Privacy Policy

This policy describes what data Flamelets collects from you, how we store it, and what we do with it. Flamelets is a service that auto-syncs Google Meet transcripts and generates shareable recap pages. We aim to collect only what the product needs and to be plain-English honest about it.

1. What data we collect

• Google account profile: your email, display name, profile picture, and a Google-assigned user ID. Collected when you sign in with Google.
• Calendar events: the title, start and end times, attendee email addresses, and Google Meet link for events we discover via the Google Calendar API. We read your primary calendar only, and only events that have a Google Meet conference attached.
• Meeting transcripts: the plain-text content of transcript files that Google Meet saves to your Google Drive in the "Meet Recordings" folder. We download only transcripts that correspond to Calendar events we have already discovered.
• AI-generated summaries: we run each transcript through Anthropic's Claude model to extract a summary paragraph, action items, and key decisions. These extracted fields are stored alongside the raw transcript.
• OAuth tokens: we store the access and refresh tokens issued by Google so we can sync on your behalf without re-prompting you every hour. Tokens are kept in Cloudflare KV and are never exposed to other users or shown in any UI.
• A session cookie: a single HttpOnly cookie named fl_session that identifies your logged-in browser session. It contains no personal information by itself — just a random identifier that maps to your account server-side.

2. What we do NOT collect

• We do not read any Drive files other than Meet transcripts.
• We do not write to your Calendar or Drive, ever.
• We do not read your Gmail or contacts.
• We do not use any third-party analytics or tracking scripts.
• We do not sell your data or share it for advertising.

3. Third-party processors

To run the service, we share data with a small number of sub-processors:

• Cloudflare hosts the entire service — application, database (D1), object storage (R2), caching (KV), and queue infrastructure. Transcripts and extracted content live in Cloudflare's infrastructure, encrypted at rest by Cloudflare.
• Anthropic runs the Claude model that extracts summaries and action items from each transcript. Transcript text is sent to Anthropic's API at the time of processing. Anthropic's data retention and usage policies apply to that request — see anthropic.com/privacy.
• Google is the identity provider and the source of your Calendar and Drive data. Google sees the OAuth authentication traffic and whatever API calls we make on your behalf.

4. Sharing

By default every meeting is private to your account. If you explicitly enable sharing on a meeting from your dashboard, Flamelets generates a random unguessable URL at /m/<token> that anyone with the link can view. You can disable sharing at any time, and the public URL stops working immediately. We do not list or index shared pages in any public directory.

5. Retention

We keep your meetings, extracted content, and transcript files indefinitely until you delete your account or individually remove them. A complete account deletion flow that also removes data from Cloudflare D1, R2, and KV is on our near-term roadmap — if you need your data deleted in the meantime, contact us and we will do it manually.

6. Your rights

You can request a copy of all data we hold about you, or request its deletion, by contacting us at the email below. If you are in the EU, EEA, or UK, GDPR gives you additional rights including data portability. We will respond to any such request within 30 days.

7. Security

All traffic to Flamelets is TLS-encrypted. Data at rest is encrypted by Cloudflare. OAuth tokens never appear in the UI or logs. We do not have a designated security contact yet — for security reports, email us directly.

8. Changes to this policy

We may update this policy as the product evolves. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced via email to the address on your account.

9. Contact

Questions about this policy, data requests, or security reports: email [email protected].