Privacy Policy
How Lupit Meetings collects, uses, and protects your data.
Last updated: May 1, 2026
1. Information We Collect
Lupit Meetings ("Lupit", "we", "our", "us") collects the following data when you use our Chrome extension:
Meeting Audio and Video: We record the browser tab audio and screen content of Google Meet calls you choose to capture.
Transcripts: Speech-to-text conversion of captured meeting audio.
Meeting Metadata: Meeting title, URL, participants (derived from Meet UI), and timestamps.
Account Information: Email address and authentication tokens when you create a Lupit account.
Usage Data: Extension interaction events (start/stop recording, settings changes) for product improvement.
2. How We Use Your Data
To provide the core service: capturing, transcribing, and summarizing your meetings.
To store and display your meeting history in your personal dashboard at meetings.lupit.io.
To generate AI-powered summaries, chapters, and action items.
To improve our transcription accuracy and product experience.
To comply with legal obligations.
We do not sell your data. We do not use your meeting content to train AI models without explicit opt-in consent.
3. Data Storage and Retention
Meeting recordings and transcripts are stored on Google Cloud Storage in the southamerica-east1 region (São Paulo, Brazil).
You control retention: delete any meeting at any time, and it is permanently removed within 30 days.
Free tier: recordings auto-delete after 30 days unless upgraded.
Paid tiers: recordings retained until you delete them or cancel your subscription.
4. Third-Party Services
We use the following third-party services to operate Lupit Meetings. All providers are bound by data processing agreements and equivalent security standards.
| Service | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform (GCS, STT) | Storage, speech-to-text | Audio recordings, transcripts |
| OpenAI / Anthropic | AI summary generation | Meeting transcripts (anonymized) |
| Vercel | Web hosting | None (static hosting) |
| Neon | Database hosting | Account info, meeting metadata |
5. LGPD / GDPR Compliance
Lupit Meetings is built and operated in Brazil. We comply with:
LGPD (Lei Geral de Proteção de Dados — Lei nº 13.709/2018)
GDPR (General Data Protection Regulation — EU 2016/679)
Your rights include:
Access: Request a copy of your data.
Rectification: Correct inaccurate data.
Deletion: Delete your account and all associated data.
Portability: Export your meeting data in standard formats.
Consent withdrawal: Stop recording at any time; revoke consent via account settings.
To exercise any of these rights, contact us at privacy@lupit.io.
6. Data Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Authentication uses JWT with short-lived access tokens and refresh token rotation.
Access to recordings is scoped to the authenticated user only.
We conduct regular security audits and vulnerability assessments.
7. Chrome Extension Permissions
Our extension requests the following permissions for the stated purposes:
| Permission | Why We Need It |
|---|---|
| tabs | Detect when you're on a Google Meet page |
| activeTab | Access the current tab for capture |
| tabCapture | Record tab audio and video |
| storage | Store auth tokens and preferences locally |
| identity | Authenticate with your Lupit account |
| scripting | Inject transcript sidebar into Meet pages |
| sidePanel | Show the transcript sidebar UI |
| meet.google.com | Only operate on Google Meet pages |
9. Children's Privacy
Lupit Meetings is not intended for use by individuals under 13 years of age. We do not knowingly collect data from children.
10. Changes to This Policy
We will notify users of material changes via email and an in-extension notice at least 14 days before changes take effect.
11. Contact
Lupit Tecnologia Ltda.
Email: privacy@lupit.io
Website: https://meetings.lupit.io
Data Protection Officer: dpo@lupit.io