposes only in the limited uses described herein.

To learn more about your rights under the GDPR, please visit https://gdpr.eu.

Information We Collect

MeetingPrep collects data to provide the Services you request, ease your navigation on our Services, communicate with you, and improve your experience. Some of this information is provided by you directly, such as when you create an account. Some information is collected through your interactions with our Services.

Account Information

When you create an account, we collect your email address and encrypted password. This is used for authentication and account access.

Calendar Data

When you connect your Google Calendar or Microsoft Outlook, we access your calendar events to identify upcoming meetings and generate briefings. We collect meeting titles, times, attendee names, and attendee email addresses.

Connected Services Data

When you connect additional services (Gmail, Slack, GitHub, Notion, Discord, Zoom, Google Drive, Google Docs), we access relevant data to provide context for your meeting briefings. This may include:

  • Email threads with meeting attendees (Gmail, Outlook)
  • Messages in relevant channels and direct messages (Slack, Discord, Microsoft Teams)
  • Code activity including commits, pull requests, and issues (GitHub)
  • Pages, databases, and documents (Notion, Google Docs, Google Drive)
  • Meeting recordings and transcripts (Zoom)

Chrome Extension Data

Our Chrome extension collects:

  • Meeting titles you enter in Google Calendar or Microsoft Outlook
  • Optional context you provide for meetings
  • Your preference for whether to prepare a briefing for each meeting

Usage Data

We collect information about your use of our Services, including:

  • Frequency and duration of your use
  • Features used and actions taken
  • Device information and browser type
  • IP address and approximate location (city/region)
  • Error reports and performance data

Cookies and Similar Technologies

MeetingPrep uses cookies and similar technologies to personalize your experience, analyze traffic, and improve our Services. Cookies are small text files stored on your device.

We use the following types of cookies:

  • Necessary cookies: Required for the website to function properly, including authentication and security.
  • Preference cookies: Remember your settings and preferences.
  • Analytics cookies: Help us understand how visitors interact with our Services (e.g., Microsoft Clarity, Google Analytics).

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of our Services.

How We Use Your Information

MeetingPrep uses information we collect for the following purposes:

  • Providing, maintaining, and improving our Services
  • Generating personalized meeting briefings
  • Identifying relevant context from your connected services
  • Delivering briefings via your preferred method (Slack, email, or push notification)
  • Communicating with you about your account and our Services
  • Providing customer support
  • Analyzing usage patterns to improve our Services
  • Protecting against fraud and unauthorized access
  • Complying with legal obligations

How We Share Your Information

MeetingPrep does not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

  • Service Providers: We share data with third-party vendors who assist in providing our Services, including cloud hosting (Microsoft Azure, Supabase), AI processing (OpenAI), and analytics providers.
  • Legal Requirements: We may disclose information if required by law, court order, or government request.
  • Protection of Rights: We may disclose information to protect our rights, property, or safety, or that of our users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and Canada. These countries may have different data protection laws. By using our Services, you consent to such transfers. We take steps to ensure that your information receives adequate protection in accordance with this Privacy Policy.

Third-Party Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data.
  • Portability: Request a copy of your data in a portable format.
  • Objection: Object to certain processing of your data.
  • Withdraw Consent: Withdraw consent for data processing at any time.
  • Disconnect Services: Disconnect any connected service at any time from your Settings page.

To exercise these rights, please contact us at privacy@meetingprep.ca.

Opt-Out of Communications

You may opt out of receiving promotional communications from us by following the unsubscribe instructions in those emails. You will continue to receive transactional emails related to your account and Services.

Data Retention

We retain your personal information only for as long as necessary to provide the Services and for the purposes described in this Privacy Policy. Specific retention periods include:

  • Account data: Retained for as long as your account is active.
  • Meeting briefings: Automatically deleted 90 days after they are generated, as they are derived from sensitive connected-service data and have limited ongoing value.
  • Connected-service tokens: Retained only while the relevant integration is connected; deleted when you disconnect a service or delete your account.
  • Security audit logs: Retained for up to 12 months to support security monitoring and compliance, then automatically deleted.
  • Account deletion: When you delete your account, we delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

Security

We take the protection of your information seriously and apply industry-standard technical and organizational safeguards. Our security measures include:

  • Encryption in transit: All connections to our Services are protected with TLS/HTTPS, enforced via HTTP Strict Transport Security (HSTS).
  • Encryption at rest: Stored data is encrypted at rest. OAuth access and refresh tokens for your connected services are additionally encrypted at the application layer using authenticated encryption before being stored.
  • Password protection: Account passwords are never stored in plain text; they are hashed using the bcrypt algorithm.
  • Session security: Authentication uses short-lived access tokens with rotating refresh tokens, delivered via secure, httpOnly cookies. Accounts are temporarily locked after repeated failed login attempts to deter brute-force attacks.
  • Browser hardening: Our web application sets a Content Security Policy (CSP), HSTS, anti-clickjacking, and other security response headers to reduce the risk of common web attacks.
  • Access controls and rate limiting: API access is authenticated and rate-limited, and cross-origin requests are restricted to an explicit allow-list of our own domains.
  • Audit logging: Security-relevant events (such as authentication attempts, integration changes, and account deletions) are recorded in an audit trail to support monitoring and incident investigation.
  • Dependency and secret management: Software dependencies are kept up to date and scanned for known vulnerabilities, and our code repositories are scanned to prevent credentials from being committed.
  • Revocation on disconnect: When you disconnect a service or delete your account, we make a best-effort request to the relevant provider to revoke the associated access, in addition to deleting the tokens we hold.
  • Limited access: Access to production systems and personal data is restricted to authorized personnel and only as necessary to operate the Services.

We also undergo third-party security assessment in connection with our use of restricted Google API scopes (CASA — the Cloud Application Security Assessment).

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee its absolute security.

Children’s Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us at privacy@meetingprep.ca.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at privacy@meetingprep.ca.

Google API Services User Data Policy

MeetingPrep’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to the Google user data that is necessary to provide the features described in our Services (calendar events, email context for meeting briefings).
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read your Google user data unless we have your affirmative agreement, it is necessary for security purposes, it is necessary to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and anonymized.
  • We do not transfer Google user data to third parties except as necessary to provide or improve our Services, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@meetingprep.ca
Website: https://meetingprep.ca