Privacy Policy

1. Scope

This Privacy Policy applies to information collected through the Services, our websites, and our communications. It does not apply to third-party websites, services, or platforms that may be linked from or integrated with the Services. We encourage you to review the privacy practices of any third-party services you access.

If you have a separate written agreement with Secure Stream (such as a Data Processing Agreement, Order Form, or Business Associate Agreement), that agreement may supplement or modify the terms of this Privacy Policy with respect to the information covered by that agreement.

3. How We Collect Information

We collect information in the following ways:

• Directly from you when you create an account, configure the Services, submit Customer Content, contact support, or communicate with us.
• Automatically when you use the Services, through server logs, cookies, analytics tools, and similar technologies.
• From your organization if you are an Authorized User, your organization's administrator may provide your information when configuring accounts and permissions.
• From third-party services such as authentication providers (SSO), payment processors, and analytics services.
• Through Customer Content processing when the Services process audio, video, transcripts, and other materials to generate captions, analytics, transcriptions, and related outputs.

4. How We Use Information

We use collected information for the following purposes:

• To provide, operate, and deliver the Services, including live streaming, recording, transcription, captioning, analytics, Audio Xtract, JuryDNA, and related features.
• To process and generate Customer Content outputs, including transcripts, captions, diarization, speaker labels, keyword analysis, sentiment indicators, and analytics dashboards.
• To manage accounts, authenticate users, enforce permissions, and administer access controls.
• To process payments, manage billing, send invoices, and maintain financial records.
• To communicate with you about the Services, respond to support requests, send service notifications, and provide operational updates.
• To maintain, secure, monitor, troubleshoot, and improve the Services and underlying infrastructure.
• To detect, prevent, and respond to fraud, abuse, security incidents, and unauthorized access.
• To comply with applicable laws, legal process, court orders, and regulatory requirements.
• To enforce our Terms of Service, protect our rights, and resolve disputes.

5. How We Share Information

We do not sell Customer Content or personal information. We do not use Customer Content or personal information for advertising or targeted advertising. We may share information only in the following circumstances:

• With subprocessors and service providers who assist in providing the Services, including cloud infrastructure providers, transcription providers, streaming providers, analytics providers, payment processors, authentication providers, and support tools. A current list of subprocessors is maintained in our Subprocessor List.
• With your organization if you are an Authorized User, your Customer organization and its administrators may have access to your activity, content, and account information as part of the Services.
• As directed by Customer when Customer configures sharing, export, integration, or delivery of Customer Content through the Services.
• For legal and safety purposes where we believe in good faith that disclosure is necessary to comply with applicable law, respond to valid legal process, protect the rights or safety of Secure Stream or others, prevent fraud, or address security issues.
• In connection with a business transfer such as a merger, acquisition, reorganization, asset sale, or similar transaction, information may be transferred as part of that transaction. We will provide notice if your information becomes subject to a different privacy policy.
• With your consent where you have provided explicit consent to share information for a specific purpose.

6. AI, Machine Learning, and Automated Processing

The Services may use automated processing technologies, including machine learning, artificial intelligence, statistical models, speech recognition, deterministic rules, configured calculations, and related processing methods provided by Secure Stream or third-party vendors to deliver features such as transcription, captioning, diarization, speaker identification, keyword detection, sentiment indicators, JuryDNA outputs, Audio Xtract outputs, and related analytics.

Secure Stream does not use Customer Content to train artificial intelligence or machine learning models. Where Secure Stream uses third-party providers to process Customer Content, Secure Stream uses commercially reasonable efforts to contractually restrict those providers from using Customer Content for model training except as expressly disclosed or authorized by Customer. For more detail on how AI, machine learning, and automated processing technologies are used, see our AI Data Use Policy.

Certain analytics features, such as JuryDNA, Audio Xtract, and Secure Stream sentiment indicators, may use deterministic workflows, structured calculations, configured rules, keyword/lexicon scoring, and mathematical scoring rather than generative AI models. Optional vendor-provided sentiment, summarization, or advanced analytics may use third-party AI-enabled processing only where enabled or supported. The specific processing methods used for each feature are described in the applicable product documentation or AI Data Use Policy.

7. Data Retention

We retain information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and are described in our Data Retention Policy.

Customer Content is retained according to account settings, applicable agreements, project settings, event or stream settings, case/study requirements, and the Data Retention Policy. Customers may request deletion of active Customer Content for a specific account, project, client, stream, case, study, event, room, file, data set, or deliverable by submitting a verified written request to support@securestream.io. Secure Stream will use commercially reasonable efforts to process deletion requests within twenty-four (24) hours, subject to legal, security, backup, billing, dispute, compliance, and contractual retention requirements.

Deletion from backups, archives, logs, vendor systems, and disaster recovery systems may occur on a delayed basis according to applicable retention and technical procedures.

8. Cookies and Similar Technologies

We may use cookies and similar technologies to operate the Services, maintain sessions, remember preferences, analyze usage, improve performance, and support security. We do not use advertising cookies and do not use cookies or similar technologies to sell personal information or target advertising. The types of cookies we may use include:

• Essential cookies required for the Services to function, including authentication, session management, security, and load balancing.
• Functional cookies that remember your preferences, settings, and configurations to improve your experience.
• Analytics cookies that help us understand how the Services are used, measure performance, troubleshoot issues, and identify areas for improvement. These are not used for advertising or cross-context behavioral profiling.

9. Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, use, alteration, disclosure, and destruction. These measures include access controls, authentication, encryption in transit and at rest where supported, signed access links, role-based permissions, logging, monitoring, and vendor security requirements.

No system, network, or transmission can be guaranteed to be completely secure. While we work to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for configuring access permissions appropriately.

10. International Data Transfers

The Services are operated from the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in the United States or other jurisdictions where our subprocessors operate.

Where required by applicable law, we use appropriate safeguards for international data transfers, such as standard contractual clauses, data processing agreements, or other legally recognized transfer mechanisms.

By using the Services, you acknowledge that your information may be processed in jurisdictions with different data protection laws than your jurisdiction of residence.

11. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information, including the right to access, correct, delete, port, or restrict the processing of your information, or to object to certain processing activities.

If you are an Authorized User accessing the Services through a Customer organization, requests regarding your personal information should generally be directed to your organization, as your organization controls the account and the associated data. We will assist Customers in responding to data subject requests as required by applicable law or agreement.

To exercise any applicable rights, or to submit a data-related inquiry, please contact us at support@securestream.io. We will respond to verified requests within the timeframes required by applicable law.

You may also opt out of non-essential communications by following the unsubscribe instructions in any marketing email or by contacting us directly.

12. Children's Privacy

The Services are not intended for use by individuals under the age of 18 as account users or Authorized Users. We do not knowingly collect personal information directly from children as account users. Customer is responsible for ensuring that it has all required rights, notices, consents, authorizations, and legal authority for any Customer Content involving minors. If we become aware that a child has provided personal information directly through the Services without proper authorization, we will take steps to delete that information promptly.

13. Third-Party Links and Services

The Services may contain links to or integrations with third-party websites, services, or platforms. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

14. State-Specific Privacy Disclosures

Certain U.S. states, including California, Virginia, Colorado, Connecticut, Utah, and others, provide residents with additional rights regarding personal information. These may include the right to know what information is collected, the right to delete, the right to opt out of certain processing activities, and the right to non-discrimination for exercising privacy rights.

Secure Stream does not sell personal information as defined under applicable state privacy laws. Secure Stream does not use personal information for targeted advertising, cross-context behavioral advertising, or advertising profiling.

To exercise state-specific privacy rights, please contact us at support@securestream.io. We will verify your identity and respond within the timeframes required by applicable law.

15. European and International Privacy Rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, and applicable data protection law applies, Unveil Data LLC acts as a data processor on behalf of the Customer (the data controller) with respect to Customer Content. For other data (such as Account Information and Usage Data), Unveil Data LLC acts as the data controller.

Our legal bases for processing include performance of a contract, legitimate interests in operating and improving the Services, compliance with legal obligations, and consent where applicable.

You may have the right to access, rectify, erase, restrict processing, data portability, and object to processing. To exercise these rights, please contact your Customer organization (for Customer Content) or us directly (for other data) at support@securestream.io.

If you have a complaint about our processing of your personal data, you may contact your local supervisory authority.

16. Data Breach Notification

In the event of a confirmed security incident that results in unauthorized access to, or disclosure of, Customer Content or personal information, Secure Stream will notify affected Customers without unreasonable delay and in accordance with applicable law and any applicable Data Processing Agreement.

Notification will include, to the extent known at the time, a description of the nature of the incident, the categories of data affected, the measures taken or proposed to address the incident, and recommendations for affected parties.

Secure Stream will cooperate with Customers in investigating and responding to security incidents and will provide information reasonably necessary to enable Customers to fulfill their own notification obligations under applicable law.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. If we make material changes, we will provide notice by email, through the Services, or by posting the updated Privacy Policy with a revised effective date. We will provide at least thirty (30) days' notice before material changes take effect.

Continued use of the Services after the updated Privacy Policy becomes effective constitutes acceptance of the updated terms. If you do not agree with the changes, you should stop using the Services and contact us to discuss your options.