Last Updated: 03 May, 2025
At Contented ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered conversation intelligence platform and related services (collectively, the "Services").
By using our Services, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you consent to our collection, use, and sharing of your information as described herein.
This Privacy Policy is incorporated by reference into our Terms of Service. Any terms not defined in this Privacy Policy have the meanings given in our Terms of Service.
What this Privacy Policy Covers
This Privacy Policy covers our treatment of personal information that we gather when you access or use our Services. "Personal Information" means any information that identifies or relates to a particular individual and also includes information referred to as "personally identifiable information" or "personal information" under applicable data protection laws.
This Privacy Policy does not cover the practices of companies we don't own or control, or people we don't manage
Personal Information We Collect
To provide our Services, we collect the following types of information, which are handled by different parts of our secure infrastructure:
User and Account Data:
- Name, email address, company name (optional), job title (optional)
- Phone number and physical address
- Account credentials and authentication information
- Storage Location: Our primary application platform (specifically, AWS).
Conversation Data:
- Conversation Audio Data: The original audio and video recordings you upload or create through our Services.
- Storage Location: Our secure AWS environment.
- Conversation Text Data: Transcripts, chapter summaries, meeting titles, and any identified attendees or entities from your conversations.
- Storage Location: Our primary application platform (specifically, AWS).
Payment Data:
- Billing and payment information, such as payment card details, which are processed securely by our payment partner, Stripe.
Usage and Analytics Data:
- Information about your interaction with our platform, such as features used, button clicks, coarse location (city/country), User and Device IDs, browser type, and performance/crash diagnostics. This data is processed by our analytics partners, such as Mixpanel, Sentry etc.
Communication Data:
- Information in emails, messages, or other communications you send us
- Support requests and customer service interactions
- Survey responses and feedback
Information We Collect Automatically
Technical Information:
- IP address and general location information
- Device type, operating system, and browser information
- Usage data, including pages visited and features used
- Session data and timestamps
- Error logs and performance metrics
Mobile App Data:
- Device identifiers and mobile advertising IDs
- App usage analytics
- Crash reports and diagnostic information
- Audio device information when recording
Information Your Post on the Services
The Services may allow you to post or share information, such as through chat features, forums, or profile information. Information you share in public or semi-public areas of the Services may be visible to others. Please exercise caution when deciding what Personal Information to share in these areas.
How We Use Your Personal Information
Providing and Improving Our Services
- Creating and managing your account
- Processing audio and video recordings
- Generating transcripts, summaries, and insights
- Providing customer support and technical assistance
- Developing new features and functionality
Business Operations
- Processing payments and billing
- Communicating with you about our Services
- Sending service announcements and updates
- Conducting research and analytics
- Ensuring security and preventing fraud
Legal and Compliance
- Complying with legal obligations
- Protecting our rights, property, and safety
- Enforcing our Terms of Service
- Responding to legal requests and preventing harm
Marketing (With Your Consent)
- Sending promotional communications about our Services
- Personalising content and recommendations
- Analysing marketing effectiveness
How We Disclose Your Personal Data
- AI Sub-processors (Transient Processing): Our AI sub-processors process your conversation data to provide their services. They operate under a strict Zero Data Retention (ZDR) policy, enforced by our Business Associate Agreements (BAAs). They receive the data, perform the service, send the result back, and then immediately and permanently delete your data from their systems.
- Contented Platform (Storage): For our platform to be useful, we must store your data beyond the initial processing lifecycle so you can access it later. Specifically:
- Your User Profile Data and text-based Conversation Text Data (transcripts, summaries) are stored within our primary application platform.
- Your raw Conversation Audio Data (the original recording) is stored in our secure AWS environment.
- Other Key-Service Providers: We share data with other partners for specific functions:
- Stripe: For processing payments.
- Mixpanel: For analytics, performance monitoring, and error tracking.
- Sentry, Cloudflare: For security, CDN, and DDoS protection.
- Email Service Providers
- App Partners (Apple)
- Parties You Authorise, Access or Authenticate:
- Organisations through which you access our Services (such as your employer or the entity that purchased your license).
- Third-party services or integrations you connect to your Contented account (CRM systems).
- Other users within your organisation or with whom you share content via the Services.
- Legal Obligations: We may share Personal Data with public authorities, law enforcement, or other third parties if required by law or legal process, or if necessary to protect our rights or the rights of others.
- Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of assets, your Personal Data may be transferred to the acquiring entity.
We are committed to protecting your privacy and will only disclose personal information to third parties when it is necessary and in compliance with relevant laws and regulations. We implement strict contracts and data processing agreements with third parties to ensure that they are only using personal information for the specific purposes outlined by us, and that they are protecting the privacy and security of the personal information they receive.
Data Security
We understand the importance of privacy and security of Personal Data and have made them a priority. We implement and maintain enterprise-grade administrative, physical, and technical safeguards designed to protect your Personal Data from unauthorised access, use, alteration, and disclosure. These measures include:
- Encryption: Data is protected with AES-256 encryption at rest and TLS 1.2/1.3 encryption in transit. End-to-end encryption is applied to sensitive conversation data where applicable.
- Access Controls: We implement Role-Based Access Control (RBAC) and the principle of least privilege to minimise unauthorised access. Strict access controls limit who can view sensitive information.
- Authentication: Multi-Factor Authentication (MFA) is supported (email, authenticator app, biometric). If enabled, biometric verification is required for the mobile app on cold boot and after a period in the background.
- Cloud Security: Our platform is hosted on AWS with redundant data centres (Oregon, US and Sydney, Australia). Cloudflare provides DDoS protection and WAF. S3 buckets are isolated from direct internet access. Network segmentation is used to isolate critical components.
- Zero Data Retention (ZDR): We implement a Zero Data Retention policy with our AI subprocessors for processing customer data, ensuring data is not retained by them after processing or used for training their models.
- Regular Monitoring and Audits: We conduct comprehensive real-time monitoring, access logging, and regular security patches and updates. We are pursuing industry-standard certifications such as SOC 2 Type I and II.
- Secure Development Practices: Security is integrated into our development lifecycle, including peer review of code changes.
You are responsible for maintaining the security of your account credentials.
We employ a layered strategy to secure communications, particularly for accessing sensitive audio files from AWS. This includes generating secure, short-term expiring signed URLs for any download or playback requests, preventing permanent links from being exposed. We support this with referrer validation, user session validation, rate limiting, and active monitoring to prevent unauthorised access.
Data Retention and Deletion
Retention Periods
- Account Information: Retained for as long as your account is active
- Conversation Data: Retained according to your preferences or organisational policies
- Usage Data: Typically retained for up to 2 years for analytics purposes
- Legal Compliance: Some data may be retained longer to comply with legal obligations
Deletion Options
- User-Initiated Deletion: You can delete recordings, transcripts, and other content through your dashboard
- Account Deletion: When you request to delete your account, a process is triggered to permanently purge your User Profile Data and Conversation Text Data from our primary application platform, and your Conversation Audio Data from our AWS environment.
- Automated Deletion: Configure automatic deletion policies for your organisation
- Secure Deletion: All deleted data is permanently removed and cannot be recovered
Temporary Storage (Mobile App)
During offline recording (within the app), files are temporarily stored on your device with encryption until they can be uploaded. Once uploaded, files are immediately removed from your device.
Your Rights and Choices
Access and Control
- Account Access: Review and update your account information
- Data Export: Request a copy of your personal information
- Deletion Rights: Delete specific recordings or request complete data deletion.
- Correction Rights: Update or correct inaccurate information
Communication Preferences
- Marketing Emails: Unsubscribe from promotional communications
- Service Communications: Some service-related communications are necessary for account operation
Mobile App Controls
- Permissions: Manage app permissions for microphone, storage, and other features
- Background Recording: Control when the app can record in the background
International Data Transfers
Contented is based in New Zealand. Your personal information may be transferred to and processed in:
- New Zealand: Our primary operations and data processing
- United States: Through our service providers (Application Platform, AWS, AI providers)
- Australia: For customers in Australia, we comply with Australian Privacy Principles
- Bespoke Server Locations: We have the option for you to choose your own server location
Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Essential Functions: Enable core Service functionality
- Analytics: Understand how you use our Services
- Security: Protect against fraud and unauthorised access
- Preferences: Remember your settings and preferences
You can control cookies through your browser settings, though disabling certain cookies may affect Service functionality.
Third-Party Links and Services
Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
Children's Privacy
Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete that information promptly.
Regional Privacy Rights
Australian Users
If you are located in Australia, you have additional rights under the Australian Privacy Act 1988:
- Access Rights: Request access to your personal information
- Correction Rights: Request correction of inaccurate information
- Complaint Rights: Lodge complaints with the Australian Privacy Commissioner
- Cross-Border Disclosure: We notify you when your information may be disclosed overseas
European Users (GDPR)
If you are located in the European Union, UK, or Switzerland, you have additional rights:
- Data Portability: Request your data in a machine-readable format
- Objection Rights: Object to certain types of processing
- Restriction Rights: Request restriction of processing in certain circumstances
- Withdrawal of Consent: Withdraw consent for consent-based processing
California Users (CCPA)
California residents have specific rights regarding their personal information:
- Right to Know: Request information about data collection and sharing
- Right to Delete: Request deletion of personal information
- Non-Discrimination: We will not discriminate against you for exercising your rights
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending email notifications to registered users
- Providing in-app notifications
Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy.
Contact Information
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
We will respond to your privacy-related requests within 30 days of receipt, or as otherwise required by applicable law.