Privacy Policy

Vulcan Clerk was built with privacy as a founding principle. We collect only data strictly necessary to deliver the service, we never sell it, and you retain full control over your information at all times. This policy applies to users in Brazil, the European Union and the United States, observing the applicable regulations for each region.

• ·Account: name, corporate email and job title.
• ·Meetings: audio recordings, attached documents, transcripts and minutes, always restricted to your organization.
• ·Voice: voice pattern for automatic speaker identification, only with explicit and revocable consent. This feature is in development and will be offered as an opt-in.
• ·Usage: in-platform navigation logs, used exclusively for product improvement.

• ·Service delivery: agenda generation, meeting minutes and transcription.
• ·Product improvement: aggregated and anonymized usage pattern analysis, never applied to content of specific meetings nor to data obtained through Google APIs.
• ·Operational communications: meeting notifications, tasks and critical updates.
• ·Security: unauthorized access detection and action auditing.

Vulcan Clerk uses large language models provided by Anthropic PBC (Claude API) to generate agendas, summaries, minutes and task extractions from meeting content. The following safeguards apply:

• ·Client-captured meeting content (audio and transcripts) is sent to the Claude API under a Zero Data Retention agreement, which prevents Anthropic from logging, storing or using the content for model training. Data obtained through Google APIs (such as Calendar event metadata) is not sent to the Claude API or any AI provider.
• ·We do not use meeting content, transcripts, audio, or data obtained through Google APIs to train, fine-tune or improve any artificial intelligence or machine learning model, whether ours or any third party's.
• ·AI-generated output is an assistance tool. Users are responsible for reviewing and validating any output before relying on it in a business context.

Recording and transcription only occur after affirmative, unbundled consent has been collected from each meeting participant through the Vulcan Clerk participant confirmation page. Consent is recorded with timestamp, IP address, user agent, and the version of the policies in effect at the moment of acceptance. Participants can revoke consent for future meetings at any time through the link provided in their confirmation email or by contacting privacy@vulcanclerk.com. Detailed terms for meeting participants are available in the Participant Terms.

Your data is shared only with essential subprocessors listed above in the Google User Data section and the Artificial intelligence processing section. All subprocessors operate under confidentiality agreements and are not permitted to use your data for their own purposes. We never sell, transfer or share your data with third parties for commercial or advertising purposes.

Vulcan Clerk applies a multi-stage pseudonymization pipeline before content reaches AI processing. Participant identifiers are detached from meeting content at the ingestion stage, the AI provider receives content under Zero Data Retention terms, and re-identification occurs only at presentation time within the authorized organization's interface. This architecture is applied by default and requires no configuration.

• ·Legal basis: processing takes place based on data subject consent (art. 7, I), contract performance (art. 7, V) and legitimate interest for security and service improvement (art. 7, IX).
• ·Biometric data (Voice ID) is processed exclusively with specific and highlighted consent, pursuant to art. 11, I of the LGPD.
• ·Your rights (art. 18): access, correction, anonymization, portability, deletion, consent withdrawal, information on sharing and objection to processing.
• ·Data Protection Officer (DPO) available at dpo@vulcanclerk.com.
• ·Security incidents posing relevant risk to data subjects are reported to the ANPD and affected individuals within the authority-determined deadline.
• ·International data transfers occur to countries with an adequate level of protection or under standard contractual clauses, pursuant to art. 33 of the LGPD.

• ·Legal basis: consent (art. 6(1)(a)), contract performance (art. 6(1)(b)) and legitimate interest for security and fraud prevention (art. 6(1)(f)).
• ·Biometric data (Voice ID) is processed based on explicit consent pursuant to art. 9(2)(a) of the GDPR. A Data Protection Impact Assessment (DPIA) has been conducted for this processing.
• ·Your rights: access (art. 15), rectification (art. 16), erasure (art. 17), restriction (art. 18), portability (art. 20) and objection (art. 21).
• ·Incidents posing risk to data subjects are reported to the competent supervisory authority within 72 hours (art. 33).
• ·Data transfers outside the EEA are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission (art. 46).
• ·EU Representative available for requests: privacy@vulcanclerk.com.
• ·Records of processing activities are maintained pursuant to art. 30.

• ·Right to know: you may request what personal information we have collected, used, disclosed and sold in the last 12 months.
• ·Right to delete: you may request deletion of your personal information, subject to legal exceptions.
• ·Right to opt-out: Vulcan Clerk does not sell or share personal information with third parties for advertising purposes. No opt-out is needed, but you may confirm this practice by email.
• ·Sensitive data (biometric, Voice ID): you have the right to limit the use and disclosure of sensitive personal information.
• ·Biometric privacy laws (Illinois BIPA, Texas CUBI, Washington HB 1493): Voice ID processing, when offered, is governed by separate, specific and revocable written consent, collected before any biometric identifier is captured. Biometric identifiers are retained only for the duration of the contracted service and are destroyed within 30 days of account closure or consent revocation.
• ·Non-discrimination: exercising any privacy rights does not result in differential treatment, penalty or service reduction.
• ·We respond to verified data subject requests within 45 days, extendable by an additional 45 days with notice.
• ·Privacy requests: privacy@vulcanclerk.com.

Vulcan Clerk is not directed to children under 13 years of age and does not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided personal information to Vulcan Clerk, please contact privacy@vulcanclerk.com and we will take steps to delete the information. The service is not intended for use by any individual under 18, and our Terms of Use prohibit the processing of data from individuals under 18 through the platform.

• ·Access and correction: Settings, My Profile.
• ·Google account connection: Settings, Integrations, Google.
• ·Voice ID revocation: Settings, Voice ID (available when the feature launches).
• ·Portability: request a data export by email.
• ·Account deletion: request at privacy@vulcanclerk.com.
• ·Marketing opt-out: unsubscribe link in all emails.

Meeting data is retained for the contracted period. When you close your account, personal data is removed within 30 days. Encrypted backups are purged within 90 days. Audit logs required by law are kept for the applicable legal period in each jurisdiction. Data obtained through Google APIs follows the specific retention rules described in the Google User Data section above.

Traffic protected by TLS 1.3. Data at rest encrypted with AES-256. Database access controlled by Row-Level Security. Audit records for all sensitive actions. Periodic security reviews and incident management. Access to production systems is restricted to authorized personnel under multi-factor authentication and logged for audit.

Material changes to this policy will be communicated by email to registered users with at least 15 days advance notice, and re-consent will be requested where required by applicable law or by the Google API Services User Data Policy. The current version and date of last update are always displayed at the top of this page.

Privacy and data subject requests: privacy@vulcanclerk.com. Data Protection Officer (DPO): dpo@vulcanclerk.com. Legal matters: legal@vulcanclerk.com.