Legal

Privacy Policy

Last updated: April 13, 2026

The Short Version

Nutan processes meeting audio entirely on your device. Audio is deleted after transcription. Only structured intelligence (text summaries, action items, signals) is retained locally in an encrypted database. Data only leaves your device when you explicitly enable cloud sync or push updates to your CRM. We collect minimal data to operate the service — your email for account access and basic usage analytics.

What We Collect

Account information (email, name) when you sign in with Google. Basic usage analytics (feature usage, session length) to improve the product. Invite request submissions (email, company, source). GDPR consent records are logged automatically at first login.

We do NOT collect, store, or transmit meeting audio, transcripts, deal intelligence, chat messages, or knowledge base content to our servers unless you explicitly enable cloud sync.

Meeting Audio & Transcription

Meeting audio is captured and transcribed entirely on your device using on-device AI. Audio is automatically deleted immediately after transcription — it is never stored, even locally. Transcripts and intelligence data are stored in a local database protected with industry-standard strong encryption. The encryption key is stored in your operating system's secure keychain, not on disk.

CRM Sync

When you choose to sync data to your CRM (Salesforce, HubSpot), structured intelligence is sent directly from your device to your CRM provider using authentication tokens held in your OS secure keychain. Nutan acts as a pass-through — we do not store a copy of data sent to your CRM. Standards-based OAuth is used for every integration.

Cloud Sync

Cloud sync is optional and off by default. When enabled, your structured data (deals, contacts, meetings, chats, knowledge, action items, signals, settings) syncs encrypted every 5 minutes in batches of up to 500 rows. Audio never syncs. Sync uses TLS in transit. When you delete data locally, tombstone records ensure deletion propagates to all synced devices. You can disable cloud sync at any time.

Data Retention

Local data: Retained on your device until you delete it. Your local database is protected with industry-standard strong encryption.

Account data: Retained while your account is active.

Audit logs: Retained for compliance purposes per GDPR Article 17(3)(e), even after account deletion.

Invite request data: Retained until you request removal.

We honour all data deletion requests within 30 days.

Authentication & Token Storage

Nutan uses standards-based OAuth for authentication. All authentication tokens — for sign-in, CRM, email, and calendar — are stored exclusively in your operating system's secure keychain. Tokens are never stored in files, databases, or application configuration.

Third-Party Services

Google — Authentication (OAuth 2.0).
Your CRM provider — When you choose to sync (Salesforce, HubSpot).
Google — Gmail and Google Calendar when you connect them.

We do not sell, share, or provide your data to any other third parties. See our sub-processor list for full details.

Your Rights

You can request access to, correction of, or deletion of your personal data at any time. Nutan provides granular in-app deletion controls — delete your profile, deals, meetings, chats, knowledge, settings, or integrations independently, or delete everything at once. Full account erasure runs in a single atomic transaction.

For GDPR data subject requests and CCPA consumer requests, submit online — a ticket ID is issued immediately and routed to the privacy agent. No email round-trip required. See also our data management guide for exercising your rights inside the app.

Contact

For privacy questions: privacy@nutan.ai
For legal questions: legal@nutan.ai
General inquiries: hello@nutan.ai