Privacy Policy

Speklo (“the App,” “we,” “us,” or “our”) is operated by Janko Tomsic s.p. This Privacy Policy describes how Speklo collects, uses, stores, and protects your information when you use our desktop application for meeting transcription, speaker matching, and AI-powered summaries.

By using Speklo, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Google Account Information

When you connect your Google account to Speklo via OAuth 2.0, we request the following scopes:

• openid — To verify your identity
• email — To retrieve your email address
• profile — To retrieve your name and profile picture
• https://www.googleapis.com/auth/calendar.readonly — To read your Google Calendar events (read-only access)

From your Google account, we receive and store locally on your device:

• Your email address
• Your display name
• Your profile picture URL
• Your Google user identifier

1.2 Google Calendar Data

With your explicit consent via the OAuth flow, Speklo accesses your Google Calendar in read-only mode. We do not create, modify, or delete any events in your calendar. The calendar data we access includes:

• Event titles (summary)
• Event start and end times
• Event attendee names, email addresses, and response statuses
• Event organizer name and email address
• Event descriptions
• Event locations
• Google Meet and conference call links
• Recurring event identifiers and recurrence patterns
• Event color and status

This data is stored locally on your device to match calendar events with meeting recordings and to pre-fill attendee information.

1.3 Locally Generated Data

Through your use of the App, the following data is created and stored locally on your device:

• Audio recordings — Captured from your microphone and system audio, or imported from audio files (MP3, WAV, M4A, FLAC, OGG, AAC, WMA)
• Transcripts — Generated from audio recordings via your chosen transcription service
• AI-generated summaries — Created using your configured AI service and API key
• Custom cross-meeting summaries — Synthesized from multiple meeting transcripts
• Voice embeddings — 256-dimensional numerical vectors used for speaker identification, generated from audio segments
• Speaker profiles — Associated voice data, sample counts, and confidence scores for speaker matching
• Speaker correction feedback — Your corrections when the App incorrectly identifies a speaker
• Vector embeddings — 1536-dimensional vectors used for semantic search across your meeting content
• Chat conversations — Your questions and AI-generated answers in the meeting chat feature
• Focus Board content — Kanban cards, tags, assignee assignments, attached images, source links, and AI-generated specifications
• Meeting notes — Notes you add to meetings
• Projects and categories — Organizational labels you create

1.4 API Keys You Provide

Speklo operates on a Bring Your Own Key (BYOK) model. You provide your own API keys for third-party services:

• Anthropic (Claude) — For AI summaries, chat, focus board features, and specification generation
• OpenAI — For text embeddings, query analysis, and optional AI features
• Google (Gemini) — For optional AI features
• AssemblyAI — For cloud-based audio transcription (optional; a local transcription alternative is available)

Your API keys are encrypted using your operating system's native secure storage:

• macOS: Keychain Access
• Windows: Data Protection API (DPAPI)
• Linux: kwallet or gnome-libsecret

Your API keys are never transmitted to Speklo or any party other than the respective API service when you use the App's features.

1.5 Automatically Collected Data

Error reports (Sentry): In production builds only, the App sends anonymous error reports to Sentry (a third-party error tracking service) when crashes or exceptions occur. These reports contain:

• Exception stack traces (technical debugging information)
• App version number
• Operating system name and version
• CPU architecture (e.g., arm64, x64)
• Electron framework version

Error reports do not include your name, email address, meeting content, transcripts, summaries, or any other personally identifiable information.

Auto-update checks: The App periodically checks downloads.speklo.com for available updates. These requests contain only the current App version. No user-identifiable data is transmitted during update checks.

2. How We Use Your Information

2.1 Google User Data

We use the Google account information and calendar data we access exclusively to:

• Display your name, email, and profile picture within the App
• Retrieve and display your upcoming and recent calendar events
• Match calendar events with meeting recordings based on timing and attendees
• Pre-fill attendee lists for meetings using calendar event participant data
• Display attendee names and avatars in the meetings interface

We do not use your Google user data to:

• Serve or target advertisements
• Conduct market research or profiling
• Sell or transfer data to third parties
• Train artificial intelligence or machine learning models
• Send you marketing communications

2.2 Locally Stored Data

All locally generated data is used exclusively to provide the App's core features:

• Transcription — Converting audio recordings to text
• Summarization — Generating AI-powered meeting summaries
• Speaker identification — Matching voice segments to known attendees
• Semantic search — Searching across your meeting history using natural language
• Task management — Extracting action items into the Focus Board
• Chat — Answering your questions about your meetings using retrieval-augmented generation

3. Data Storage and Security

3.1 Local-First Architecture

All your data is stored locally on your device. Speklo does not operate remote servers that store your data. Your data resides in:

• SQLite database: Contains meeting metadata, transcripts, summaries, speaker profiles, chat history, focus board content, calendar events, and attendee information
  • macOS: ~/Library/Application Support/Speklo/desktop.db
  • Windows: %APPDATA%/Speklo/desktop.db
  • Linux: ~/.config/Speklo/desktop.db
• LanceDB: Contains vector embeddings for semantic search, stored in the same user data directory
• Audio files: Stored in your configured local directory
• Focus Board images: Stored in the user data directory under ticket-img/

3.2 Encryption and Security Measures

• OAuth tokens are encrypted using the Electron safeStorage API, which delegates to your operating system's native keychain (macOS Keychain, Windows DPAPI, Linux kwallet/gnome-libsecret)
• API keys are encrypted using the same OS-level encryption before being stored in the local database
• Context isolation is enabled in the App's architecture, preventing the user interface from directly accessing system-level functions
• Node.js integration is disabled in the renderer process, providing an additional security boundary

3.3 No Remote Data Storage

Speklo does not maintain servers that store your personal data, meeting recordings, transcripts, summaries, or any other user content. Your data lives on your device and under your control.

4. Third-Party Services

4.1 Services Accessed With Your API Keys (BYOK)

When you use features that require AI processing, Speklo sends data to third-party services using the API keys you provide. You establish a direct relationship with these service providers by obtaining and using your own API keys:

Each service's processing of your data is governed by their respective privacy policies:

• AssemblyAI Privacy Policy
• OpenAI Privacy Policy
• Anthropic Privacy Policy
• Google Cloud Privacy Policy

You control which services are used by choosing which API keys to provide. If you do not provide an API key for a service, no data is sent to that service.

4.2 Google Calendar API

Speklo accesses your Google Calendar using OAuth 2.0 with the PKCE (Proof Key for Code Exchange) protocol. The OAuth flow opens your system's default browser for authentication — Speklo never sees or handles your Google password.

• Access is read-only (calendar.readonly scope)
• No data is written to your Google Calendar
• When you disconnect your Google account in the App's settings, your OAuth tokens are revoked at Google's servers and deleted from local storage

4.3 Sentry (Error Reporting)

Production builds of Speklo use Sentry for error monitoring. Only technical diagnostic data is collected (see Section 1.5). No personal data, meeting content, or user-identifiable information is included in error reports. Sentry's privacy practices are governed by the Sentry Privacy Policy.

4.4 Auto-Update Server

The App checks downloads.speklo.com for available updates. These checks transmit only the current App version number. No user-identifiable information is sent.

5. Google API Services Limited Use Disclosure

Speklo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Speklo:

1. Only uses Google user data to provide and improve user-facing features that are prominent in the App's user interface (calendar event display, attendee matching, meeting scheduling context)
2. Does not transfer Google user data to third parties, except as necessary to provide the App's user-facing features, to comply with applicable laws, or as part of a merger, acquisition, or asset sale (with prior user consent)
3. Does not use Google user data for advertising purposes, including retargeting, personalized advertising, or interest-based advertising
4. Does not use Google user data to train artificial intelligence or machine learning models other than personalized models used solely to provide features to the specific user
5. Does not sell Google user data to any party, under any circumstances
6. Allows users to revoke access at any time via the App's settings or through the Google Account permissions page

6. Data Sharing

• We do not sell your personal data or meeting content to any third party
• We do not share your data with third parties for their own marketing or business purposes
• We do not use your data for advertising, profiling, or market research
• When you use BYOK API services (Section 4.1), you are sending your data directly to those services under your own API key and their privacy policies. Speklo facilitates this connection but does not independently share your data with these providers
• Anonymous technical error reports are sent to Sentry (Section 4.3) for the sole purpose of improving App stability

7. Data Retention and Deletion

Since all data is stored locally on your device, you maintain full control over data retention:

When you disconnect your Google account:

1. Your OAuth access and refresh tokens are revoked at Google's servers
2. Your encrypted tokens are deleted from the local database
3. Previously synced calendar events remain in the local database until you delete them manually

We do not retain any of your data on remote servers. There is no server-side data to delete.

8. Your Rights

Because Speklo stores all data locally on your device, you inherently maintain full control over your data:

• Access: All your data is visible and accessible within the App's user interface. The underlying SQLite database is a standard format that can be opened with any SQLite-compatible tool
• Modification: You can edit transcripts, summaries, meeting details, speaker profiles, and focus board content directly within the App
• Deletion: You can delete any data through the App's interface (see Section 7) or by directly removing the database file
• Portability: Meeting summaries can be copied as text. The SQLite database is a portable, standard format
• Revocation: You can disconnect your Google account or delete API keys at any time through the App's settings
• Restriction: You can choose not to connect Google Calendar or not to provide specific API keys, limiting data collection and processing accordingly

Rights Under GDPR (European Economic Area)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Because Speklo's local-first architecture means all personal data is stored exclusively on your device, you exercise these rights directly by managing your data through the App or your device's file system.

The legal basis for processing your data is your consent (provided when you connect your Google account or use App features) and legitimate interest (providing the App's core functionality).

For any GDPR-related inquiries, contact us at hello@speklo.com.

9. Children's Privacy

Speklo is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has used the App, please contact us at hello@speklo.com.

10. International Users

Your data is stored locally on your device regardless of your geographic location. When you use third-party API services (Section 4.1), your data may be processed in locations determined by those service providers, which may include countries outside your jurisdiction. Please review the respective service provider's privacy policy for information about their data processing locations.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App's functionality or applicable laws. When we make material changes:

• The updated policy will be posted at speklo.com/privacy
• The “Last Updated” date at the top of this policy will be revised
• Material changes will be communicated through App update release notes

Your continued use of Speklo after changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

• Email: hello@speklo.com
• Website: speklo.com
• Operator: Janko Tomsic s.p.