Privacy policy

November 24, 2025 version

Geremy.ai, an artificial intelligence application for creating minutes and analyzing meetings, attaches the utmost importance to the protection of privacy and personal data. This privacy policy explains how we collect, use, disclose, process and protect the personal information of Geremy.ai users.

Geremy.ai is a service provided by Stellar Quantum SAS – Hamadryade Bât. 2, 55 allée Camille Claudel, 84000 Avignon, France.

1. COLLECTION AND USE OF INFORMATION

1.1 Audio recording and consent

When using Geremy.ai to record meetings, the user is responsible for obtaining the consent of all participants for the recording and transcription of their voices and statements.

1.2 Processing audio recordings

• Audio recordings are transferred to Geremy.ai’s servers for automatic transcription.
• Audio recordings are deleted from our servers immediately after transcription.
• Voice is considered temporary biometric data and is never stored.

1.3 Data utilization and artificial intelligence

• Your data is never used to train AI models.
• We have set up a permanent opt-out with all our AI suppliers, with active monitoring to maintain this guarantee.
• Each meeting is treated in total isolation: no cross-access, no correlation between your different meetings.

1.4 Creating and managing a user account

We need certain information to create your account:

• Your first and last name: to identify yourself
• Your e-mail address: to contact you and enable you to log in.
• Your telephone number (optional): to contact you
• Your company name (for business accounts): to personalize your experience

1.5 Creating and managing reports

When you create a report, we record :

• Contents of the report
• Creation date and time: to organize your reports

The user can enter optional additional information (objectives, agenda, list of participants) to enhance the report. This information can be modified or deleted at any time.

1.6 Service support

To help you if you have any problems, we use :

• Your first and last name: to identify yourself
• Your e-mail and telephone number: to contact you
• Your payment details (if you have a paying account): to manage your subscription

1.7 Statistical analysis and customization

• Information on using the application
• Application performance data
• User preferences and usage history

2. DATA STORAGE AND SECURITY

2.1 Safety measures

• Our servers are hosted in Europe, in compliance with strict security and data protection standards.
• Data encryption in transit (TLS 1.3) and at rest (AES-256).
• Regular, secure backups.
• HTTP Strict Transport Security (HSTS) and Content Security Policy (CSP).
• Role-based access control (principle of least privilege).

2.2 Data retention

• Account data and reports: retained as long as the account is active, deleted on closure.
• Audio recordings: deleted immediately after transcription.
• Connection data (logs): 12 months maximum.

3. CONFIDENTIALITY

Stellar Quantum undertakes to :

• Keep secret all information received from the Customer;
• Do not divulge confidential information to a third party, unless required by law;
• Use this information only to perform the Service.

This obligation remains in effect during and after the term of use of the Service. All Stellar Quantum personnel are bound by a contractual obligation of confidentiality.

4. TRANSFER AND DISCLOSURE OF DATA

Geremy.ai does not share personal information with third parties, except as necessary to provide our services (cloud host, payment processor, CRM platform – all located in the EU) or as required by law.

In the event of a request from a competent judicial authority (rogatory commission, examining magistrate, public prosecutor, judicial police, or foreign order via international mutual assistance), Stellar Quantum :

• Verify the legitimacy of the request
• Limit communication to what is strictly required
• Inform the customer in advance, unless prohibited by law (secrecy of the investigation)
• Keeps track of the request

5. USER RIGHTS

You have the following rights concerning your personal data:

• Right of access, rectification and deletion
• Right to limitation of processing and portability
• Right to object

To exercise these rights: rgpd@geremy.ai

You can also lodge a complaint with the CNIL: http://www.cnil.fr

6. RGPD COMPLIANCE

• Legal basis: Contract performance, legitimate interest (statistics, marketing with right of objection)
• Transfers outside the EU: No data transfers outside the European Union
• Notification of violations: Within 72 hours to the supervisory authority
• Privacy by Design: Applied to application development and operation
• Register of processing operations: Kept up to date in accordance with Article 30 of the RGPD.
• Impact analysis (AIPD): Carried out for high-risk treatments

7. COOKIES AND SIMILAR TECHNOLOGIES

7.1 Definitions

• Cookie: Small file stored by your browser to save certain information.
• Script: A piece of code executed to ensure the proper functioning of the site.
• Invisible tag: Small invisible element used to track site traffic.

7.2 Types of cookies used

• Technical or functional cookies: ensure the proper functioning of the site and application (no consent required).
• Statistical cookies: We use analytical tools for audience measurement and internal statistical analysis purposes only. This data is not used for advertising purposes, nor is it shared with third parties for commercial purposes.

7.3 Cookie management

You can manage your cookie preferences via your browser settings. The deactivation of certain cookies may affect the operation of the site.

8. MODIFICATIONS AND CONTACT

Geremy.ai reserves the right to modify this policy at any time. Users will be informed of any significant changes.

DPO contact: rgpd@geremy.ai

Address: Stellar Quantum SAS, Hamadryade Bât. 2, 55 allée Camille Claudel, 84000 Avignon, France

APPENDIX: DATA PROCESSING AGREEMENT (DPA)

In accordance with Article 28 of Regulation (EU) 2016/679 (RGPD)

Preamble

The present agreement is concluded between Stellar Quantum SAS (“Subcontractor”) and the user of Geremy.ai (“Data Controller”). The Data Controller retains control of the data it processes via the application.

Article 1 – Purpose, duration and termination

• Subject: Audio transcription and report generation using artificial intelligence.
• Duration: As long as you use the services.
• End: On deletion of the account, all service data is automatically and permanently deleted.

Article 2 – Processed data

• Identification data: surname, first name, e-mail, telephone (optional), SSO data
• Audio recordings: voice (temporary biometric data, deleted immediately)
• Transcripts and reports generated
• Connection data: logs (12 months maximum)

Persons concerned : Users and participants of recorded meetings.

Article 3 – Subcontractor’s obligations

• Process data only in accordance with the instructions of the Data Controller.
• Guarantee data confidentiality.
• Implement appropriate safety measures.
• Assist the Data Controller with requests to exercise rights.
• Notify us of any data breach within 48 hours.
• Delete data on account closure.
• Never use data to train AI models (permanent opt-out, active watch).
• Guarantee strict partitioning of each meeting (no cross-access).

Article 4 – Safety

Hosted in the European Union, TLS 1.3 and AES-256 encryption, role-based access control, continuous monitoring and regular security testing.

Article 5 – Subsequent subcontractors

The Data Controller generally authorizes the use of subsequent subcontractors. The Subcontractor will inform of any changes.

Article 6 – Transfers

No data transfer outside the European Union.

