Privacy Policy
Last updated: [DATE]
This Privacy Policy explains how [Company Legal Name] ("we", "us") collects, uses, and shares information when you use onepizza.io (the "Service"). The data controller is [Company Legal Name], [address]. For privacy questions contact [privacy@onepizza.io].
1. Information we collect
| Category | Examples |
|---|---|
| Account data | Email, hashed password, company affiliation, API keys |
| Meeting metadata | Meeting titles, timestamps, participant display names, join/leave times, peak participants, duration |
| In-meeting content | Chat messages, shared files, notes, polls/Q&A, and recordings you choose to create |
| Billing data | Credit balance and transactions; card details are handled by our payment processor, not stored by us. On-chain (USDC) deposit addresses where applicable |
| Usage & technical | IP address, log/access data, analytics events, approximate device/browser info |
Media (audio/video) in standard meetings is transmitted peer-to-peer (WebRTC) and is not stored by us unless a participant records a meeting.
2. How we use information
To provide and secure the Service; process billing; send transactional email; prevent abuse and enforce our Terms; analyze and improve the Service; and comply with legal obligations. Where required, our legal bases include performance of a contract, legitimate interests, consent, and legal obligation.
3. Sharing & subprocessors
We do not sell personal data. We share data with service providers acting on our behalf, including (confirm and update for your deployment): [Stripe] (payments), [Resend] (email), [hosting/Railway] (infrastructure), [S3/Cloudflare R2] (recording & file storage), and optionally [LiveKit] (media relay for large meetings). We may disclose data to comply with law or protect rights and safety.
4. Retention
Account and billing records are retained while your account is active and as required for legal/accounting purposes. Transient meeting content (chat, polls, Q&A, notes, attendance) may be automatically purged after a configurable period ([content_retention_days], if enabled). Recordings and shared files are retained until you delete them. You can request deletion as described below.
5. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. California residents have rights under the CCPA/CPRA, including the right to know and delete, and to not be discriminated against for exercising rights. To exercise rights, contact [privacy@onepizza.io]. You may also lodge a complaint with your local data-protection authority.
6. International transfers
We may process data in countries other than yours. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for such transfers.
7. Security
We use technical and organizational measures including encryption in transit, hashed credentials, access controls, and audit logging. No method of transmission or storage is completely secure.
8. Children
The Service is not directed to children under [16/13]. We do not knowingly collect their data. If you believe a child has provided us data, contact us and we will delete it.
9. Changes
We may update this Policy and will revise the "Last updated" date. Material changes will be communicated through the Service.
10. Contact
[Company Legal Name], [address] · [privacy@onepizza.io]