Uninote

Privacy Policy

Handling of Personal Information

Effective date: October 1, 2016 Last revised: February 4, 2025

Widsley Inc. (hereinafter "we" or "our company") operates a system development business. Regarding the protection of personal information we handle, we fully recognize our social responsibility, protect the rights and interests of the individuals concerned, and comply with laws, regulations, and other rules on personal information. To realize the policy set out below, we have established a personal information protection management system, and we declare here that the entire company will work on its continuous improvement, always staying aware of the latest IT technology trends, changes in social demands, and shifts in the business environment.

  1. Regarding personal information handled in our business and in the employment and HR management of our employees, we will appropriately acquire, use, and provide personal information only within the scope of the purposes specified in advance. We will not handle personal information beyond the scope necessary to achieve the stated purposes (use outside the purpose), and we will implement appropriate measures to that end.
  2. We comply with laws and ordinances, national guidelines, and other norms relating to the handling of personal information.
  3. Against risks such as unauthorized access to personal information or leakage, loss, or damage of personal information, we will take reasonable safety measures, invest management resources aligned with the realities of our business, and continuously improve the security posture for personal information. We will also establish internal rules that correct inappropriate matters and protect personal information in the best possible condition.
  4. We will establish internal rules for responding to complaints and consultations regarding the handling of personal information, and we will respond to such complaints and consultations promptly and sincerely.
  5. Given changes in the environment surrounding our company, we will review the personal information protection management system in a timely and appropriate manner and continuously promote its improvement. This Policy will be distributed to all officers and employees to ensure full awareness, and we will take measures to make it available to anyone at any time.

This Policy will be distributed to all officers and employees to ensure full awareness, and we will take measures to make it available to anyone at any time.

Widsley Inc., Representative Director, Hirotaka Takahashi

Widsley Inc., Personal Information Inquiry Desk Email: support@uninote.ai

In order to better protect our customers' personal information and to comply with changes in laws and regulations, we may revise the "Privacy Policy" and "Handling of Personal Information."

Handling of Personal Information

1. Name of the operator

Widsley Inc.

VORT Ebisu Maxim, 3-9-19 Higashi, Shibuya-ku, Tokyo

Representative Director, Hirotaka Takahashi

2. Name or title, department, and contact of the personal information protection manager (or their representative)

Personal Information Protection Manager, Head of Management Headquarters

Email: support@uninote.ai

3. Purposes of use of personal information handled by us

  1. Personal information of our business partners and contractors
    • For contact, cooperation, negotiation, and contract performance related to each of our businesses
  2. Personal information of those who have made inquiries
    • For responding to inquiries concerning each of our businesses
  3. Purposes of use of employee personal information
    • For HR management and related purposes
  4. Purposes of use of personal information of recruitment applicants
    • For recruitment screening
    • For communications related to recruitment screening procedures and their results
    • For communications related to pre-employment procedures and other procedures
  5. Purposes of use of personal information handled in the Comdesk business
    • To provide Comdesk services (issuing user accounts, entering and managing customer data, lending mobile devices, etc.)
    • For administrative communications and responses to inquiries

4. Safety management for personal information protection

We establish internal rules for protecting the personal information we obtain, ensure that all employees are aware of and educated on these rules, and regularly audit compliance. We also work to maintain and improve the safety management measures necessary to protect the personal information we obtain. For detailed questions about safety management measures, please contact our inquiry desk.

  1. Establishment of basic policy
    • We have established a basic policy to ensure the appropriate handling of personal data.
  2. Development of rules relating to the handling of personal data
    • To prevent leakage of personal data and manage its safety, we have established rules for handling personal data.
  3. Organizational safety management measures
    • We appoint personnel responsible for the handling of personal data and have in place a reporting structure for reporting actual or potential violations of laws or rules to the responsible personnel.
    • We clarify the scope of employees who handle personal data and the personal data they handle.
    • We regularly conduct self-inspections and receive reviews from external parties to verify the handling status of personal data.
    • We monitor and review the handling status of personal data and work to improve our personal information protection framework.
  4. Human safety management measures
    • We raise awareness of the importance of personal information protection in handling personal data and conduct periodic training.
    • We obtain confidentiality agreements from employees who handle personal data.
  5. Physical safety management measures
    • We manage the entry and exit of employees and visitors in areas that handle personal data.
    • We establish measures for the use, storage, and disposal of equipment, documents, and electronic media that handle personal data, and take measures to prevent theft or loss.
  6. Technical safety management measures
    • We implement access controls to limit the personnel and the scope of personal information databases involved.
    • We identify and authenticate employees who use information systems that handle personal data.
    • We have introduced mechanisms to protect information systems that handle personal data from unauthorized external access and malicious software.
  7. Awareness of the external environment
    • Regarding the handling of personal information in foreign countries, we implement the above safety management measures after understanding the personal information protection systems in the relevant foreign countries.

5. Complaints and consultations

For inquiries, complaints, and consultations regarding the handling of personal information, please contact the "Personal Information Inquiry Desk" in Section 7 below.

6. Procedures for responding to disclosure requests, etc.

  1. Requests for disclosure, etc., related to retained personal data or third-party provision records

    When the individual makes a request to "notify the purpose of use," "disclose," "correct," "add or delete," or "suspend use or third-party provision" (collectively, "disclosure, etc.") with respect to retained personal data or third-party provision records held by us, please contact the "Personal Information Inquiry Desk" in Section 7 below.

  2. Regarding our "retained personal data"

    • Personal information of customers obtained through each of our businesses *Note: The "customer data" handled by users of the Comdesk business is not retained personal data, and we cannot respond to disclosure requests for it.
    • Personal information of business partners
    • Personal information relating to the employment management of all our employees
    • Personal information of applicants wishing to join our company
    • Personal information of those who have made inquiries

  3. Where to submit disclosure requests

    Please submit requests for disclosure, etc., to the "Personal Information Inquiry Desk" in Section 7 below. When requesting disclosure, etc., of retained personal data or third-party provision records, please fill in the required information on the form we specify and submit it.

  4. Identity verification

    We will verify identity when responding to disclosure requests. In some cases, we may ask you to mail a copy of an official identification document for verification, so please be aware. *For representatives, a power of attorney must be submitted for verification. When using a representative, copies of the official identification documents of both the individual and the representative must be submitted. *For the statutory representative of a minor or an adult ward, we will verify representation authority based on documents proving legal representation.

  5. Fees

    A fee of up to 1,000 yen will be charged for disclosure requests (requests for "notification of purpose of use" or "disclosure"). If it is clear that this amount will be exceeded, we will contact you separately.

7. Inquiries, complaints, and consultations regarding the handling of personal information

Our "Inquiry Desk" can be contacted as follows: Widsley Inc., Personal Information Inquiry Desk Email: support@uninote.ai

8. Authorized personal information protection organization

Name of the authorized personal information protection organization and contact for complaint resolution Name: Japan Institute for Promotion of Digital Economy and Community (JIPDEC) Contact for complaint resolution: Authorized Personal Information Protection Organization Office [Address] Roppongi First Building, 1-9-9 Roppongi, Minato-ku, Tokyo 106-0032, Japan [Phone] 03-5860-7565 / 0120-700-779

Personal Data Handling for Uninote AI (Zoom / Google Integration)

Effective Date: June 2, 2026 — Version: 3.0

This section sets out how we collect, use, store, and protect personal information when you use Uninote AI's Zoom and Google integration services. It supplements the personal information protection policy above, and prevails with respect to the use of the Zoom and Google integration services.

A. Google User Data Policy

Google User Data

Uninote's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data We Access from Google

When you sign in with Google and grant the requested permissions, Uninote accesses the following data via Google APIs:

Basic profile information (openid, userinfo.profile) Your Google account ID, display name, profile picture URL, and locale. This information is used solely to create and identify your Uninote account.

Email address (userinfo.email) Your primary Google email address. This is used as your unique account identifier and to send service-related notifications (e.g., recording-ready emails).

Google Calendar events (calendar.events.readonly) Event titles, start and end times, organizer and attendee email addresses, conferencing links (Google Meet URLs), and event descriptions for calendars you choose to connect.

We do not access Gmail, Google Drive, Contacts, Photos, or any other Google services.

How We Use Google User Data

Account creation and authentication Profile and email data are used to create your Uninote account, authenticate you on subsequent sign-ins, and personalize the application interface.

Meeting discovery and recording dispatch Calendar event data is used to display your upcoming meetings inside Uninote and to automatically dispatch a recording bot to scheduled Google Meet meetings you have opted to record.

Service notifications Your email address is used to send essential system-related and transactional communications necessary for operating the service such as:

  • Meeting permission access updates
  • Storage usage alerts
  • Meeting access permission updates
  • Billing and subscription notifications

We do not use Google user data for:

  • Advertising or marketing purposes
  • Training, evaluating, or improving generalized or non-personalized AI or machine learning models
  • Selling to or sharing with data brokers
  • Determining creditworthiness or lending purposes

How We Share Google User Data

Uninote shares Google user data only with the following categories of service providers, and only to the minimum extent necessary to operate the service:

  • Cloud infrastructure – Amazon Web Services (AWS) for storage, compute, and database hosting in Tokyo (ap-northeast-1).
  • Transcription provider – Audio captured from meetings you record is sent to our transcription provider to generate transcripts. Calendar metadata is not shared with this provider.
  • Large language model (LLM) provider – Generated transcripts are sent to our LLM provider to produce summaries and AI insights at your request. Calendar metadata is not shared with this provider.
  • Email delivery provider – Transactional emails are sent via a third-party email delivery service.

We do not sell Google user data and do not share it with advertisers or data brokers.

How We Store and Protect Google User Data

  • All Google user data is encrypted at rest using AWS-managed encryption keys (AES-256 via AWS KMS).
  • All data in transit is encrypted using TLS 1.2 or higher.
  • Access to production systems is restricted to authorized Uninote personnel using multi-factor authentication and is audited.
  • OAuth refresh tokens are stored in encrypted form and are never exposed to the client.
  • Uninote applies the principle of least privilege across application, database, and infrastructure layers.

Data Retention and Deletion

Profile and email data Are retained for the lifetime of your Uninote account.

Calendar event data Is cached only as long as necessary to display upcoming meetings and dispatch recording bots, and is periodically refreshed from Google APIs.

Account deletion You may delete your Uninote account at any time from the in-app account settings page. Upon account deletion, all Google user data associated with your account, including OAuth tokens, cached calendar data, and profile data, will be permanently deleted from our production systems within 30 days. Backups are purged according to the standard backup rotation schedule (within 90 days).

Revoking access You may revoke Uninote's access to your Google account at any time through Google Account Permissions. Revocation immediately stops any further access to your Google data.

Data deletion requests To request deletion of your data outside of the in-app flow, contact us at support@uninote.ai. We respond to verified requests within 30 days.

Contact

Questions about how Uninote handles Google user data may be sent to: support@uninote.ai

B. Uninote AI Zoom Integration Privacy Policy

Effective Date: June 2, 2026 — Version: 3.0 — Company: Widsley Inc.

1. Introduction

Widsley Inc. ("we", "our", "us") operates Uninote AI, a meeting recording and transcription platform. This Privacy Policy describes how we collect, use, store, and protect your information when you use our Zoom integration through Zoom Marketplace.

We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws including Japan's Act on the Protection of Personal Information (APPI) and GDPR where applicable.

2. Information We Collect

2.1 Zoom Account Information

When you authorize the Uninote AI Zoom integration, we receive:

  • Zoom User Profile: Name, email address, Zoom user ID.
  • OAuth Tokens: Access and refresh tokens for API authentication (stored securely, never shared).
2.2 Meeting Data

When the Uninote AI bot joins your Zoom meetings, we collect:

  • Audio/Video Recording: The meeting's audio and video content recorded by our bot participant.
  • Meeting Metadata: Meeting ID, date, time, duration, and meeting title.
  • Participant Information: Names and identifiers of meeting participants (as displayed in Zoom).
2.3 Processed Data

From the collected meeting data, we generate:

  • Transcriptions: Text transcriptions with speaker identification and timestamps.
  • AI Summaries: Automated meeting summaries, action items, and key discussion points.
  • Thumbnails: Screenshot images from the meeting recording.
2.4 Account and Usage Data
  • Uninote AI Account Information: Name, email, organization, subscription plan.
  • Usage Data: Feature usage, meeting counts, storage usage (for billing and service improvement).

3. How We Use Your Information

We use your information solely for the following purposes:

Purpose Data Used
Provide recording and transcription services Audio/video, meeting metadata, participant info
Generate AI-powered meeting summaries Transcription text
Associate your Zoom account with Uninote AI Zoom user profile, OAuth tokens
Allow the bot to join your meetings OAuth tokens (ZAK token generation)
Manage your subscription and billing Account info, usage data
Provide customer support Account info, usage data
Improve service quality and reliability Aggregated, anonymized usage data

We do NOT:

  • Sell your personal data or meeting content to third parties.
  • Use your meeting content for advertising purposes.
  • Share your data with third parties except as described in Section 5.
  • Use your meeting recordings to train AI models without explicit consent.

4. Data Storage and Security

4.1 Storage Location

All data is stored on Amazon Web Services (AWS) infrastructure:

  • Region: Asia Pacific (Tokyo) — ap-northeast-1
  • Recordings: Amazon S3 with server-side encryption (AES-256)
  • Database: Amazon RDS PostgreSQL with encryption at rest
  • Transcriptions: Amazon DynamoDB with encryption at rest (migrated to PostgreSQL after meeting ends)
  • OAuth Tokens: Amazon DynamoDB with encryption at rest
4.2 Security Measures

We implement the following security measures:

  • Encryption in Transit: TLS 1.2+ for all data transmission.
  • Encryption at Rest: AES-256 encryption for all stored data.
  • Access Control: Role-based access control (RBAC) for all services.
  • Authentication: JWT-based authentication with AWS Cognito.
  • Infrastructure: Private VPC, security groups, and network ACLs.
  • Monitoring: CloudWatch logging and alerting for security events.
4.3 Data Retention
Plan Storage Data Retention Period Data Viewing Period
FREE 10 GB 6 months 14 days
Lite 200 GB 12 months 90 days
Team 600 GB 24 months 180 days
Business 3 TB Unlimited Unlimited
Pro 10 TB Unlimited Unlimited
Enterprise Custom Unlimited Unlimited

Storage capacity, data retention, and viewing periods vary by plan. For the latest plan details, see the pricing page.

  • Recordings and Transcriptions: Retained according to your plan as shown above. You may delete individual recordings at any time.
  • Account Data: Retained for the duration of your account. Deleted within 30 days upon account closure.
  • OAuth Tokens: Deleted when you deauthorize the Zoom integration.
  • Usage Logs: Retained for up to 365 days for operational purposes.

5. Third-Party Services (Sub-processors)

Service Purpose Data Shared
Amazon Web Services (AWS) Cloud infrastructure, storage, compute All data (encrypted)
Deepgram Speech-to-text transcription Meeting audio (real-time streaming, not stored by Deepgram)
OpenAI AI-powered summary generation Transcription text (processed per OpenAI's data usage policy)
Zoom Meeting platform integration OAuth tokens, bot participation
Google Google Calendar and Google Meet integration Calendar event data (when connected)
Microsoft Outlook and Microsoft Teams integration Calendar event data (when connected)
Stripe Payment processing Billing information (not meeting content)

Each third-party service is bound by their own privacy policies and data processing agreements.

6. Data Sharing

We do NOT share your personal data or meeting content with third parties except:

  • Service Providers: As listed in Section 5, solely for providing the Service.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (with prior notice).
  • With Your Consent: When you explicitly authorize data sharing.

7. Your Rights and Choices

7.1 Access and Export

You may access, view, and export your meeting recordings, transcriptions, and summaries through the Uninote AI platform at any time.

7.2 Deletion

You may delete:

  • Individual meeting recordings and transcriptions through the platform.
  • Your entire account and all associated data by contacting support.
7.3 Deauthorization

You may revoke Uninote AI's access to your Zoom account at any time through Zoom's App Marketplace or the Uninote AI platform settings.

Upon deauthorization:

  • The bot will no longer join your Zoom meetings.
  • Your OAuth tokens are deleted from our systems immediately.
  • Your existing meeting data remains in your Uninote AI account until you delete it.
7.4 Data Portability

You may export your data in standard formats (JSON, CSV) through the Uninote AI platform.

7.5 Rights under GDPR / APPI

You have the right to:

  • Access your personal data held by us.
  • Correct inaccurate or incomplete data.
  • Delete your data ("right to be forgotten").
  • Restrict or object to processing of your data.
  • Port your data to another service.

To exercise these rights, contact us at: support@uninote.ai with subject "Data Rights Request".

8. Zoom-Specific Data Handling

8.1 Compliance with Zoom's API Terms

We comply with Zoom's API License and Terms of Use, including:

  • Only accessing Zoom data necessary for providing the Service.
  • Not storing Zoom data beyond what is necessary.
  • Properly handling deauthorization events (app_deauthorized webhook).
8.2 Deauthorization Compliance

When you deauthorize Uninote AI from Zoom:

  1. We receive an app_deauthorized webhook from Zoom.
  2. We immediately revoke and delete your OAuth tokens.
  3. We send a compliance confirmation to Zoom's Data Compliance API.
  4. Your meeting data in Uninote AI is handled per your account settings.
8.3 Zoom API Scopes

We request only the minimum necessary Zoom API scopes:

  • user:read:user — To retrieve your profile for account association.
  • user:read:token — To retrieve ZAK token for bot meeting access.
  • user:read:zak — To generate ZAK tokens for bot authentication.
  • meeting:read:meeting — To retrieve meeting information.

We do NOT request scopes for writing, modifying, or deleting your Zoom data.

9. Recording Consent

Users are responsible for obtaining explicit consent from all meeting participants before recording. Uninote AI does not verify consent on behalf of users. In jurisdictions that require all-party consent for recording, it is your sole responsibility to comply with applicable laws.

10. Children's Privacy

The Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If we become aware of data collected from a child, we will take steps to delete it promptly.

11. International Data Transfers

Your data is processed and stored in Japan (AWS Tokyo region). If you access the Service from outside Japan, your data will be transferred to and processed in Japan. We ensure appropriate safeguards are in place for international data transfers in compliance with APPI and GDPR requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

  • Email to your registered account address.
  • Notice on the Uninote AI platform.

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For data deletion requests, please include "Data Deletion Request" in the subject line.