Privacy & Security

Your data protection and privacy controls in Caret.

Our Privacy Commitment

Privacy is built into everything we do at Caret. Your meeting data belongs to you, and we’ve designed our platform so you have complete control over how your information gets stored, processed, and shared. What we believe:
  • No AI learning: We never use your data to train AI models
  • Clear consent: We always ask permission before processing your data
  • Minimal data: We only collect what we actually need to provide the service
  • You’re in control: You decide how your data gets stored and shared

AI Learning Controls

Caret does not use your data for AI learning. This is our promise across all plans and features. What this means:
  • Your meeting transcripts are never used to improve AI models
  • Your audio recordings remain private and are not used for training
  • Meeting summaries and content stay within your control
  • We maintain strict data isolation from AI training processes
Third-party AI services: We use OpenAI to process your requests, but we always ask for your permission first, and this data isn’t used for OpenAI’s model training either.

Audio Data Storage

You have complete control over how your audio recordings are stored with four flexible options:

Do Not Store

  • No audio files saved: We process audio in real-time but don’t store it anywhere
  • Maximum privacy: No audio data sticks around after your meeting ends
  • Good for: Really sensitive meetings or when you have compliance requirements
  • Heads up: You won’t be able to replay audio later

My Device (Local Storage)

  • Stays on your device: Audio files are saved only on your computer
  • You control everything: Only you can access the audio files
  • Privacy first: Audio never leaves your device
  • Good for: Personal meetings or when you want complete control

Caret Server

  • Cloud storage: Audio gets uploaded to our secure servers
  • Access anywhere: Play audio from any device
  • Easy sharing: Share audio with people who were in the meeting
  • Enterprise security: Encrypted when traveling and when stored

S3 Storage (Enterprise)

  • Your own storage: Use your Amazon S3 or compatible storage
  • You own everything: Your data stays in your own infrastructure
  • Compliance friendly: Meet your organization’s requirements for where data lives
  • Works with most providers: Support for various cloud services

Auto-Delete Notes

Automatically delete notes after a certain amount of time to keep your data clean and meet retention policies.

How It Works

  • Set automatic deletion periods (days, weeks, months)
  • Notes are permanently removed after the specified time
  • Important: We can’t refund credits you used after notes are deleted
  • This removes everything: audio, transcripts, summaries

Available Options

  • Never: Keep notes indefinitely (default)
  • 7 days: Weekly cleanup cycle
  • 30 days: Monthly cleanup cycle
  • 90 days: Quarterly retention
  • 180 days: Semi-annual retention
  • 365 days: Annual retention
Enterprise features: Advanced retention policies, legal holds, and compliance controls.

Additional Security Features

Sensitive Information Masking

Automatically find and hide sensitive information like:
  • Credit card numbers
  • Social Security numbers
  • Phone numbers
  • Email addresses
  • Custom patterns you set up

Access Controls

Workspace-level security settings:
  • Default note permissions (Private, Workspace, Public)
  • Member note visibility controls
  • Team-based access management
  • Integration permission management

Data Encryption

Enterprise-grade security measures:
  • Encryption in transit (TLS)
  • Encryption at rest (AES-256)
  • Secure authentication protocols
  • Regular security audits

Data Rights

Access Your Data

  • Download your notes in multiple formats
  • Export audio files and transcripts
  • Access all metadata and timestamps

Delete Your Data

  • Delete individual notes at any time
  • Request complete account deletion
  • Remove data from third-party integrations
  • Automatic cleanup after account deletion

Data Portability

  • Export data in standard formats (JSON, CSV, etc.)
  • Migrate to other platforms easily
  • No vendor lock-in policies

Compliance & Certifications

Standards we follow:
  • SOC 2 Type II compliance (in progress)
  • GDPR compliance for EU users
  • CCPA compliance for California users
  • Regular third-party security assessments

Best Practices

Optimize your privacy settings:
  • Review audio storage settings for each meeting type
  • Use local storage for sensitive discussions
  • Set up auto-delete for compliance requirements
  • Regularly review sharing permissions
  • Enable sensitive information masking
For teams:
  • Establish workspace privacy policies
  • Train team members on data handling
  • Use appropriate storage options for different meeting types
  • Regular access control reviews

FAQs

No, Caret does not use your data for AI learning. This is a firm policy across all our services. Your meeting data remains private and is only used to provide you with transcription and summary services.
By default, audio is uploaded to Caret servers with enterprise-grade encryption. You can change this in Settings → Security → Audio Storage Location to store locally or not at all.
Yes, you can delete individual notes, set up auto-deletion policies, or request complete account deletion. Once deleted, data cannot be recovered and used credits are not refunded.
Your data remains accessible during your account lifecycle. If you delete your account, all data is permanently removed from our systems within 30 days.
Our system automatically detects patterns like credit card numbers, SSNs, and phone numbers in transcripts and replaces them with masked characters (e.g., ”--****-1234”).
Yes, Enterprise users can connect their own Amazon S3 or S3-compatible storage. This gives you complete control over where your audio data is stored.
We use OpenAI for AI processing with your explicit consent. For integrations you enable (Slack, Notion, etc.), data is shared only as needed for those specific functions.

Contact Us

Questions about privacy:

What’s next