Privacy Policy

Introduction

Tuki ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tuki mobile application ("App").

We've designed Tuki with privacy in mind, ensuring that your meeting recordings and transcriptions remain private and secure. This policy outlines our practices regarding your data and the rights you have concerning that information.

Please read this Privacy Policy carefully. By downloading, accessing, or using Tuki, you acknowledge that you have read, understood, and agree to be bound by the terms described in this policy.

Information We Collect

We collect several types of information to provide, improve, and protect our services:

1. Information You Provide

Audio Recordings: When you use Tuki to record meetings, we collect the audio data you choose to record. This is the primary content that our service processes.

OpenAI API Key: If you choose to use your own OpenAI API key for transcription and summarization, we securely store this key on your device. This key is only transmitted to OpenAI's servers when processing your recordings.

User Settings: We collect and store your app preferences and settings to provide a customized experience.

2. Information Collected Automatically

Device Information: We collect information about your device, including the model, operating system version, unique device identifiers, network information, and general device settings relevant to providing our service.

Usage Data: We collect data about how you use the app, including features accessed, buttons clicked, settings chosen, and time spent using various functions. This helps us understand user behavior and improve the app's functionality.

Performance Data: We collect data on how the app performs, including crash reports, app launches, and other technical metrics to ensure stability and identify areas for improvement.

Analytics: We use analytics tools to collect aggregate data about user behavior, which helps us improve the app and develop new features. This data is anonymized and cannot be used to identify individual users.

How We Use Your Information

We use the information we collect for the following purposes:

• Provide Our Services: To process your meeting recordings, generate transcriptions and summaries, and deliver the core functionality of the Tuki app.
• Improve Our Services: To understand how users interact with our app, identify areas for improvement, fix bugs, and develop new features.
• Personalize Your Experience: To customize the app based on your preferences and usage patterns.
• Communicate With You: To respond to your inquiries, provide customer support, and send important notices about the app.
• Ensure Security: To protect our services and users from fraud, security threats, and abuse.
• Comply With Legal Obligations: To adhere to applicable laws, regulations, and legal processes.

How We Process Your Data

On-Device Processing: Whenever possible, we process your data directly on your device. This approach minimizes data transmission to external servers and enhances privacy.

Local Storage: Your recordings, transcriptions, and summaries are stored locally on your device by default. This gives you complete control over your data.

Cloud Processing: For transcription and summarization, we use OpenAI's services. During this process, your audio recordings are securely transmitted to OpenAI's servers, processed, and the results are returned to your device. We do not retain your audio data on our servers after processing.

Data Encryption: All data transmission between your device and any external services is encrypted using industry-standard TLS/SSL protocols. Your API keys are also encrypted when stored on your device.

Background Processing: Tuki includes background processing capabilities that allow processing to continue even when the app is not in the foreground. This processing follows the same security and privacy protocols as when the app is active.

Third-Party Services

Tuki integrates with certain third-party services to provide core functionality:

OpenAI

We use OpenAI's APIs for transcription (Whisper) and summarization (GPT-4.1). When you use these features, your audio recordings are processed by OpenAI's services. OpenAI's use of this data is governed by their Privacy Policy and Terms of Use.

Important notes regarding OpenAI processing:

• OpenAI may use content processed through their API to improve their services, unless you opt out (for custom API keys, this depends on your OpenAI account settings).
• Data sent to OpenAI is retained for a limited period as specified in their data retention policies.
• If you use your own OpenAI API key, your relationship with OpenAI is subject to the agreements you have with them.

Google Gemini

In some instances, we may use Google's Gemini API for transcription of your audio recordings. When these features are used, your audio data may be processed through Google's services. Google's use of this data is governed by their Privacy Policy and Terms of Service.

Important notes regarding Google Gemini processing:

• Google may use content processed through their API to improve their services, subject to their data usage policies.
• If you use your own Google API key, your relationship with Google is subject to the agreements you have with them.

Open Source Models

Tuki may utilize open source AI models such as TinyLlama for certain processing tasks and Whisper (the open source version) for transcription. The advantage of these models is that they can run locally on your device without sending data to external servers, enhancing your privacy. When using these open source models:

• Your data remains on your device and is not shared with third parties.
• Processing may be slower but provides enhanced privacy as compared to cloud-based alternatives.
• These models are governed by their respective open source licenses (typically MIT or Apache 2.0).

Analytics Providers

We use analytics services to collect anonymous usage data that helps us improve the app. These services may use cookies or similar technologies to track app usage. This information is processed in an aggregated and anonymized form and cannot be used to identify individual users.

Data Sharing and Disclosure

We take your privacy seriously and do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

• Service Providers: We share information with third-party vendors, consultants, and other service providers who need access to such information to carry out work on our behalf. These providers are bound by confidentiality obligations and are not permitted to use your personal information for any purpose other than providing services to us.
• Legal Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Protection of Rights: We may disclose your information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
• With Your Consent: We may share your information with other parties with your consent or at your direction.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Audio Recordings, Transcriptions, and Summaries: These are stored primarily on your device and are controlled by you. You can delete this content at any time through the app interface.
• Usage Data and Analytics: We retain anonymized usage data for analytical purposes for up to 24 months.
• Account Information: If you have created an account, we retain your account information until you request deletion of your account or after a prolonged period of inactivity.

Your Rights and Choices

We respect your privacy rights and provide you with reasonable access and control over your information. Depending on your location, you may have some or all of the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can request that we correct any inaccurate or incomplete personal information we hold about you.
• Deletion: You can delete your content at any time through the app interface. You can also request that we delete your personal information in certain circumstances.
• Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Objection: You can object to our processing of your personal data in certain circumstances.
• Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
• Withdrawal of Consent: If we process your data based on your consent, you can withdraw that consent at any time.

To exercise these rights or for any privacy-related concerns, please contact us at privacy@tukinotes.com.

Please note that some of these rights may be limited in some circumstances by applicable law, and we may need to verify your identity before fulfilling certain requests.

Children's Privacy

Our services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at privacy@tukinotes.com. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

Data Security

We implement industry-standard technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, use, and modification. These measures include:

• Encryption: We use encryption protocols (TLS/SSL) for data in transit and encryption for sensitive data at rest.
• Local Storage Priority: By prioritizing local device storage, your data remains primarily under your physical control.
• Secure Development Practices: We follow secure coding practices and regularly review our code for potential security vulnerabilities.
• Regular Security Assessments: We regularly assess our systems and practices to identify and address potential security risks.
• Limited Data Access: We restrict access to personal information to authorized personnel who need that access to perform their job functions.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any concerns about the security of your data, please contact us immediately at privacy@tukinotes.com.

International Data Transfers

Tuki is available worldwide, and your data may be transferred to, stored, and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from those in your country. By using our services, you consent to this transfer, storing, or processing. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and we ensure that any international data transfers comply with applicable data protection laws.

Lawful Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we will only process your personal data when we have a lawful basis for doing so under applicable law. The lawful bases we rely on include:

• Consent: When you have given us explicit consent to process your data for specific purposes, such as when you provide your OpenAI API key.
• Contract Performance: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, and these interests are not overridden by your interests or fundamental rights and freedoms. Our legitimate interests include improving, maintaining, and promoting our services.
• Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.

California Privacy Rights (CCPA/CPRA)

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information. In addition to the rights described elsewhere in this policy, California residents have the right to:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business purposes for which we collected or sold it, and the categories of third parties with whom we shared it.
• Right to Deletion: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale or Sharing: Direct us not to sell or share your personal information with third parties. (Note: Tuki does not currently sell or share personal information as defined by the CCPA/CPRA).
• Right to Limit Use of Sensitive Personal Information: Direct us to limit our use of your sensitive personal information. (Note: Tuki processes sensitive personal information only for purposes that do not require this right).
• Right to Non-Discrimination: Not be discriminated against for exercising your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us using the information in the "Contact Us" section. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information.

Cookie Policy and Tracking Technologies

While Tuki primarily operates as a mobile application that doesn't use traditional web cookies, we do use similar technologies within our services and on our website:

• Mobile Identifiers: We may collect device identifiers that serve similar functions to cookies on mobile applications.
• Analytics Tools: We use analytics services that may employ tracking technologies to collect information about your use of our app and website. This helps us understand user behavior and improve our services.
• Local Storage: Our app stores data locally on your device to provide core functionality and improve performance.

You can control or reset mobile identifiers through your device settings. For website cookies, most web browsers allow some control through browser settings. You can typically find these settings in the "options" or "preferences" menu of your browser.

Additional Rights for Other Jurisdictions

Depending on your place of residence, you may have additional rights under local laws. These include but are not limited to:

• Australia: Right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
• Canada: Rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws.
• Brazil: Rights under the General Data Protection Law (LGPD), including the right to confirm and access personal data.
• South Korea: Rights under the Personal Information Protection Act (PIPA), including the right to access and to request suspension of processing.
• Japan: Rights under the Act on the Protection of Personal Information (APPI), including the right to disclosure and correction.

Contact us using the information provided at the end of this policy to exercise any applicable rights.

Data Breach Notification

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we will take action consistent with our obligations under applicable law. This may include notifying you and appropriate authorities of the breach in accordance with data protection laws.

Legal Basis and Dispute Resolution

This Privacy Policy is governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law principles. Any dispute arising out of or relating to this policy will first be addressed through informal negotiation. If the dispute cannot be resolved through negotiation, it shall be subject to binding arbitration in accordance with the rules of the American Arbitration Association.

For users located in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with a supervisory authority in the country where you reside, work, or where the alleged infringement of data protection laws occurred.

Nothing in this policy limits your right to file complaints with regulatory data protection authorities pursuant to applicable law.

Automated Decision Making

Tuki does not engage in fully automated decision-making, including profiling, that has legal or similarly significant effects on users. While we use algorithms to process and analyze meeting content for transcription and summarization purposes, these processes are designed to enhance your experience rather than make decisions about you.

Definitions

For clarity in understanding this Privacy Policy, we provide these definitions:

• Personal Data/Information: Any information relating to an identified or identifiable natural person ('data subject').
• Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, or erasure.
• Data Controller: The entity that determines the purposes and means of processing personal data. For purposes of this policy, Tuki is the data controller for your personal data.
• Data Processor: An entity that processes personal data on behalf of the data controller. Our service providers, such as OpenAI, act as data processors.
• Third Party: A person or entity other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process personal data.
• Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we make changes, we will update the "Last Updated" date at the bottom of this policy and, in the case of material changes, we will provide a more prominent notice or obtain your consent as required by law.

We encourage you to periodically review this Privacy Policy to stay informed about our data practices. Your continued use of Tuki after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or feedback about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@tukinotes.com

We are committed to working with you to resolve any complaints or concerns you may have about our use of your information.