privacy policy

last updated: 9 april 2026

what miniti does

miniti records meetings on your device, transcribes them using deepgram, and generates summaries and insights using openai.

where your data lives

all meeting content - transcripts, notes, summaries, action items, MEDDPICC analysis - is stored locally on your device only. miniti does not upload, copy, or back up your meeting content to any server.

data protection and security

miniti is designed around a privacy-first, local-first architecture. we apply the following technical and organisational measures to protect your data, including sensitive data such as Google user data obtained via Google OAuth:

encryption in transit

• all network traffic between the miniti app and any third-party service (Google, Deepgram, OpenAI, Attio, Polar, Vercel, Upstash) uses HTTPS with TLS 1.2 or higher.
• OAuth 2.0 authorisation flows with Google use Google's official endpoints over TLS. authorisation codes are exchanged for tokens directly with Google.
• all Google Calendar API requests are made over HTTPS using Google's official API endpoints.
• the miniti.app website and all Netlify Functions endpoints enforce HTTPS with HSTS (Strict-Transport-Security), and are protected by a strict Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers.

encryption at rest

• Google OAuth tokens (access tokens and refresh tokens) are stored in the Apple Keychain on macOS and iOS. the Keychain provides hardware-backed encryption and is protected by the device passcode, Touch ID, or Face ID. tokens are never written to plaintext files, logs, or preferences.
• Deepgram and OpenAI API keys entered in bring-your-own-keys mode are also stored in the Apple Keychain.
• all meeting content (recordings, transcripts, summaries, calendar cache) is stored within the app's sandboxed container on your device, protected by macOS and iOS full-disk encryption (FileVault on macOS, Data Protection on iOS) when enabled by the user.

access controls and principle of least privilege

• miniti requests the minimum Google OAuth scope required for the feature: https://www.googleapis.com/auth/calendar.readonly. we never request write, delete, or share scopes.
• only the miniti app process on your device can access its own Keychain items; other apps on the device cannot read miniti's stored OAuth tokens.
• miniti has no backend access to your Google data. Google user data never touches miniti's servers, developer machines, logs, analytics, or any third party. no miniti employee, contractor, or administrator can access your Google Calendar data under any circumstances.
• access to miniti's production infrastructure (Netlify, Vercel, Upstash) is restricted to the sole developer via unique accounts with strong, unique passwords and two-factor authentication (2FA). none of that infrastructure processes Google user data.

data minimisation

• only the calendar fields required to render the "upcoming meetings" UI and pre-fill meeting titles are read (event title, start/end time, attendees, conferencing links).
• calendar data is fetched on demand for the relevant time window only; miniti does not bulk-download or mirror your entire calendar history.
• no Google user data is used for advertising, profiling, training AI/ML models, or any purpose other than directly providing the user-facing calendar features described in this policy.

no server-side storage of Google user data

Google user data (calendar events, OAuth tokens, account identifiers) is never transmitted to or stored on miniti's backend. it is not sent to Vercel, Upstash, Netlify, Resend, PostHog, or any other subprocessor. the entire Google Calendar integration runs locally between your device and Google's servers.

secure development practices

• the app is distributed as a signed and notarised macOS build and through the Apple App Store for iOS, providing integrity verification and tamper protection.
• dependencies are kept up to date and monitored for known vulnerabilities.
• OAuth client credentials are managed via the Google Cloud Console and are not embedded in client code in a way that grants backend privileges.
• source code is stored in private repositories with access restricted to the developer.

incident response

if we become aware of a security incident affecting Google user data or other personal data, we will: (1) investigate and contain the incident; (2) notify affected users without undue delay via the email address on file (where available) and a notice at miniti.app; and (3) where required, notify the relevant supervisory authority within 72 hours in accordance with GDPR Article 33. you can report suspected security issues by contacting us.

google calendar integration

miniti can optionally connect to your Google Calendar to display upcoming meetings, pre-fill meeting titles, and automatically start recording when a scheduled meeting begins. this integration requires your explicit consent via Google's OAuth consent screen and uses the calendar.readonly scope (read-only access).

what data is accessed

• event titles
• start and end times
• attendee names and email addresses
• meeting links (e.g. Google Meet, Zoom URLs)

miniti does not access: event descriptions beyond conferencing links, calendar ACLs, free/busy data for other users, contacts, Gmail, Drive, or any other Google service.

how the data is used

• showing your upcoming meetings in the app
• pre-filling the meeting title when you start a recording
• automatically starting recording when a scheduled meeting begins (if enabled)

Google user data is used only for these user-facing features. it is never used for advertising, sold, transferred, profiled, used to train AI/ML models, or used to determine creditworthiness or for lending purposes.

how the data is stored and protected

• calendar event data is fetched on demand and cached locally on your device within the app's sandboxed container, protected by the operating system's file-level encryption (FileVault on macOS, Data Protection on iOS).
• Google OAuth access and refresh tokens are stored in the Apple Keychain, which provides hardware-backed encryption and is gated by your device passcode, Touch ID, or Face ID.
• all communication with Google APIs is encrypted in transit using TLS 1.2 or higher (HTTPS).
• Google user data is never uploaded to miniti's servers and is never shared with any third party.

data sharing

miniti does not sell, rent, share, or transfer your Google Calendar data to any third party. calendar data is used solely within the app on your device for the purposes described above. it is not sent to Deepgram, OpenAI, Attio, Polar, Resend, PostHog, or any other subprocessor.

data retention and deletion

cached calendar data is refreshed on demand and is replaced or discarded as events change. when you disconnect Google Calendar from within miniti's Settings, or when you uninstall the app, all locally cached Google user data and all stored OAuth tokens are deleted from the device.

revoking access

you can disconnect Google Calendar at any time from Settings in the app. this removes the stored OAuth credentials and stops all calendar data access. you can also revoke miniti's access from your Google account permissions page at any time.

Google API Services User Data Policy / Limited Use

miniti's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. specifically:

• miniti uses Google user data only to provide or improve user-facing features that are prominent in the requesting application's user interface.
• miniti does not transfer Google user data to others unless necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with the user's explicit consent.
• miniti does not use or transfer Google user data for serving advertisements, including retargeted, personalised, or interest-based advertising.
• miniti does not allow humans to read Google user data unless we have the user's affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymised for internal operations. in miniti's current architecture, no humans can read Google user data because it never leaves the user's device.
• miniti does not use Google user data to develop, improve, or train generalised or non-personalised AI and/or ML models.

email collection and communications

when you request a download link on this website, your name and email are collected via netlify forms and sent via resend to deliver the download email. your email is also stored as a contact in resend so we can send you occasional product updates (such as new features, changelogs, and announcements).

by submitting the download form, you consent to receiving these communications. every email includes an unsubscribe link - you can opt out at any time with one click, and we will stop sending you updates immediately. you can also request full deletion of your contact data by contacting us.

we do not sell, rent, or share your email address with any third parties for their own marketing purposes.

what is sent to third parties

• audio is streamed to deepgram during recording for real-time transcription. it is not stored by miniti.
• transcript text is sent to openai when generating summaries and insights.
• meeting data can be sent to attio if you choose to use the CRM integration. this is user-initiated and only happens when you explicitly click "send to Attio."
• calendar data is read from Google Calendar if you connect your account. this data stays on your device - it is not sent to miniti's servers or any other third party.

these services process data under their own privacy policies.

managed mode and pro

if you use miniti in managed mode (free or pro), an anonymous device identifier is sent to our backend to track usage. this identifier is a random UUID - it is not tied to your name, email, or apple ID. no meeting content is sent to or stored on our backend.

pro subscriptions are handled by polar. if you upgrade to pro, your payment information is processed by polar - miniti never sees or stores your payment details. license keys for cross-device restore are managed through polar.

bring your own keys mode

if you provide your own deepgram and openai API keys, nothing leaves your device except direct API calls to those services. miniti has no backend involvement.

api keys

api keys you enter are stored locally on your device. they are never sent to miniti's servers.

analytics

the miniti app does not include any analytics or telemetry. the miniti website uses posthog for anonymous page analytics. posthog sets cookies to distinguish unique visitors and track page views. no personal data is collected.

no account required

miniti does not require you to create an account or sign in to use the free tier. if you subscribe to Pro, your email address is collected by polar to manage your subscription and license key.

data retention and deletion

meeting content (recordings, transcripts, summaries, action items) is retained locally on your device until you delete it from within the app or uninstall miniti. miniti does not impose any automatic retention period - you are in full control.

Google user data (calendar events and OAuth tokens) is retained only as long as you keep the Google Calendar integration connected. disconnecting the integration from Settings, revoking access via your Google account permissions page, or uninstalling the app removes all cached Google user data and tokens from your device. no copies exist on miniti's servers or anywhere else.

email contact data (name and email submitted via the download form) is retained in Resend until you unsubscribe or request deletion via support. we respond to deletion requests without undue delay and at the latest within 30 days.

anonymous device identifiers used in managed mode are retained for as long as the device uses miniti. you can request deletion by contacting us with your device ID.

to request deletion of any personal data we hold, contact us.

gdpr

miniti processes minimal personal data. the legal basis for processing is contract performance (providing the service you use), consent (product update emails when you submit the download form), and legitimate interest (anonymous usage tracking in managed mode).

since meeting content is stored locally on your device, you already have full control over your data. you can view, export, or delete your meetings at any time from within the app.

audio and transcript data sent to deepgram and openai may be transferred to servers in the united states. both providers maintain appropriate safeguards for international data transfers under their respective data processing agreements.

if you submitted your email for a download link, you can unsubscribe from product updates at any time via the link in any email, or request full deletion of your contact data by contacting us.

if you use managed mode, you can request deletion of your anonymous usage data by contacting us. since the device identifier is a random UUID not linked to your identity, we cannot associate it with you unless you tell us your device ID.

beta software

miniti is provided as beta software. features may change, break, or be removed without notice.

disclaimer

miniti is provided "as is" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. use it at your own risk.

limitation of liability

in no event shall miniti or its developer be liable for any indirect, incidental, special, or consequential damages arising from the use or inability to use the app, including but not limited to loss of data, lost recordings, or missed meeting content.

third-party services (subprocessors)

miniti uses the following third-party services. we are not responsible for their availability, accuracy, pricing, or data handling. your use of these services is subject to their respective terms.

• deepgram - real-time speech-to-text transcription and speaker identification
• openai - AI-generated summaries, action items, and meeting analysis
• google - calendar sync for upcoming meetings and auto-start (read-only, opt-in)
• attio - CRM integration (user-initiated, macOS only)
• polar - pro subscription payments and license key management
• vercel - backend API hosting for managed mode
• upstash - backend data storage (device usage tracking, subscription state)
• netlify - website hosting and form submissions
• resend - email delivery and contact management (download links, product update newsletters, unsubscribe handling)
• posthog - anonymous website analytics (EU instance, website only, not in the app)

recording consent

you are responsible for complying with all applicable laws when using miniti, including any laws regarding recording conversations. many jurisdictions require consent from all parties before recording. miniti does not provide legal advice on recording consent.

your content

you own your meeting recordings, transcripts, and any content generated by the app. miniti claims no rights to your data.

changes

we may update these terms at any time. continued use of miniti after changes constitutes acceptance.

copyright

© 2026 Ian Ahuja. all rights reserved.

miniti, the miniti name, and the miniti logo are the property of Ian Ahuja. you may not copy, modify, or distribute the app or its assets without permission.

---

questions or data requests? get in touch.