Privacy Policy

Last Updated: January 17, 2026
Effective Date: January 17, 2026

1. Introduction

AgendaIQ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our smart meeting management platform, including our web application, Google Workspace Add-on, and Microsoft 365 integration (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, organization name, job title, and password when you create an account.
• Meeting Content: Meeting titles, descriptions, agendas, notes, action items, and attachments you create or upload.
• Communication Data: Messages, comments, and feedback you provide through the Service.

2.2 Information from Third-Party Services

When you connect AgendaIQ to third-party services, we may collect:

Google Workspace Integration

• Google Calendar: Event titles, descriptions, dates, times, attendees, and calendar IDs (with your explicit consent via OAuth)
• Google Tasks: Task titles, descriptions, due dates, and task list information
• Google Meet: Meeting links and participant information for meetings you organize
• Google Drive: File metadata for documents linked to meetings (with explicit scope consent)

Microsoft 365 Integration

• Outlook Calendar: Event titles, descriptions, dates, times, and attendees
• Microsoft Teams: Meeting links and team membership information
• OneDrive: File metadata for linked documents

2.3 Automatically Collected Information

• Usage Data: Features used, pages visited, actions taken, timestamps
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP addresses, access times, error logs
• Cookies: Session management and preference storage (see Section 8)

3. How We Use Your Information

We use the collected information for:

3.1 Service Provision

• Creating and managing your account
• Synchronizing calendar events and tasks
• Providing meeting management features
• Generating meeting summaries and action items
• Enabling team collaboration features

3.2 AI Features (Premium/Enterprise)

• Semantic Search: Creating vector embeddings of meeting content for intelligent search (data processed, not stored externally)
• AI Summaries: Generating meeting summaries using AI models
• Smart Suggestions: Providing context-aware recommendations

3.3 Service Improvement

• Analyzing usage patterns to improve features
• Debugging and technical troubleshooting
• Developing new features based on usage trends

3.4 Communication

• Sending service notifications and updates
• Responding to support requests
• Providing security alerts

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

4.1 Service Providers

Third-party vendors who assist in operating our Service:

• Cloud Infrastructure: Vercel (hosting), Supabase (database)
• Authentication: Auth0/NextAuth.js session management
• Analytics: Privacy-focused analytics (no personal data shared)
• AI Processing: Google AI (Gemini) for AI features - data processed but not retained

4.2 Third-Party Integrations

When you authorize integrations:

• Google: Calendar, Tasks, Drive, Meet data synced per your OAuth permissions
• Microsoft: Calendar, Teams, OneDrive data synced per your consent

4.3 Legal Requirements

We may disclose information if required by law, subpoena, or legal process, or to:

• Protect our rights and safety
• Prevent fraud or security issues
• Comply with legal obligations

4.4 Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred with appropriate notice.

5. Data Retention

You can request data deletion at any time through Settings or by contacting support@agendaiq.com.

6. Data Security

We implement industry-standard security measures:

6.1 Technical Safeguards

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Control: Role-based access control (RBAC), principle of least privilege
• Authentication: Multi-factor authentication (MFA) support
• Infrastructure: SOC 2 compliant cloud providers

6.2 Organizational Safeguards

• Regular security audits and penetration testing
• Employee security training
• Incident response procedures
• Data processing agreements with vendors

6.3 Compliance

• GDPR compliant (for EU users)
• CCPA compliant (for California residents)
• SOC 2 Type II certification (in progress)

7. Your Rights and Choices

7.1 Access and Portability

• View your data in Settings > Privacy
• Export your data in standard formats (JSON, CSV)

7.2 Correction

• Update your profile information at any time
• Correct meeting content and notes

7.3 Deletion

• Delete individual items (meetings, notes, action items)
• Request full account deletion
• "Right to be forgotten" for EU users

7.4 Opt-Out

• Disable AI features (falls back to keyword search)
• Disconnect third-party integrations
• Unsubscribe from non-essential emails

7.5 Data Processing Objection

• Object to data processing for marketing purposes
• Request restriction of processing

To exercise these rights, contact privacy@agendaiq.com or use the in-app settings.

8. Cookies and Tracking

8.1 Essential Cookies

Required for Service operation:

• Session management (next-auth.session-token)
• CSRF protection
• User preferences

8.2 Analytics Cookies

Optional, can be disabled:

• Feature usage tracking (anonymized)
• Performance monitoring

8.3 No Third-Party Advertising

We do not use third-party advertising cookies or tracking pixels.

8.4 Cookie Management

Manage cookie preferences at Settings > Privacy > Cookie Settings.

9. Third-Party Services

9.1 Google Workspace Marketplace

Our Google Workspace Add-on complies with:

• Google API Services User Data Policy
• Google Workspace Marketplace Program Policies

9.2 Microsoft AppSource

Our Microsoft 365 integration complies with:

• Microsoft Commercial Marketplace Certification Policies
• Microsoft Privacy Statement

10. International Data Transfers

Your data may be processed in:

• United States: Primary data centers (Vercel, Supabase)
• European Union: For EU customers (upon request)

For EU users, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements with vendors
• Privacy Shield framework (where applicable)

11. Children's Privacy

AgendaIQ is not intended for users under 16 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be:

• Posted on this page with updated "Last Updated" date
• Notified via email for material changes
• Announced in the application

Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries:

• Email: privacy@agendaiq.com
• Data Protection Officer: ScholentiaIQ Privacy Team
• Response Time: Within 30 days for data requests

14. Regional Notices

14.1 European Union (GDPR)

If you are in the EU/EEA:

• Legal basis: Contract performance, legitimate interests, consent
• Data controller: ScholentiaIQ Inc.
• Supervisory authority: You may lodge complaints with your local DPA

14.2 California (CCPA)

If you are a California resident:

• Categories of personal information collected: Identifiers, commercial information, internet activity
• We do not sell personal information
• Right to know, delete, and opt-out

14.3 Other Regions

We comply with applicable local privacy laws. Contact us for region-specific information.

Appendix A: Google OAuth Scopes Used

Appendix B: Microsoft Graph Permissions

This Privacy Policy is provided in English. Translations may be available but the English version controls in case of discrepancy.