Last modified: March 2024

1. Introduction

Sembly AI, Inc. (“Sembly AI,” or “we,” “our,” or “us”) respects your privacy, and we are committed to protecting it through our compliance with this policy (“Privacy Policy”). This Privacy Policy describes the types of information we may collect through the Sembly AI online software and related services provided by Sembly as a Software-as-a-Service (the “Service”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

If you are registering to use the Service on behalf of your employer, company or organization (the “Organization”), you represent and warrant that you have the authority to accept this Privacy Policy on behalf of the Organization. If you (and your Organization, if applicable) do not agree to our Privacy Policy, please do not use the Service. The term “you”, “your”, etc. refers to both you as an individual user and your Organization (where applicable).

Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using our Service, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Service after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

2. Children Under the Age of 16

Our Service is not intended for children under 16 years of age. No one under age 16 may provide any information to or through the Service. We do not knowingly collect Personal Data from children under 16. If you are under 16, do not use or provide any information on our Service or on or through any of their features, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that This Privacy Policy describes how Sembly AI collects and uses Personal Data about you through the use of our Service and through email, text, and other electronic communications between you and Sembly AI. If you believe we might have any information from a child under 16, please contact us support@sembly.ai.

3. Information We Collect About You and How We Collect It

When you register to use our Service (“Registered User”) we collect certain information from you in order to provide the Service, such as your name, email address, and credit card billing details, including your billing address (“Personal Data”). We may also collect information through automated means that is about you but individually does not directly identify you, such your IP address and information from cookies.

The Service is used to record and analyze online meetings, conference calls and conversations (“Online Meetings”), and provide recordings (“Recordings”) and transcripts (“Transcripts”) of Online Meetings, as well as summaries, digests, data analytics and other reports relating to Online Meetings(collectively, “Reports”). Because Communications and discussions during Online Meetings can include Personal Data,the Recordings, Transcripts and Reports may likewise include Personal Data. You (or your Organization, as applicable) own all Recordings, Transcripts and Reports, and all data contained therein, including Personal Data (subject, however, to data ownership and other rights of individuals about which the Personal Data relates).

For customers who choose not to opt-out, we want to assure you that any content we use to improve our services undergoes a rigorous process of anonymization. All personally identifiable information (PII) is redacted to ensure your privacy and security.

We do not and can not control the actions of other users of the Service and your participants in Online Meetings. Therefore, although we use reasonable and appropriate data security measures in connection with the Service, you are responsible for the conduct of all users and participants of your Online Meetings.

Cookies. We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Service through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Service. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Service.

4. How We Use Your Information

At Sembly AI, we genuinely care about your data and your privacy. Here's how we ensure your trust in us: Your Data, Your Control:

• You own and control your data. We use your Personal Data primarily to provide the services you've requested, and our models/third-party models we use don’t learn from your usage.

• Beyond providing services, we don't use your data unless absolutely necessary for compliance, legal processes, or service improvements.

• You always have the option to opt out. If you prefer we don't use even your anonymized data, just let us know.

Our Internal Use:

• We use the information we collect about you, including Personal Data, to provide our Service and its contents, fulfill your requests, and enforce our rights arising from contracts.

• We might use data internally, but only in its anonymized form. This means we remove all personal details, ensuring it can't be traced back to you.

• We have the right to use aggregated and de-identified data for our business purposes. However, we ensure it doesn't disclose any personal or confidential information.

Sharing & Transparency:

• Transparency: We're committed to transparency. We won'tshare your data with anyone without giving you a heads-up.

• Security: We maintain comprehensive compliance measures including SOC 2 audits. Data encryption is in place at rest (AES-256) and in transit (TLS 1.2+).

• If we ever create products or reportsfrom de-identified data, we make sure it remains anonymous and respects your privacy.

Your Rights & Choices:

• You own your data. If you ever want to know how it's used, or if you want to remove it from our systems, just ask.

• We're always here to answer any questions about your data. Your peace of mind is paramount to us.

At Sembly AI, your privacy is our priority. We're committed to being transparent,responsible, and always putting you first.

We strictly adhere to the Google API Services User Data Policy, including the Limited Use requirements, when handling information received through Google APIs. This commitment ensures that user data is utilized solely within the boundaries necessary for delivering and improving the services explicitly requested by our users. Importantly, we affirm that no data obtained from Google Workspace APIs is used to develop, improve, or train generalized artificial intelligence (AI) and machine learning (ML) models. Our practices are aligned with Google's stance on safeguarding user data, ensuring that it is neither shared nor employed outside the permitted scope of these stringent requirements. For comprehensive details on our adherence to these principles, you are encouraged to review the Google API Services User Data Policy.

5. Sharing of Data with Subprocessors

We use subprocessors as part of our technology platform. All our subprocessors are vetted for security certification, General Data Protection Regulation (GDPR) compliance, data retention, and follow-on use of data and ensuring that your data is protected to the highest standards. Communications between Sembly AI and subprocessors' APIs are always encrypted.

Details about used services are available in our third-party providers page.

We only share data that is required to deliver our services. This is in line with our commitment to respecting your privacy and ensuring the highest level of data protection. By using our products, you agree to have some of your data shared with the subprocessors as detailed in this policy and adjoining documents.

6. How long we keep your personal information

We retain information as long as it is necessary to provide the Services to you and our Clients, subject to any legal obligations to further retain such information.

We may also retain information to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service and take other actions permitted by law.

The information we retain will be handled in accordance with this Privacy Policy. Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Sembly AI such as statistics of the use of the Services.

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, as described in “How We Use Your Information” above, we may disclose aggregated de-identified information about you, your Online Meeting users and participants, and other individuals that may be discussed during Online Meetings, information that does not identify you, Online Meeting users or participants, or the applicable individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this Privacy Policy:

• To affiliates, contractors, service providers, and other third parties we use to support our business and our Service (e.g., data storage, data processing, payment processing, etc.).

• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Sembly AI about our Service users are among the assetstransferred.

• To fulfill the purpose for which you provide it.

• For any other purpose disclosed by us when you provide the information. And,

• With your consent.

We may also disclose your Personal Data:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

• To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes. And,

• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Sembly AI, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

7. Your Rights and Choices Regarding Your Information and Accessing and Correcting Your Information

We provide the same suite of Services to all of our Clients and End-Users worldwide. We offer the following rights to all individuals regardless of their location or applicable privacy regulations.

For personal information we have about you, you can:

• Opt out from model training

  You have the right to opt out from Sembly AI including any content from your workspace for AI model training.

• Delete any content
  • User Control:
    • Users have the ability to delete their audio, video, and the entire meeting content.
    • Account deletion by the user results in the removal of all associated meetings, including audio, video, and texts.
  • Automated Deletion Rules:
    • Users can set up rules to automatically delete their meeting content after a specified period.
  • Data Retention in Backups:
    • When a meeting is deleted, it is removed from the production system.
    • Deleted meeting content can be stored in backups for up to 180 days.
  • Immediate Data Deletion Request:
    • Users who want their data immediately removed from the platform can contact the support team for assistance.

The inclusion of automated deletion rules and a clear process for immediate data deletion requests demonstrates a commitment to user privacy and data management. It's important for users to be aware of these options and for the support team to handle deletion requests promptly and securely. When meeting was deleted, that means, that meeting was deleted from production system and can be stored up to 180 days in our backups. If you want to request to immediately delete all your data from our platform, please contact our support team.

• Access your personal information or request a copy.

  You have the right to obtain information about what personal information we process about you or to obtain a copy of your personal information. If you have provided personal information to us, you may contact usto obtain an outline of what information we have about you or a copy of the information. If you are an End User of the Application, you can log in to see the personal information in the account or approach your employer for more information.

• You have the right to be notified of what personal information we collect about you and how we use it, disclose it and protect it.

  This Privacy Policy describes what personal information we collect and our privacy practices. We may also have additional privacy notices and statements available to you atthe point of providing information to us directly. Change or correct your personal information. You have the right to update/correct your personal information or ask usto do it on your behalf.

• Delete or erase your personal information.

  You have the right to request deletion of your personal information at any time. We will communicate back to you within reasonable timelines the result of your request. We may not be able to delete or erase your personal information, but we will inform you of these reasons and any further actions available to you.

• Object to the processing of your personal information

  You have the right to object to our processing of your personal information for direct marketing purposes. This means that we will stop using your personal information for these purposes.

• Ask us to restrict the processing of your personal information

  You may have the right to ask usto limit the way that we use your personal information.

• Export your personal data.

  You have the right to request that we export to you in a machine-readable format all the personal information we have about you. We do not process personal information using automated means

You also have the right to lodge a complaint with the local organizations in charge with enforcing the privacy legislation applicable in your territory.

Please Contact Us if you have any questions or concerns about our collection or use of your Personal Data. You can access and modify certain Personal Data we have about you through our Manage Profile section of our web application (webapp.sembly.ai) or you can Contact Us by email or as indicated below. Please notify us of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to cancel your account. We may not be able to delete certain Personal Data if we believe it would violate any law or legal requirement or cause the information to be incorrect.

8. Data Security

We have implemented reasonable and appropriate data security measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.

We use a variety of physical, administrative, and technical safeguards designed to help protect it from unauthorized access, use and disclosure. We have implemented best-practice standards and controls in compliance with internationally recognized security frameworks. We use encryption technologies to protect data at rest and in transit.

The safety and security of your information also depends on you. Where you have chosen a password for the use of our Service, you are responsible for keeping this password confidential. You should not share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Service. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service, or in your operating system. Legal disclosures

It is possible that we may need to disclose personal information when required by law,subpoena, or other legal processes as identified in the applicable legislation.

We attempt to notify our clients aboutlegal demandsfortheir personal data when appropriate in our judgment unless prohibited by law or court order or when the request is an emergency.

9. Data Privacy Framework Principles

Sembly AI complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), as set forth by the U.S. Department of Commerce. Sembly AI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

How we obtain Personal Information: We obtain and Process Personal Information from the European Union (“EU”) in different capacities:

• As a data controller, we collect and Process EU Personal Information directly from individuals, either via our publicly available website https://sembly.ai, or through our mobile applications, or in connection with our customer relationships.

Sembly Ai commits all Personal Information received from the EU in reliance on the EU-U.S. Data Privacy Framework (EU-U.S. DPF)

9.1. Notice. Our Privacy Policy, along with this Notice, outlines how we handle privacy. In our role as a Data Processor for our services, it is our clients who decide on the types of Personal Information we handle and why we process it. Thus, it falls to our clients to inform individuals about these practices.

9.2. Data Integrity and Purpose Limitation. Sembly AI may process any Personal Information we collect in accordance with the objectives stated in our Policy or as otherwise communicated to you. We commit not to use Personal Information in ways that diverge from these stated purposes without obtaining your subsequent consent. We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with Sembly Ai up to date and may contact Sembly AI as indicated below or in the Policy to request that their Personal Information be updated or corrected.

We will adhere to the DPF Principles for as long as we retain the Personal Information collected under DPF Principles. When providing our Services as a data processor, we process and retain Personal Information as necessary to provide our Services as permitted in our agreements, or as required or permitted under applicable law.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

9.3. Accountability for Onward Transfer of Personal Information. Sembly AI may transfer Personal Information as outlined in our Policy regarding subprocessors. In our role as a data processor for our services, we disclose Personal Information in line with our customer agreements. We are accountable for ensuring that Personal Information we receive and subsequently transfer to third parties adheres to the DPF Principles. If a third party, acting as an agent, processes this information inconsistently with the DPF Principles, we are responsible unless we demonstrate that the cause of the damage was not our fault. We will provide an individual opt-out choice, or opt-in for sensitive data that is not part of meeting or audio recording content, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to support@sembly.ai.

9.4. Security. Sembly AI implements appropriate and necessary measures, considering the processing risks and the sensitivity of Personal Information, to safeguard Personal Information against unauthorized access, disclosure, alteration, destruction, loss, or misuse

9.5. Access and Choice. If Sembly AI plans to apply your Personal Information to new purposes significantly different from initial collection or consent, or to share it with a new subprocessor, we will give you a chance to decline such use/disclosure for non-sensitive data or consent for sensitive data.

You can access, rectify, or request deletion of your Personal Information if it's wrong or misused according to the DPF Principles, by contacting us as directed below. We may restrict information access based on DPF Principles.

9.6. Recourse, Enforcement and Liability. Annually, we review our Personal Information procedures to ensure our practices are accurately represented and in place. For inquiries or concerns, please contact us for investigation and resolution according to the DPF Principles. Unresolved issues can be reported to our designated alternative dispute resolution provider, accessible at no cost via https://bbbprograms.org/programs/all-programs/dpf-consumers. In cases where complaints are not resolved by other means, binding arbitration may be an option under the DPF Principles. See https://www.dataprivacyframework.gov/s/article/ANNEX-Iintroduction-dpf

The U.S. Federal Trade Commission has oversight and enforcement authority over Sembly AI.

10. Changes to Our Privacy Policy

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Service’s home page. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Service’s home page. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and reviewing this Privacy Policy to check for any changes.

11. Contact Information

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact” page on our Service.