Privacy

What we collect

• Account information. Your name and email when you sign up, plus an OAuth ID if you sign in with Google.
• Meeting audio. Streamed from your device to our transcription provider in short chunks. We don't write the audio to disk. As soon as a chunk has been converted to text, the audio bytes are gone.
• Transcripts and summaries. The text output of transcription, plus the rolling summaries Canary generates. Stored encrypted at rest in our database.
• Usage analytics. Event-level product analytics (which buttons were clicked, which screens were used). In our apps these events are sent to our own first-party backend; on the marketing site we additionally use PostHog and Microsoft Clarity session replay / heatmaps. All can be disabled in Settings → Privacy.
• Attribution data. If you arrived via an ad or campaign link, we record the UTM parameters and ad-platform click IDs (fbclid, gclid, ttclid, li_fat_id) so we know which channels work. Stored in a first-party cookie on askcanary.com for 30 days.
• Billing data. On web and macOS, handled entirely by Stripe — we see your subscription status and the last four digits of your card, never full card numbers. On iOS, billing runs through the Apple App Store and we receive only your subscription status and an anonymous transaction identifier.

What we don't collect

• Raw audio after it's been transcribed. The bytes are not persisted.
• Microphone or system audio when you don't have an active meeting session running.
• Content from anyone other than the signed-in account holder. Canary captures from your machine; meeting participants aren't tracked, identified, or persisted as users.
• Anything else "in the background" — Canary is not always-on telemetry. Capture only happens when you (or a calendar-triggered auto-start you opted in to) press Start Listening.

Third-party processors

Canary is a small team, so most of the heavy lifting runs on services purpose-built for it. Here's the full list of who gets what:

• Deepgram — real-time speech-to-text. Receives audio chunks from your meeting and returns transcript text. Their data handling and retention policies are documented at deepgram.com/privacy.
• OpenAI — large language model (the default summarizer) for generating rolling summaries, action items, and meeting titles. Receives chunks of transcript text. We use the API tier, which is not used to train their models; details at openai.com/policies/privacy-policy.
• Anthropic — alternate large language model, used when a Claude model is selected for summarization. Receives chunks of transcript text. Default API retention is 30 days; details at anthropic.com/legal/privacy.
• Stripe — billing and subscription management for web and macOS. PCI-DSS certified. They handle card data so we don't have to.
• Apple — billing for iOS subscriptions purchased through the App Store. Apple processes the payment and shares only subscription status (active/expired) and an anonymous transaction identifier with us; we never see your payment details.
• Google — sign-in (OpenID Connect) and Calendar API (read-only scope to detect upcoming meetings). We request userinfo.email, userinfo.profile, and calendar.readonly. Nothing more.
• Postmark — transactional email (sign-up confirmations, password resets, billing receipts).
• PostHog — product analytics. Self-hostable, but we use their US-hosted instance. Disable any time in Settings → Privacy.
• Microsoft Clarity — session replay and heatmaps on the marketing site and in-app pages where helpful. Disable any time in Settings → Privacy.

Retention

• Free tier: transcripts and summaries are purged 7 days after the meeting ends. After that they're gone — no backup tape recovery.
• Pro tier: transcripts and summaries are retained indefinitely so you can reference past meetings. You can delete individual meetings or wipe everything from Settings → Account.
• Audio capture log: a metadata-only record of when capture started/stopped (timestamps, duration, meeting title if available) is kept for 30 days. This is so you can audit what Canary did on your behalf. No audio content is in this log.
• Account deletion: permanent. We delete account data within 30 days of a deletion request, including from backups on the next backup-rotation cycle. This satisfies the GDPR "right to erasure" (Article 17) and the CCPA "right to delete" (§1798.105).

Your rights

You have the following rights regardless of where you live, and we're happy to extend them globally even though some are only legally required in specific jurisdictions:

• Access. Download a complete copy of your data — transcripts, summaries, account profile — from Settings → Account → Download your data (link coming with the next desktop release).
• Correction. Update your account info from Settings → Account.
• Deletion. Delete your account from Settings → Account → Delete account. This is irreversible.
• Portability. The data export is JSON — open format, no lock-in.
• Objection. Email marcus@askcanary.com and we'll address it. We're small enough that a human will read your message.

Children

Canary is not directed at children under 13. We don't knowingly collect personal information from anyone under 13. If you're a parent or guardian and you believe your child has signed up, email marcus@askcanary.com and we'll delete the account.

International data transfers

Canary's infrastructure runs primarily in AWS us-east-1 (Virginia, USA). If you're in the EU/EEA or UK, your data crosses borders to be processed; we rely on the Standard Contractual Clauses approved by the European Commission as the legal basis. We are not yet large enough to offer self-service Data Subject Access Request tooling — for now, requests via marcus@askcanary.com are handled manually within 30 days.

Changes to this policy

If we materially change this policy, we'll notify you in the app and via email at least 14 days before changes take effect. Non-material changes (a typo, a clearer wording) we'll just update with a new "Last updated" date.

Contact

Privacy questions, requests, or concerns: marcus@askcanary.com. We aim to respond within two business days.