Privacy Impact Assessment

2.1When a DPIA Is Required

Article 35 requires a DPIA where processing is likely to result in a high risk to the rights and freedoms of natural persons, particularly for (a) systematic and extensive evaluation based on automated processing, (b) large-scale processing of special categories, or (c) systematic monitoring of a publicly accessible area. None of these strictly apply to Nutan; this DPIA is conducted voluntarily and as a matter of good practice.

2.2Description of the Processing

Nutan captures meeting audio on the user's device, transcribes it locally, and extracts structured intelligence (action items, objections, signals, summaries) from the transcript. Audio is discarded the moment transcription completes. None of this processing reaches Nutan's servers unless the user explicitly enables cloud sync.

2.3Systematic Description of Operations

Processing operations performed by Nutan:

• Capture of system audio during user-initiated recording session (on-device)
• Real-time transcription with speaker identification (on-device)
• Structured intelligence extraction — objections, action items, signals, summaries (on-device)
• Storage of structured outputs in a local encrypted database
• Optional encrypted sync to Nutan cloud (off by default)
• Optional relay of summaries to the user's own CRM (off by default)

2.4Purposes of the Processing

The purpose is to provide real-time coaching, post-meeting intelligence, and accountability for sales professionals. Each processing operation serves that purpose directly; no operation exists for unrelated purposes.

2.5Necessity and Proportionality

Meeting intelligence cannot be delivered without processing meeting content. The choice to perform all processing on-device, to discard audio immediately after transcription, and to default cloud sync to off together represent the minimum processing necessary to deliver the service. Less intrusive alternatives (e.g., manual note-taking) do not achieve the stated purpose.

2.6Data Flow Mapping

Data flows in Nutan:

• Audio input → on-device transcription pipeline → text transcript (audio discarded)
• Text transcript → on-device intelligence extraction → structured records
• Structured records → local encrypted database
• [Optional] Local encrypted database → encrypted sync → Nutan cloud encrypted store
• [Optional] Structured summaries → user-authenticated CRM API
• [Optional] Contact PII → field-level encrypted record → blind-indexed lookup

2.7Risk Identification

Risks to the rights and freedoms of natural persons have been systematically considered. Each risk below is rated for likelihood and severity before mitigation (inherent) and after mitigation (residual).

• R1 · Unauthorised access to the user's device → Inherent: Moderate / Moderate. Residual: Low / Low after industry-standard strong encryption with device-bound key.
• R2 · Meeting participants unaware they are being transcribed → Inherent: Moderate / Moderate. Residual: Low / Low after notice-template library and product nudges; ultimate responsibility rests with the user.
• R3 · Token theft via device-level malware → Inherent: Low / High. Residual: Low / Low after OS-keychain protections and automatic rotation.
• R4 · Unauthorised retention of PII after deletion request → Inherent: Low / High. Residual: Very Low / Low after granular atomic deletion pipeline.
• R5 · Incorrect classification of data subject (e.g., attributing a quote to the wrong speaker) → Inherent: Moderate / Low. Residual: Low / Low after confidence-scored speaker attribution.
• R6 · Unauthorised disclosure via sub-processor → Inherent: Low / Moderate. Residual: Very Low / Low after published sub-processor list and contractual constraints.
• R7 · Re-identification via correlated records → Inherent: Low / Moderate. Residual: Very Low / Low after field-level encryption and blind indexing.

2.8Risk Reduction Measures

Architectural measures (on-device processing, default-off sync, immediate audio disposal) provide the foundation. Operational measures (immutable audit logging, granular erasure, user-controlled permissions) complete the picture. External mitigations (sub-processor list, published attestations) address transparency and accountability.

2.9Rights of Data Subjects

The DPIA confirms that every right is supported and operationally testable — see the GDPR Compliance Statement (NUT-GDPR-001) Articles 15–22. Supporting data subject rights does not introduce incremental risk.

2.10Consultation

This DPIA has been reviewed by the founder. Formal consultation with a supervisory authority under Article 36 is not required as residual risks are assessed below the high-risk threshold. External consultation is available on request for customers requiring it.

2.11Monitoring and Review

The DPIA is regenerated alongside every material release. Any change that introduces a new category of processing, a new purpose, or a new sub-processor triggers an interim review.

2.12Decision

Based on this assessment, the processing is compliant with GDPR and may continue. No Article 36 prior consultation is required. The DPIA shall be revisited on the next material change.