Your conversations contain your organisation's most sensitive information. Geremy was built on the Privacy by Design principle: sovereign hosting, end-to-end encryption, processing without human access, audio deleted after use, and no AI training on your data.
Our hosting infrastructure holds the three most demanding certifications on the market. Your data never leaves this audited environment — Geremy has no access to your audio and no human access to your write-ups.
The international reference standard for information security management (policies, controls, risk management).
An independent audit that continuously attests to the protection, availability, and confidentiality of data.
European health-data hosting certification — the highest level of personal data protection requirements in Europe. All your meetings benefit from it, whether or not they involve health-related content.
Data centres in France (Paris), with redundancy across the European Union. No data transfers outside the EU — no storage, no processing, no backups.
AES-256 at rest (storage), TLS 1.3 in transit (transfer) — the highest industry standards, used by banks and healthcare institutions.
Audio is transcribed and converted into meeting minutes in a fully automated way — no human access, at any stage.
Every account is isolated, every meeting is sandboxed. No cross-access, no correlation between your meetings. Your data is visible to you and you alone.
Your data is never used to train AI models — neither ours nor those of our providers. Permanent contractual opt-out, with active monitoring.
Penetration testing by an independent firm (latest audit: December 2025), OWASP best practices throughout development, quarterly reviews by cybersecurity and GDPR compliance experts.
Voice is a sensitive biometric data under the GDPR: we do not retain it a single second longer than necessary. Here is its complete lifecycle.
Audio is encrypted (AES-256) at the point of capture, on your device.
Sent to our European servers over a secure channel (TLS 1.3).
Transcription and report generation are fully automated, with no human access whatsoever.
Audio is immediately and permanently destroyed once processing is complete. Not archived «just in case».
What stays on our servers is only your meeting minutes — the text you view, edit, export, and delete whenever you choose.
Geremy (Stellar Quantum SAS) acts as a data processor under the GDPR: we process audio data on your behalf, in accordance with your instructions. You are the data controller: you decide to record a meeting, you choose the participants involved, and you determine the purpose. As such, it is your responsibility to inform participants that the meeting is being recorded and to obtain their consent where required (this is a legal obligation in most European countries, whether in person or via video conference).
For organisations subject to enhanced requirements (healthcare, finance, public sector), we provide the DPA and Security White Paper on request, and respond to your security questionnaires.