June Logo

Privacy Policy

Your privacy is fundamental to how we build June. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have regarding your data. This policy applies to our website, account portal, and the June AI meeting assistant application.

June integrates with your workflow to automatically transcribe, summarize, and extract action items from your meetings. We request access to your Google user data (such as Google Calendar and Google Meet) solely to join your scheduled meetings, identify participants, and provide you with seamless, automated meeting notes.

1. Information We Collect

1.1 Account Information

  • Identity Data: Name, email address, profile photo (optional), job title, and language preferences.
  • Authentication Data: Passkey public keys (WebAuthn), session tokens, sign-in timestamps, and device identifiers. We never store private keys or passwords.
  • Organization Data: Company name, team membership, and role information when you join or create an organization.

1.2 Billing Information

  • Payment processing is handled by Stripe. We store only your Stripe customer ID, subscription status, and billing history references. We never store full credit card numbers.
  • Transaction records including products purchased, prices, and payment timestamps.

1.3 Meeting Content (User-Controlled)

  • Recording and Transcription: Off by default. When enabled by you, audio recordings and transcriptions are processed to provide meeting summaries, action items, and the conversation graph.
  • Local-First Processing: Where possible, audio processing occurs on your device. When cloud processing is required, data is encrypted in transit and at rest.
  • Super-Privacy Mode: For sensitive conversations, this mode processes all data in memory with no persistent storage. Transcripts, summaries, and derived artifacts are never saved.

1.4 Usage and Analytics Data

  • Product Telemetry: Feature usage patterns, performance metrics, and error reports to improve reliability. We minimize PII collection and redact sensitive data.
  • Device Information: Browser type, operating system, screen resolution, and general location (country/region level only).
  • Cookies: Essential cookies for authentication and optional analytics cookies. See our Cookie Policy for details.

1.5 Google User Data

  • Information Collected: If you choose to connect your Google account, June accesses and collects specific Google user data, such as your Google Calendar events (meeting titles, times, and descriptions) and your basic Google profile information (name and email address). The data we collect about you is strictly limited to what you have authorized us to access via Google's OAuth consent screen.

2. How We Use Your Data

  • Google User Data: We will use your Google user data (such as Google Calendar events) exclusively to provide you with the services you requested, specifically to automatically identify your upcoming meetings, join scheduled Google Meets on your behalf, and provide automated meeting transcripts and summaries. We do not use Google user data for targeted advertising, selling to data brokers, or any other purposes aside from providing and improving your application's functionality. We explicitly do not use Google user data for training generalized AI models.
  • Service Delivery: Authenticate your identity, manage your account, process subscriptions, and deliver meeting assistance features.
  • Product Improvement: Analyze aggregate usage patterns to improve features, fix bugs, and optimize performance. Individual meeting content is never used for training AI models without explicit consent.
  • Communication: Send transactional emails (magic links, billing receipts), security alerts, and product updates. Marketing communications require separate opt-in.
  • Security: Detect and prevent fraud, abuse, and unauthorized access. Maintain audit logs for compliance and incident response.
  • Legal Compliance: Meet legal obligations, respond to lawful requests, and enforce our Terms of Service.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under these legal bases:

  • Contract Performance: Processing necessary to provide the service you signed up for.
  • Legitimate Interests: Product improvement, security, and fraud prevention, balanced against your privacy rights.
  • Consent: For optional features like analytics cookies and marketing communications. You can withdraw consent at any time.
  • Legal Obligation: When required by law or to protect legal rights.

4. Data Sharing and Processors

We share data only as necessary to operate the service:

  • Stripe: Payment processing and subscription management.
  • Cloudflare: Edge compute, content delivery, DDoS protection, and regional data storage.
  • AWS SES: Email delivery for magic links, notifications, and transactional messages.
  • AI Model Providers: When cloud-based AI processing is used, data is sent to our contracted providers under strict data processing agreements. We use providers that do not train on customer data.

We do not sell your personal information, including Google user data. We do not transfer or disclose your Google user data to third parties for any reasons other than providing or improving our application's core functionality (e.g., we do not transfer data for targeted advertising, selling to data brokers, etc.). We share data with processors only under appropriate data processing agreements that ensure equivalent protection.

5. Data Security

  • Encryption: All data, including sensitive Google user data (such as calendar events and authorization tokens), is encrypted in transit (TLS 1.3) and at rest (AES-256). Meeting content can be end-to-end encrypted with keys derived from your passkey. Security procedures are in place to ensure your Google user data is protected against unauthorized access.
  • Authentication: We support phishing-resistant passkeys (WebAuthn) as the primary authentication method. Magic links provide passwordless fallback.
  • Access Controls: Strict role-based access within our organization. Audit logs track all data access.
  • Local-First Architecture: Sensitive processing happens on your device whenever possible, minimizing cloud exposure.

6. Data Residency and Retention

  • Regional Storage: We use Cloudflare's regional services to store data in your chosen region (Americas, Europe, or Asia-Pacific) to minimize latency and meet compliance requirements.
  • Retention Periods:
    • Account and Google User Data: We store your personal information and Google user data for the duration your account is active. All data, including connected Google account tokens and synced calendar events, is permanently deleted within 30 days of account closure. You may request for your data to be deleted at any time by contacting us or managing your integrations in the account portal.
    • Meeting content: Configurable retention from 7 days to indefinite. Super-Privacy Mode retains nothing.
    • Billing records: Retained for 7 years for tax and legal compliance.
    • Security logs: Retained for 90 days for incident response.

7. International Data Transfers

When data is transferred outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on adequacy decisions where available. Our processors maintain equivalent safeguards.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data via your account settings.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Limit how we process your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Revoke consent for optional processing at any time.

To exercise these rights, visit your account settings or contact us at privacy@junemeetings.com. We will respond within 30 days.

9. Children's Privacy

June is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

  • Right to know what personal information is collected and how it is used.
  • Right to delete personal information.
  • Right to opt-out of the sale or sharing of personal information (we do not sell your data).
  • Right to non-discrimination for exercising privacy rights.
  • Right to correct inaccurate personal information.
  • Right to limit use of sensitive personal information.

11. Changes to This Policy

We may update this Privacy Policy as our product evolves or laws change. Material changes will be communicated via email or in-app notification, and the "Last updated" date will reflect the revision.

12. Contact Us

For privacy questions or concerns, contact our Data Protection team:

EEA/UK users may also lodge a complaint with their local supervisory authority.

This privacy policy describes product behavior and data practices. For binding legal terms, see our Terms of Service.