Privacy Policy

How Lupit Meetings collects, uses, and protects your data.

Last updated: May 1, 2026

1. Information We Collect

Lupit Meetings ("Lupit", "we", "our", "us") collects the following data when you use our Chrome extension:

Meeting Audio and Video: We record the browser tab audio and screen content of Google Meet calls you choose to capture.

Transcripts: Speech-to-text conversion of captured meeting audio.

Meeting Metadata: Meeting title, URL, participants (derived from Meet UI), and timestamps.

Account Information: Email address and authentication tokens when you create a Lupit account.

Usage Data: Extension interaction events (start/stop recording, settings changes) for product improvement.

2. How We Use Your Data

To provide the core service: capturing, transcribing, and summarizing your meetings.

To store and display your meeting history in your personal dashboard at meetings.lupit.io.

To generate AI-powered summaries, chapters, and action items.

To improve our transcription accuracy and product experience.

To comply with legal obligations.

We do not sell your data. We do not use your meeting content to train AI models without explicit opt-in consent.

3. Data Storage and Retention

Meeting recordings and transcripts are stored on Google Cloud Storage in the southamerica-east1 region (São Paulo, Brazil).

You control retention: delete any meeting at any time, and it is permanently removed within 30 days.

Free tier: recordings auto-delete after 30 days unless upgraded.

Paid tiers: recordings retained until you delete them or cancel your subscription.

4. Third-Party Services

We use the following third-party services to operate Lupit Meetings. All providers are bound by data processing agreements and equivalent security standards.

ServicePurposeData Shared
Google Cloud Platform (GCS, STT)Storage, speech-to-textAudio recordings, transcripts
OpenAI / AnthropicAI summary generationMeeting transcripts (anonymized)
VercelWeb hostingNone (static hosting)
NeonDatabase hostingAccount info, meeting metadata

5. LGPD / GDPR Compliance

Lupit Meetings is built and operated in Brazil. We comply with:

LGPD (Lei Geral de Proteção de Dados — Lei nº 13.709/2018)

GDPR (General Data Protection Regulation — EU 2016/679)

Your rights include:

Access: Request a copy of your data.

Rectification: Correct inaccurate data.

Deletion: Delete your account and all associated data.

Portability: Export your meeting data in standard formats.

Consent withdrawal: Stop recording at any time; revoke consent via account settings.

To exercise any of these rights, contact us at privacy@lupit.io.

6. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Authentication uses JWT with short-lived access tokens and refresh token rotation.

Access to recordings is scoped to the authenticated user only.

We conduct regular security audits and vulnerability assessments.

7. Chrome Extension Permissions

Our extension requests the following permissions for the stated purposes:

PermissionWhy We Need It
tabsDetect when you're on a Google Meet page
activeTabAccess the current tab for capture
tabCaptureRecord tab audio and video
storageStore auth tokens and preferences locally
identityAuthenticate with your Lupit account
scriptingInject transcript sidebar into Meet pages
sidePanelShow the transcript sidebar UI
meet.google.comOnly operate on Google Meet pages

8. Cookies

The Lupit web dashboard (meetings.lupit.io) uses essential cookies for authentication (JWT stored in httpOnly cookies). No tracking or advertising cookies are used.

9. Children's Privacy

Lupit Meetings is not intended for use by individuals under 13 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We will notify users of material changes via email and an in-extension notice at least 14 days before changes take effect.

11. Contact

Lupit Tecnologia Ltda.

Email: privacy@lupit.io

Website: https://meetings.lupit.io

Data Protection Officer: dpo@lupit.io