Privacy policy

January 14, 2026 version

Geremy.ai, an artificial intelligence application for creating minutes and analyzing meetings, attaches the utmost importance to the protection of privacy and personal data. This privacy policy explains how we collect, use, disclose, process and protect the personal information of Geremy.ai users.

Geremy.ai is a service provided by Stellar Quantum SAS – Hamadryade Bât. 2, 55 allée Camille Claudel, 84000 Avignon, France.

Collecting and using information

1. Audio recording and consent

When using Geremy.ai to record meetings, the user is responsible for obtaining the consent of all participants for the recording and transcription of their voices and statements.

2. Processing audio recordings

• Audio recordings are transferred to Geremy.ai’s servers for automatic transcription.
• Audio recordings are deleted from our servers immediately after transcription.
• Voice is considered temporary biometric data and is never stored.

3. Data use and artificial intelligence

• Your data is never used to train AI models.
• We have set up a permanent opt-out with all our AI suppliers, with active monitoring to maintain this guarantee.
• Each meeting is treated in total isolation: no cross-access, no correlation between your different meetings.

4. User account creation and management

We need certain information to create your account:

• Your first and last name: to identify yourself
• Your e-mail address: to contact you and enable you to log in.
• Your telephone number (optional): to contact you
• Your company name (for business accounts): to personalize your experience

5. Creating and managing reports

When you create a report, we record :

• Contents of the report
• Creation date and time: to organize your reports

The user can enter optional additional information (objectives, agenda, list of participants) to enhance the report. This information can be modified or deleted at any time.

6. Service support

To help you if you have any problems, we use :

• Your first and last name: to identify yourself
• Your e-mail and telephone number: to contact you
• Your payment details (if you have a paying account): to manage your subscription

7. Statistical analysis and customization

• Information on using the application
• Application performance data
• User preferences and usage history

Data storage and security

• Our servers are hosted in Europe, in compliance with strict security and data protection standards.
• Data encryption in transit (TLS 1.3) and at rest (AES-256).
• Regular, secure backups.
• HTTP Strict Transport Security (HSTS) and Content Security Policy (CSP).
• Role-based access control (principle of least privilege).

Data retention and deletion

Delete on request

The Customer may at any time request the permanent deletion of his Account and all his data (reports, preferences, profile information). This deletion is carried out within seventy-two (72) hours of the request, by contacting support@geremy.ai or via the customer area.

Default retention times

• Account data and reports: stored for the duration of the Service, then two (2) years after the end of the trial period or subscription. At the end of this period, definitive deletion after prior notice of thirty (30) days.
• Audio recordings: deleted immediately after transcription. Voice is considered temporary biometric data and is never stored.
• Connection data (logs): 12 months maximum.
• Billing data: stored for five (5) years after account closure, in compliance with legal accounting and tax requirements. This data, managed by our payment service provider, is not affected by deletion requests.

Privacy

Stellar Quantum undertakes to :

• Keep secret all information received from the Customer;
• Do not divulge confidential information to a third party, unless required by law;
• Use this information only to perform the Service.

This obligation remains in effect during and after the term of use of the Service. All Stellar Quantum personnel are bound by a contractual obligation of confidentiality.

Data transfer and disclosure

Geremy.ai does not share personal information with third parties, except as necessary to provide our services (cloud host, payment processor, CRM platform – all located in the EU) or as required by law.

Disclosure on court order

In the event of a request from a competent judicial authority (rogatory commission, examining magistrate, public prosecutor, judicial police, or foreign order via international mutual assistance), Stellar Quantum :

• Verify the legitimacy of the request
• Limit communication to what is strictly required
• Inform the customer in advance, unless prohibited by law (secrecy of the investigation)
• Keeps track of the request

User rights

You have the following rights concerning your personal data:

• Right of access, rectification and deletion
• Right to limitation of processing and portability
• Right to object

You may request the permanent deletion of your Account and all your data at any time. This deletion will be carried out within seventy-two (72) hours, with the exception of billing data, which will be retained in accordance with legal obligations.

To exercise these rights: rgpd@geremy.ai or support@geremy.ai

You can also lodge a complaint with the CNIL: www.cnil.fr

RGPD compliance

• Legal basis: Contract performance, legitimate interest (statistics, marketing with right of objection)
• Transfers outside the EU: No data transfers outside the European Union
• Notification of violations: Within 72 hours to the supervisory authority
• Privacy by Design: Applied to application development and operation
• Register of processing operations: Kept up to date in accordance with Article 30 of the RGPD.
• Impact analysis (AIPD): Carried out for high-risk treatments

Cookies and similar technologies

Definitions

• Cookie: Small file stored by your browser to save certain information.
• Script: A piece of code executed to ensure the proper functioning of the site.
• Invisible tag: Small invisible element used to track site traffic.

Types of cookies used

• Technical or functional cookies: ensure the proper functioning of the site and application (no consent required).
• Statistical cookies: We use analytical tools for audience measurement and internal statistical analysis purposes only. This data is not used for advertising purposes, nor is it shared with third parties for commercial purposes.

Cookie management

You can manage your cookie preferences via your browser settings. The deactivation of certain cookies may affect the operation of the site.

Modifications and contact

Geremy.ai reserves the right to modify this policy at any time. Users will be informed of any significant changes.

DPO contact: rgpd@geremy.ai
Address: Stellar Quantum SAS, Hamadryade Bât. 2, 55 allée Camille Claudel, 84000 Avignon, France

APPENDIX: Data Processing Agreement (DPA)

In accordance with Article 28 of Regulation (EU) 2016/679 (RGPD)

Preamble

The present agreement is concluded between Stellar Quantum SAS (“Subcontractor”) and the user of Geremy.ai (“Data Controller”). The Data Controller retains control of the data it processes via the application.

Article 1 – Purpose, duration and termination

Subject: Audio transcription and report generation using artificial intelligence.

Duration: As long as you use the services.

End: At the end of the trial or subscription period, the data is kept for two (2) years to enable the data controller to consult the data or take out a new subscription. At the end of this period, the data will be permanently deleted after thirty (30) days’ prior notice.

Deletion on request: The Data Controller may request the deletion of his Account and data at any time. This deletion will be carried out within seventy-two (72) hours. Billing data is kept in accordance with legal accounting and tax obligations.

Article 2 – Processed data

Identification data: surname, first name, e-mail, telephone (optional), SSO data.

Audio recordings: voice (temporary biometric data, deleted immediately).

Transcripts and reports generated.

Connection data: logs (12 months maximum).

Persons concerned : Users and participants of recorded meetings.

Article 3 – Subcontractor’s obligations

The Subcontractor undertakes to process the data only in accordance with the instructions of the Data Controller.

The Subcontractor guarantees data confidentiality.

The Subcontractor implements appropriate security measures.

The Subcontractor assists the Data Controller with requests to exercise rights.

The Subcontractor shall notify any data breach within 48 hours.

The Subcontractor deletes the data within seventy-two (72) hours at the request of the Data Controller, or upon expiry of the two (2) year retention period after the end of the trial period or subscription.

The Subcontractor undertakes never to use the data to train AI models (permanent opt-out, active monitoring).

The Subcontractor guarantees strict partitioning of each meeting (no cross-access).

Article 4 – Safety

Hosted in the European Union, TLS 1.3 and AES-256 encryption, role-based access control, continuous monitoring and regular security testing.

Article 5 – Subsequent subcontractors

The Data Controller generally authorizes the use of subsequent subcontractors. The Subcontractor will inform of any changes.

Article 6 – Transfers

No data transfer outside the European Union.

