Privacy Policy

1. What data do we collect?

We are committed to providing you with an exceptional service while respecting your privacy. To achieve this, we strive to collect only the personal data that is necessary to deliver and improve our Services.

"Personal data" means any information that can be used to identify you, directly or indirectly. We collect this data when you interact with us, such as when you create an account, pair your Device, or use the App's features. The data we collect is detailed below:

Information You Directly Provide or Create

• Account Information: Email address, encrypted password, nickname, avatar, country/region, industry, profession, role, and account ID.
• Subscription and Payment Information: Subscription type, order details (such as order number, amount, and payment status), and purchase history. Please note, we do not directly collect or store your sensitive payment details (like credit card numbers); this is handled securely by our third-party payment partners.
• Contact Information: Name, email address, phone number, and mailing address.
• Your Content: Content you choose to upload, provide, or create through the Services. This may include audio files, photos, documents, email content or messages you choose to share with the Services, text prompts, and other materials, as well as associated metadata (e.g., file names, timestamps).
• AI-Processed and Generated Content: Outputs produced at your request when you use AI-powered features, such as transcriptions, summaries, answers, analysis, or other generated content, and associated metadata.
• Extracted or Structured Information: Information we may extract from your content to provide the Services (for example, key points, meeting-related details, or other structured fields), including text extracted from images or scanned documents where applicable.
• Speaker Labeling Data: Information generated within a recording to distinguish different speakers, speaker labels you assign, and labels associated with your own voice.
• Sharing and Access Data: If you choose to share content with others, we process information necessary to enable sharing and access controls, such as sharing settings, link or access identifiers, recipient information (for private sharing), and related metadata (e.g., creation time, expiration, and revocation status).
• Inferences and Personalization Data: Information we generate or organize based on your interactions or content to personalize the Services, such as saved preferences, memory items you choose to add or that are created based on your use, and profile descriptions or summaries (where applicable).
• Support and Feedback Information: Order number, issue details (type, description, device involved), communication records (chat logs, emails, call recordings), and any supporting files you provide (pictures, videos).
• Device Setup Information: Wi-Fi name and password, Bluetooth name.
• Contract Information: Records of your consent to our policies and terms (e.g., version number, timestamp).

Information We Collect Automatically

• Device & App Information: Plaud Device serial number, model, and firmware version; your mobile device's brand, operating system, unique device identifier, and version, or your computer's operating system and version.
• Usage & Performance Data: Operational logs (e.g., clicks, feature usage, timestamps), diagnostic and performance data (e.g., system events, crash reports), and paired device status (e.g., battery level, network connectivity).
• Cookie Information: Data collected via cookies and similar technologies when you use our web services. For more information, see Cookie Policy.

2. How do we use your data?

Legal Bases for Processing

We process your personal data only when we have a valid legal basis to do so. Depending on the specific context, our processing activities are based on one or more of the following legal grounds:

• Contract Necessity: Processing is necessary to provide the Services you request, including recording, transcription, summarization, account management, and device functionality.
• Your Consent: Certain optional features are enabled only with your explicit consent, which you may withdraw at any time through the App settings.
• Legitimate Interests: Processing is necessary to improve the quality, security, and functionality of our Services, provided that such interests are not overridden by your rights and interests.
• Legal Obligations: Processing is necessary to comply with applicable laws and lawful requests from authorities.

Processing Purposes

• Core Services and AI-Powered Features We process your personal data to provide and operate the Services and AI-powered features you use, including device recording, content management, AI-based processing, and cross-platform access. This includes all functionalities that are necessary or incidental to providing the Services you choose to use, whether available now or introduced in the future. Our Services include a cloud synchronization feature that allows you to store recordings, transcriptions, summaries, and related content in your Private Cloud so that you can access and manage them across supported devices and platforms. For the Web App and Desktop App, cloud synchronization is required in order to provide the Services, because these platforms rely on cloud storage and processing to function. The Desktop App allows you to create recordings and make them available across your devices by uploading them to your Private Cloud after recording ends. The Desktop App may also offer an automatic recording feature, which can detect system-level signals on your device (for example, whether a supported meeting application is running) to start recording. This detection operates on your device and does not access or analyze meeting content. We also process your Content to provide AI-powered features available within the Services. These features may include transcription, summaries, reasoning, analysis, and other AI-generated outputs requested by you as part of the Services. Certain features operate only based on your choices, settings, or specific requests, such as, but not limited to, speaker labeling, memory-related functionality, and Personal AI Cognitive Aide features.
• Account Management and Communications We use your Account Information and Contact Information to create and manage your account, authenticate access, process subscriptions, and communicate with you about essential service-related matters.
• Marketing and Advertising We may use certain identifiers (such as hashed email addresses) to support our marketing and advertising, including measurement, attribution, personalization, and suppression. You can opt out of this processing as described in Section 6 and Section 8.
• Security, Stability, and Service Improvement We process Device & App Information and Usage & Performance Data to ensure the security, stability, and reliability of the Services, detect abnormal activity, prevent fraud, and improve performance. We may also offer an optional user experience improvement program, which operates only with your explicit consent. Participation in this program allows us to use anonymized or aggregated data for service improvement and quality analysis.
• Legal and Regulatory Compliance We may process personal data as necessary to comply with applicable laws, regulations, or lawful requests from public or governmental authorities.

Our Commitment Regarding Your Content and AI

We want to be perfectly clear about how we handle your most sensitive data: We will never use your Content (such as your audio files, photos, or text) to train, optimize, or develop our own or any third-party artificial intelligence (AI) or machine learning models unless we have obtained your explicit and informed consent in advance. We share certain content you submit to AI features with our LLM service providers solely to perform the requested task. Our agreements require that such data is not used to train their models and is retained only for a limited period as necessary to provide the service and meet security and compliance requirements.

3. How do we retain and protect your data?

Your personal data is processed and stored on secure servers in the region corresponding to your location (see Section 5 for details). We retain your data only for as long as it is necessary to fulfill the purposes described in this Policy, primarily to provide you with our Services. Most of your data is associated with your account and is kept for as long as your account remains active. When you deactivate your account, we will take steps to delete or anonymize this data in accordance with applicable laws. We are committed to protecting your data and have implemented a range of appropriate technical and organizational security measures designed to safeguard it against unauthorized access, use, alteration, or disclosure. These measures are regularly reviewed and updated to adapt to new threats and best practices. Protecting your data is a shared responsibility. Your role is also crucial. We strongly encourage you to use a unique and complex password for your account and to keep it confidential. If you ever suspect your account's security has been compromised, please contact us immediately. While we take all reasonable measures to secure your information, please be aware that no internet transmission is ever 100% secure. Any data you send to our services is therefore at your own risk.

4. Who do we disclose your data to?

We do not sell your personal data. However, in limited circumstances and for specific purposes, we may disclose your data to the following parties:

With Our Service Providers and Affiliates

We work with trusted third-party service providers and our corporate affiliates to help us operate, provide, and improve our Services. For example, we use them for services like cloud hosting, customer support, and payment processing. These partners only receive the data necessary to perform their tasks and are contractually obligated to protect your information and use it only for the purposes we specify.

At Your Direction

Certain features allow you to share your content with others. When you choose to share, the recipients you authorize (or anyone with the link, if you choose public sharing) may access the content you share. You are in control of whom you share with and the access you grant.

For Legal Compliance and Safety

We may be required to disclose your personal data to comply with applicable laws, or in response to a valid legal process, such as a court order, subpoena, or a request from a public or governmental authority. We may also disclose data when we believe in good faith that it is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.

In Connection with a Business Transfer

If Plaud is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be shared or transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

5. Where do we transfer your data?

We operate servers in the United States, Germany, Japan, and Singapore. Depending on your location, your personal data is stored in the data center that corresponds to your region. Due to the global nature of our operations, our affiliates and service providers may also access your data from other countries only to the extent necessary for providing and operating the services described in this Policy. We understand that data protection laws vary between countries. To ensure an adequate level of protection when we transfer your data internationally, we rely on legally-recognized safeguards. These may include, for example, implementing approved contractual clauses (such as the Standard Contractual Clauses for Europe) or transferring to countries deemed to provide adequate protection by relevant authorities.

6. What are your rights and choices?

We believe you should be in control of your personal data. Depending on your location, you have certain rights regarding the information we hold about you. We have made it easy for you to exercise many of these rights directly within the App. For instance, you can access and correct your account information through your profile settings in our App. You can also delete your entire account and associated data through the same menu, or unbind and reset a specific device to delete its linked data. You can also delete individual files within the App, delete your entire account and associated data through the same menu, or unbind and reset a specific device to remove its linked data. You may also have other rights under applicable law, such as the right to data portability, the right to withdraw consent, or the right to object to or restrict certain types of data processing. To exercise these rights, or for any request you cannot complete within the App, please contact us using the details in Section 11. Please note that the specific rights available to you can vary by region. We have provided additional details for California residents in Section 8. When you submit a request, we will need to verify your identity before we can proceed and will respond in accordance with applicable data protection laws. You also have the right to lodge a complaint with your local data protection authority.

7. How do we protect minors?

Our Services are not intended for or directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you do not meet the legal age requirement for using our Services in your country (which may be higher than 13 in some jurisdictions), please do not use our Services or provide us with any personal data. If we become aware that we have collected personal data from a child without verifiable parental consent, we will take steps to remove that data from our systems. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us using the details in Section 11, so we can take appropriate action.

8. What are your rights as a United States resident?

California

If you are a California resident, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (CCPA) provides you with the rights listed below regarding your personal data. These rights are subject to certain exceptions and limitations under the law. We do not sell your personal data for monetary consideration. However, the CCPA defines "selling" and "sharing" broadly, and our use of certain analytics or advertising cookies may be considered "sharing".

Your California Privacy Rights

• Right to Know: You have the right to request information about what personal data we have collected, used, and disclosed about you.
• Right to Correct: You have the right to request that we correct inaccurate personal data we hold about you.
• Right to Delete: You have the right to request that we delete your personal data, subject to certain legal exceptions.
• Right to Opt-Out of Sale / Sharing: You have the right to direct us not to 'share' your personal data. As we use certain analytics and performance cookies and may share certain identifiers (such as hashed email addresses) with advertising platforms, this activity may be considered "sharing" under the CCPA. You can exercise your right to opt out by enabling the Global Privacy Control (GPC) signal in your browser, or by contacting us.
• Right to Limit Use of Sensitive Personal Data: You have the right to request that we limit the use of your sensitive personal data. However, please note that this right is subject to certain exceptions under the law. For example, your account password is considered sensitive data. We use it only for essential purposes, such as to authenticate your access, maintain the security and integrity of your account, and enable core features of the Services. Because these uses are necessary to provide the service you have requested, the right to limit use does not apply to this essential processing. We do not “sell” or “share” your password or other sensitive personal data.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

How to Exercise Your Rights

To submit a request to exercise these rights, please contact us using the details in Section 11. We will need to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf, but we will require written proof of the agent's authorization and may still need to verify your identity directly. We will respond to your request within the timeframes required by applicable law.

Other California Disclosures

• Shine the Light: Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us using the details in Section 11.

Other States

If you are a resident of a US state other than California that has enacted a comprehensive consumer privacy law, this section describes additional rights available to you and how to exercise them. This includes, but is not limited to, residents of Virginia, Colorado, Connecticut, Utah, and other states with similar laws. Your rights are generally similar to those of California residents and may include the right to access, correct, delete, and opt out of certain processing activities. To exercise any of these rights, please contact us using the details in Section 11.

9. Additional Disclosures for Users in the EEA, UK, and Switzerland

This section provides additional information for individuals located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland.

EU and UK Privacy Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions: European Union (EU GDPR Art. 27), United Kingdom (UK GDPR), and Switzerland (revFADP).

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit: prighter.com.

International Transfers

As described in Section 5, depending on your location and how you use the Services, we may store and process your personal data in, and access it from, jurisdictions outside of your country of residence. Where required by applicable law, we implement appropriate safeguards for such international transfers, which may include:

• For transfers subject to the EU GDPR: the European Commission’s Standard Contractual Clauses (SCCs);
• For transfers subject to the UK GDPR: the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU SCCs;
• For transfers involving Switzerland: the EU SCCs with Switzerland-specific modifications, where applicable.

You may request information about the relevant transfer safeguards (and, where available, how to obtain a copy) by contacting us using the details in Section 11.

Supervisory Authorities

You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that our processing of your personal data infringes applicable law. In particular:

• UK: the Information Commissioner’s Office (ICO);
• Switzerland: the Federal Data Protection and Information Commissioner (FDPIC);
• EEA: your local supervisory authority (for example, in your habitual residence, place of work, or the place of the alleged infringement).

We encourage you to contact us first using the details in Section 11 so we can try to resolve your concerns promptly.

Automated Processing and Personalization

Certain features of the Services use automated processing to generate outputs you request and to personalize your experience (for example, by using recent interactions or content you choose to provide to improve the relevance of summaries, recommendations, or responses). Where required, we provide additional feature-specific transparency information and controls so you can understand how the feature works and manage your choices. This automated processing does not produce legal effects concerning you or similarly significantly affect you. We do not use solely automated decision-making that produces such effects. You can manage applicable settings and choices as described in Section 6.

Requirement to Provide Personal Data

Certain personal data is required to provide the Services. If you choose not to provide such data, we may be unable to provide some or all of the Services. Where processing is optional and based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

10. Additional Disclosures for Users in Japan

This section provides supplemental information for individuals located in Japan, as required by the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended) ("APPI"). The disclosures below supplement, and should be read together with, the rest of this Privacy Policy.

Name and Address of the Business Operator

The business operator responsible for handling your personal information is Plaud Co., Ltd., Shibuya Hikarie 33F, 2-21-1 Shibuya, Shibuya-ku, Tokyo.

Purposes of Use

We use your personal information for the purposes described in Section 2 of this Policy. Under the APPI, we will not use your personal information beyond the scope necessary to achieve these stated purposes of use, except with your prior consent or as otherwise permitted by law. If we plan to use your personal information for new purposes that are not reasonably related to the original purposes, we will obtain your consent in advance.

Cross-Border Transfers and Entrustment of Processing

As described in Section 5, your personal data is stored on secure servers in Japan. However, to provide certain AI-powered features (such as transcription and summarization), we entrust the processing of your data to our LLM service providers located outside of Japan, which may include the United States, countries within the European Economic Area, and other jurisdictions. Under the APPI, we have established a framework of contractual and organizational measures to ensure that these overseas service providers continuously implement data protection measures equivalent to those required under Japanese law. These measures include:

• Contractual safeguards: We have executed data processing agreements with each service provider that impose obligations equivalent to those under the APPI, including strict purpose limitations, prohibitions on unauthorized use or disclosure, and requirements for data deletion after the processing is complete.
• Prohibition on secondary use: Our agreements prohibit service providers from using your data for any purpose other than performing the requested task, including for training or improving their own models.
• Data minimization and limited retention: Only the data necessary to perform the requested task is transmitted. Data shared with service providers is retained only for a limited period as necessary to provide the service and meet security and compliance requirements.
• Encryption: All data transmissions to service providers are encrypted using industry-standard protocols.
• Ongoing monitoring: We periodically verify that our service providers maintain the agreed-upon data protection measures and take corrective action if any deficiencies are identified.

You may request additional information about the specific safeguards we have implemented by contacting us using the details in Section 11.

Safety Management Measures

We implement the following categories of safety management measures to protect your personal information, taking into account the nature and volume of the data we handle and the external environment of countries where the data is processed:

• Organizational measures: Establishment of internal policies and procedures for personal information handling, appointment of a person responsible for the management of personal information, and regular internal audits.
• Personnel measures: Regular training and education of employees on the handling of personal information, and confidentiality obligations in employment agreements.
• Physical measures: Access controls at facilities where personal information is handled, and measures to prevent theft or loss of equipment.
• Technical measures: Access control systems, encryption of data in transit and at rest, intrusion detection, logging, and regular security assessments.
• Understanding of the external environment: When personal data is processed outside of Japan for AI-powered features, we take into account the data protection laws and practices of the relevant country and implement additional safeguards as necessary (see "Cross-Border Transfers and Entrustment of Processing" above).

Your Rights Under the APPI

Under the APPI, you have the following rights with respect to your retained personal data (保有個人データ):

• Right to disclosure (開示): You may request that we disclose the personal data we hold about you, as well as the purposes of use, and records of any third-party provision. You may specify whether you wish to receive this information in writing or by electronic means.
• Right to correction (訂正): If your personal data is inaccurate, you may request that we correct, add to, or delete the inaccurate information.
• Right to cessation of use (利用停止): You may request that we stop using or erase your personal data if it is being handled beyond the scope of the stated purposes of use, was acquired by improper means, or if the continued handling is likely to harm your rights or interests. You may also request that we cease providing your personal data to third parties in certain circumstances.

To exercise any of these rights, please contact us at privacyjp@plaud.ai. We may need to verify your identity before processing your request. We will respond without delay in accordance with the APPI. We may charge a reasonable fee for disclosure requests, which we will communicate to you in advance.

Complaints and the Personal Information Protection Commission

If you have any concerns about how we handle your personal information, we encourage you to contact us first using the details in Section 11. You also have the right to lodge a complaint with Japan's Personal Information Protection Commission (PPC) at ppc.go.jp.

11. How can you contact us?

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about your data, please do not hesitate to contact us at privacy@plaud.ai. Our data controller is Plaud Inc., located at 8 The Green, Ste A, Dover, Kent County, Delaware 19901, US. For users in Japan, please contact us at privacyjp@plaud.ai.

12. How will this policy be updated?

We will update this Policy in a timely manner, and we recommend that you regularly check the latest version of this Policy via "Me > About Plaud > Privacy Policy" of the App. If there are any substantial changes to how we process your personal data, we will provide you with prominent notice (such as via in-App notification or email) and re-obtain your consent before the new terms apply.