Protokol← Back

Privacy Policy

Last updated: 5 June 2026

In plain English: Protokol joins your meetings to record them, turn them into a transcript, and check your questions against what was said. We store that data securely, never sell it, share it only with the services needed to run Protokol, and delete it on request.

This Privacy Policy explains how Protokol (“we”, “us”) collects, uses, and protects personal data when you use the Protokol service at getprotokol.app (the “Service”). It applies to account holders and to people whose voice or information appears in meetings processed by the Service.

1. Who we are (data controller)

The data controller is Y. VERTA HOLDINGS LTD (Israeli company no. 516052958). Contact us at support@getprotokol.app.

2. What data we collect

  • Account data: your name, email address, and authentication details (via Google sign-in).
  • Calendar data: when you connect Google Calendar (or Microsoft Outlook), we use read-only access to your calendar events (Google scope calendar.events.readonly) to read upcoming events that contain a meeting link — specifically the event title, start time, meeting link, and attendee list — so our assistant can join at the right time. We do not read your calendar settings or sharing permissions, and we use this event data only to schedule and dispatch the meeting assistant.
  • Google Drive (optional filing): if you turn on Drive filing, we use the drive.file scope, which lets Protokol create and write only the files and folders it makes in your Drive (transcripts, summaries, compliance reports). It cannot see or access any other files in your Drive.
  • Meeting content: audio recordings of meetings our assistant attends, the transcripts generated from them, speaker labels, summaries, action items, and answers extracted against the question checklists you upload.
  • Your checklists/forms: the compliance or intake question lists you upload.
  • Billing data: your subscription plan and payment status. Card details are handled by our payment processor (Paddle), not by us.
  • Usage and technical data: log data needed to operate and secure the Service.

3. How we use your data

  • To join, record, transcribe, and summarise your meetings.
  • To check your uploaded questions against what was said and produce an answer sheet.
  • To draft and send follow-up recap emails and to file outputs to your connected Google Drive or webhook/CRM, when you enable those.
  • To provide, secure, support, and improve the Service, and to manage billing.

We do not sell your personal data, and we do not use your meeting content to train third-party AI models for purposes unrelated to delivering your results.

4. Legal bases (GDPR)

Where GDPR applies, we process data to perform our contract with you, on the basis of your consent (e.g. connecting a calendar, recording a meeting), to comply with legal obligations, and for our legitimate interests in operating and securing the Service.

5. Recording and consent

Our assistant joins meetings under a clearly visible name and posts a recording notice. You are responsible for ensuring that recording is lawful for your meetings and for obtaining any consent required in your jurisdiction from other participants.

6. Sub-processors

We share data only with the service providers needed to run Protokol:

See our full Data Processing Agreement for GDPR Article 28 terms and the complete sub-processor list.

ProviderPurpose
Google (Gemini AI, OAuth, Calendar, Drive)Transcription & analysis; sign-in; calendar reading; optional Drive filing
Microsoft (Graph)Outlook calendar reading; optional email sending
SupabaseDatabase, authentication, and encrypted file storage (EU region)
BrevoSending recap emails
PaddlePayment processing (Merchant of Record)
HetznerHosting the meeting-assistant servers (EU)
VercelHosting the web application

7. Google user data and Limited Use

Protokol’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We request the narrowest scopes our features need: calendar.events.readonly (to read upcoming events and dispatch the meeting assistant) and drive.file (to file outputs into folders Protokol creates). Sign-in uses only your basic profile (name and email).
  • Calendar event data is used only to detect upcoming meetings that have a join link and to schedule and dispatch the meeting assistant. It is never used for advertising, never sold, and shared only with the sub-processors needed to run the Service.
  • We do not use Google user data to develop, improve, or train generalised AI/ML models. Google user data is not transferred to others except as necessary to provide or improve the Service, to comply with applicable law, or in connection with a merger or acquisition where required (with notice to you).
  • Humans do not read your Google user data unless you give consent (for example, for support), where required for security or to comply with law, or where the data has been aggregated and anonymised.
  • You can disconnect Google Calendar or Google Drive at any time in Settings. Disconnecting revokes Protokol’s access and deletes the stored authorisation token.

8. International transfers

Our primary database and storage are hosted in the EU. Some sub-processors may process data outside your country under appropriate safeguards (such as Standard Contractual Clauses).

9. Retention and deletion

We retain meeting data for as long as your account is active or as needed to provide the Service. You can delete individual meetings at any time, and you can delete your entire account and all associated data yourself from Settings → Account & data. The same page lets you download a full export of your data (UK-GDPR Article 20). If you would rather we handled it for you, email support@getprotokol.app.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object or withdraw consent. To exercise these, contact us at support@getprotokol.app.

11. Security

We use encryption in transit and at rest, access controls, and row-level isolation between accounts. See our Security page for detail. No system is perfectly secure, but we work to protect your data and to notify you of material breaches as required by law.

12. Children

The Service is for business use and is not directed to children under 16.

13. Changes

We may update this policy; we will post the new version here with a revised date.

14. Contact

Questions? Email support@getprotokol.app or see our Contact page.

© 2026 Protokol. All rights reserved.