Privacy Policy

1. Scope, Definitions, and Roles

1.1 Scope

This Policy applies to:

• visitors to our website;
• users who create an account or otherwise use the Service; and
• individuals whose information may appear in meeting transcripts or calendar events (e.g., meeting attendees).

1.2 Key Definitions

• "Account"means your IceCubes account credentials and profile.
• "Meeting Content"means caption/transcript text captured while the extension is active and captions are enabled, as well as related meeting notes, highlights, and action items.
• "Workspace"means a collaborative environment where multiple users can access shared Meeting Content subject to permissions.
• "Personal Information"means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with an individual.

1.3 Controller/Business vs. Processor/Service Provider

Depending on how the Service is used:

• IceCubes as Controller/Business: We act as a controller/business for information processed to operate and secure the Service, manage accounts, communicate with users, and maintain our business operations.
• IceCubes as Processor/Service Provider: If you use IceCubes through an organization-managed Workspace, we may process Meeting Content on behalf of that organization. In those cases, the organization controls how the Service is configured and used, and may be the controller/business for that content.

If you use IceCubes through a Workspace administered by an organization, that organization's policies may also apply.

2. Information We Collect

We collect information in three ways: (a) information you provide; (b) information from third-party services you connect; and (c) information collected automatically.

2.1 Information You Provide

• Account Information. When you create an account or log in, we collect your name, email address, and authentication information via Google Sign-In.
• Meeting Content (Captured Captions). When you use the IceCubes browser extension while captions are enabled, we collect caption/transcript text from supported video conferencing platforms. We may also associate that transcript with metadata (e.g., meeting title) and your workspace selections.
• User-Generated Content. Notes, comments, highlights, action items, and other content you create in the Service.
• Workspace Information. Workspace name, member lists, user roles/permissions, sharing settings, and other collaboration-related information.
• Support Communications. If you contact us, we collect the content of your message and any information you choose to provide (including attachments) to investigate and respond.

2.2 Information from Third-Party Services (When You Enable Them)

• Google Calendar (Read-Only). With your permission, we access your Google Calendar using read-only API access to retrieve calendar event details (e.g., title, time, description, attendees) to match with your meeting transcripts. We do not modify, create, or delete calendar events.
• Video Conferencing Platforms (Captions Only). We capture caption text from platforms such as Google Meet, Zoom, and Microsoft Teams through our browser extension when (i) the extension is active and (ii) captions are enabled. We do not record audio or video.

2.3 Automatically Collected Information

• Device and Technical Data. Browser type, operating system, device identifiers, language, app/extension version, and settings.
• Usage Data. Feature usage, meeting duration, interactions with the Service (e.g., clicks, searches), and performance metrics.
• Log Data. IP address, timestamps, pages viewed, crash reports, and diagnostic logs. We may infer approximate location from IP for security and fraud prevention.
• Cookies and Similar Technologies. We may use cookies, local storage, and similar technologies to keep you logged in, remember preferences, and understand usage. You can typically control cookies through browser settings; disabling them may affect functionality.

3. How We Use Your Information

We use information for the following purposes:

3.1 Provide and Operate the Service

• Authenticate users and maintain accounts
• Capture, store, organize, and display Meeting Content and user-generated content
• Administer Workspaces, permissions, and sharing

3.2 Calendar Matching and Participant Identification

• Match transcripts with calendar events
• Identify participants using calendar attendee information

3.3 AI Features (If You Use Them)

To provide AI-powered features (e.g., summaries, action items, chat about meetings), we may send Meeting Content (or relevant excerpts) to third-party AI service providers (e.g., OpenAI) for processing. We use these outputs to provide features you request (e.g., summaries, extraction of action items, searchable insights).

3.4 Contacts and Organizations Database (Within Your Account/Workspace)

We may create and organize a database of contacts and organizations based on calendar attendees you have met with, to support search, recall, and relationship/context features within the Service.

3.5 Communications

• Send service-related messages (security notifications, operational communications, feature updates)
• Respond to support inquiries

3.6 Improvement, Analytics, and Product Development

• Analyze usage trends to improve features and user experience
• Debug, troubleshoot, and optimize performance

3.7 Security, Fraud Prevention, and Compliance

• Detect, prevent, and remediate fraud, abuse, and security incidents
• Enforce our terms and protect rights, property, and safety
• Comply with legal obligations

4. Information We Do Not Collect

For clarity, IceCubes does not collect:

• audio or video recordings of meetings;
• screen content outside meeting captions;
• private chat messages within video conferencing platforms;
• data from meetings you do not participate in;
• your browsing history outside the IceCubes Service; or
• financial/payment card information (we do not process payments as described in this Policy).

5. Legal Bases for Processing (EEA/UK and Similar Jurisdictions)

Where applicable, we rely on:

• Contract: to provide the Service you request
• Consent: for optional integrations (e.g., Google Calendar) and certain features where required
• Legitimate Interests: to secure and improve the Service, prevent fraud, and ensure reliability (balanced against your rights)
• Legal Obligation: to comply with applicable laws and lawful requests

You may withdraw consent at any time by disconnecting integrations or disabling features, without affecting processing already performed.

6. How We Share Information

We share information only as described below.

6.1 With Your Direction or Consent

• Shared Meetings and Links. If you share meeting content via share links or workspace assignments, recipients you authorize can access shared content subject to permissions.
• Workspace Members. Content assigned to a workspace is accessible by workspace members according to workspace permissions and role settings.

6.2 Service Providers (Subprocessors)

We use trusted vendors to provide infrastructure and processing functions such as hosting, authentication, storage, analytics, and AI processing. Examples include:

• Google Firebase (authentication, database storage, file storage)
• Fly.io (application hosting and infrastructure)
• OpenAI (AI summary generation and chat features, where enabled)

These providers process information under contractual obligations designed to protect it and to use it only to provide services to us.

6.3 Legal Requirements and Protection

We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

• protect our rights, users, or others;
• investigate fraud or security incidents; or
• enforce our terms.

6.4 Business Transfers

If IceCubes is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction subject to appropriate confidentiality and security protections.

7. Data Security

We implement appropriate technical and organizational measures designed to protect information, including:

No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your credentials and controlling access to your devices.

8. Data Retention

We retain information for as long as needed to provide the Service and for legitimate business and legal purposes.

We may retain certain information longer if required by law or to resolve disputes, enforce agreements, or protect legal rights.

9. Your Rights and Choices

9.1 Access and Export

You can access your data through the Service and export data via Settings → Export Data.

9.2 Correction

You can edit transcripts (where supported), notes, and other content within the Service.

9.3 Deletion

You can delete meetings (moved to trash for 30 days) or delete your account via Settings → Delete Account.

9.4 Disconnect Third-Party Services

You can disconnect Google Calendar via Settings. Disconnecting stops future access; previously imported/matched information may remain unless deleted.

9.5 GDPR/UK GDPR Rights (EEA/UK Residents)

Subject to applicable law, you may request: access, rectification, erasure, restriction, data portability, and objection, and you may lodge a complaint with your supervisory authority. Contact privacy@icecubes.app.

9.6 CCPA/CPRA Rights (California Residents)

California residents may have the right to know, delete, correct, and (in some cases) opt-out of "sale"/"sharing" as defined by law. We do not sell personal information and do not share personal information for cross-context behavioral advertising. To exercise rights, contact privacy@icecubes.app.

Verification and Authorized Agents (California): We may verify your request (e.g., by confirming access to the account email). Authorized agents may submit requests with proof of authorization. We will not discriminate for exercising rights.

10. Google API Services User Data Policy (Limited Use)

IceCubes' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use Google Calendar data only to match meetings with calendar events and identify participants.
• We do not use Google user data for advertising purposes.
• We do not sell Google user data to third parties.
• We do not use Google user data to determine creditworthiness or for lending purposes.
• Human access to Google user data is limited to support requests where you have given explicit consent (or where otherwise permitted by law).

11. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information, contact privacy@icecubes.app, and we will take appropriate steps to delete it.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and providers may be located. Where required, we implement recognized transfer mechanisms (e.g., standard contractual clauses) and appropriate safeguards.

13. Third-Party Links and Services

The Service may link to or integrate with third-party services (e.g., Google, Zoom, Microsoft). Their privacy practices are governed by their own policies, not ours.

14. Changes to this Privacy Policy

We may update this Policy from time to time. We will post the updated Policy and update the "Last Updated" date. If changes are material, we will provide additional notice where required. Continued use after the effective date of an updated Policy indicates acceptance.

15. Contact Us

For questions, privacy requests, or concerns:

B.1 Categories of Personal Information Collected

Depending on your use, we may collect:

• Identifiers (e.g., name, email address)
• Internet/electronic network activity (e.g., device/browser info, logs, feature usage)
• Electronic information (meeting caption/transcript text; notes and annotations)
• Professional/employment-related information (where reflected in calendar event context and attendee details)
• Inferences (summaries, extracted action items, inferred topics derived from meeting content)

We do not collect meeting audio/video recordings, do not capture screen content outside captions, and do not collect private in-meeting chat messages.

B.2 Purposes for Collection/Use

• Provide and operate the Service (transcripts, search, workspaces, sharing)
• Match transcripts to calendar events (if enabled)
• Provide AI features (if used)
• Security, fraud prevention, debugging
• Analytics and improvements
• Customer support and service communications
• Legal compliance and enforcement

B.3 Sources

• You (account info, user-generated content, sharing choices)
• Integrations you enable (read-only Google Calendar data)
• Extension/device (logs, usage data)
• Caption feeds from supported platforms when captions are enabled and extension is active

B.4 Retention

As described in Section 8 (generally until deletion; trash 30 days; backups up to 30 days).

B.5 Sale/Sharing and Targeted Advertising

• No sale of personal information.
• No sharing for cross-context behavioral advertising (as defined by CPRA).
• We do not use Google user data for advertising.

B.6 Sensitive Personal Information

IceCubes does not require sensitive personal information. Meeting content may include sensitive information depending on what is said during meetings; we process such content only to provide the features you request and not to infer characteristics about you for advertising.

B.7 Exercising California Rights

Email privacy@icecubes.app. We may verify requests and honor authorized-agent requests with appropriate proof.

Even though IceCubes does not sell personal information and does not share personal information for cross-context behavioral advertising, some laws and platforms expect a dedicated statement/link.