Privacy Policy

NoteWave is developed and operated by Blaze AI Solutions (Pty) Ltd ("Blaze AI Solutions", "we", "us", or "our"), which is the responsible party (as defined under POPIA) for processing your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered meeting transcription services.

We are committed to handling personal information in accordance with applicable data protection laws, including South Africa's Protection of Personal Information Act (POPIA) and, where applicable, the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

By using NoteWave, you confirm that you are at least 18 years of age. If you are under 18, you may not use the Service.

Under applicable privacy laws (GDPR, POPIA, CCPA), you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Data Portability: Export your data in a machine-readable format
• Right to Object: Object to processing for direct marketing or legitimate interests
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., South Africa's Information Regulator)

To exercise your rights, contact our privacy team at contact@blazesolutions.ai or use the contact information in Section 13. We will respond within 30 days.

We process personal information on the following lawful bases, as applicable: (1) performance of our contract with you (providing the Service), (2) our legitimate business interests (improving the Service, security, fraud prevention), (3) compliance with legal obligations, and (4) your consent (where required by applicable law). Where we rely on consent, you may withdraw it at any time.

We use reasonable technical and organisational measures designed to protect your data from unauthorised access, loss, misuse, or disclosure:

• Encryption: Encryption in transit and at rest, where supported by our infrastructure providers
• Infrastructure Security: Certain infrastructure providers we use (such as Supabase and Vercel) maintain recognised security certifications such as SOC 2 and ISO 27001
• Access Controls: Authentication safeguards and role-based access control where applicable
• Backups: Automated backups maintained by our infrastructure providers

No system is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security. Security measures depend in part on the practices of our infrastructure providers.

We share data only in the following limited circumstances:

6.1 Trusted Service Providers

We share data with carefully selected service providers who process data on our behalf:

• LemonSqueezy: Payment processing and subscription management
• Supabase: Secure database storage, authentication, and real-time features
• Vercel: Frontend hosting and content delivery
• Fly.io: Backend Python hosting for transcription processing
• ElevenLabs: AI transcription services
• OpenAI: AI summarization and processing services
• RevenueCat: In-app subscription management for mobile applications (purchase validation, entitlement delivery, and subscription status tracking)
• Zoom, Microsoft Teams: Meeting platform integrations (when you connect your account)

All providers are contractually required to protect your data and use it only for specified purposes.

6.2 Legal Requirements

When required by law, court order, subpoena, or government regulation, or to:

• Comply with legal processes and obligations
• Protect our rights, property, or safety, or that of our users
• Investigate fraud, security breaches, or Terms of Service violations
• Respond to emergency situations involving potential harm

6.3 Business Transfers

In case of merger, acquisition, bankruptcy, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and provide opt-out options where possible.

6.4 With Your Consent

Any other data sharing requires your explicit consent, which you can withdraw at any time.

6.5 International Data Transfers

Your data may be processed in countries outside your location, including the United States and European Union. Where required by applicable law, we rely on appropriate safeguards for cross-border data transfers. Our infrastructure providers may use mechanisms such as Standard Contractual Clauses (SCCs) to support lawful transfers.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify affected users without undue delay and within the timeframes required by applicable law
• Inform relevant supervisory authorities or regulators as required by law
• Provide clear information about the nature of the breach, potential consequences, and remedial actions
• Take reasonable steps to contain and remediate the breach

We retain data only as long as necessary for business purposes and legal obligations:

• Account Data: Retained until account deletion, then purged within 30 days (except as required for legal/financial obligations)
• Audio Files: Retained only as long as needed for transcription processing, then deleted in accordance with our operational procedures unless explicitly saved by the user
• Transcripts: Retained until user deletion or account termination
• Analytics Data: Retained for a reasonable period and anonymised where practicable
• Backup Data: Retained in encrypted backups for a limited period before being cycled out
• Legal/Financial Records: Retained for 7 years as required by South African law

User Control: You can request deletion of your data at any time through account settings or by contacting contact@blazesolutions.ai. We will process deletion requests within 30 days unless legally required to retain data.

We use cookies and similar technologies to enhance your experience. For detailed information, see our Cookie Policy.

Types of cookies we use:

• Essential Cookies (Required): Login sessions, authentication, security, and core functionality
• Preference Cookies (Optional): Language, theme, and display settings

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect service functionality. See our Cookie Policy for more details.

NoteWave is not intended for children under 18 years of age. We do not knowingly offer the Service directly to anyone under 18. Users are responsible for ensuring they have a lawful basis to record and process meeting content involving any participants.

If we learn that personal information relating to a child under 18 has been collected in a way that requires action under applicable law, we will take appropriate steps to address the situation. If you believe a user is under 18, please contact us at contact@blazesolutions.ai.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email or through prominent notice in the Service
• Provide at least 30 days' notice for material changes that adversely affect your rights

Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Service.