SC Tech logo SC Meeting Minutes

Privacy Notice

Effective date: 17 Feb 2026

This Privacy Notice explains how SC Technology (PTY) LTD ("we", "us", "our") processes personal information when you use SC Meeting Minutes (the "Service"). This Service generates meeting minutes and related outputs from content you provide (such as audio recordings, documents, and meeting details).

If you do not agree with this Privacy Notice, do not use the Service.

1. What this Service is

The Service helps you create meeting minutes. It may transcribe audio into text and use AI to generate summaries, action items, and minutes based on the content you submit.

The Service is publicly accessible and does not require an account or login.

2. What information we process

Because meeting content can vary, the information processed may include personal information, confidential information, or sensitive information depending on what you submit.

2.1 Content you submit ("Customer Content")

This may include:

  • audio recordings you upload;
  • documents you upload (for example meeting agendas or prior minutes);
  • meeting details you enter into forms (for example meeting title and date);
  • text prompts or instructions you enter; and
  • generated outputs (minutes, summaries, action items).

2.2 Technical and operational information (logs)

We process technical information necessary to operate and secure the Service. This may include:

  • IP address;
  • timestamps;
  • browser/user agent details;
  • requested path/endpoints;
  • response codes and timing/latency metrics; and
  • error information (for example reverse-proxy or server errors).

3. How we use information (purposes)

We process information to:

  • provide the Service (including transcription and minutes generation);
  • maintain reliability and performance during beta testing;
  • prevent abuse, fraud, and security incidents;
  • diagnose technical issues; and
  • improve the Service based on aggregated usage patterns and feedback.

4. Where and how processing occurs

4.1 Our infrastructure

We host the Service on infrastructure located in South Africa (AWS Cape Town). Our server storage is encrypted.

4.2 Transcription provider (audio)

If you upload audio, we transmit it to our transcription provider using an EU processing endpoint to convert the audio to text. For our AssemblyAI account, we have opted out of data sharing for model improvement. After transcription reaches a terminal state in our workflow, we issue a delete request for that transcript.

4.3 AI provider (minutes generation)

We transmit transcript text and any uploaded documents used for context to our AI provider to generate minutes and related outputs. We configure our OpenAI account and API usage to reduce retention, including disabling API call logging in OpenAI Data Controls and disabling request-level storage where supported. Depending on provider infrastructure and configuration, processing may occur outside South Africa, including in the United States.

Even with these controls, providers may still process limited operational metadata and may retain data where required for security, abuse prevention, legal, or compliance purposes under their policies.

4.4 Cross-border processing

Because we use third-party providers, your content may be processed in jurisdictions outside your own. By using the Service, you acknowledge this cross-border processing.

5. Subprocessors (third-party providers)

We use third-party service providers ("Subprocessors") to provide functionality such as transcription and AI processing, and to host our infrastructure.

A current list of Subprocessors and their roles is available at: /subprocessors

We may update Subprocessors from time to time and will update this list accordingly.

6. Storage and retention

6.1 Customer Content (meeting audio, documents, transcripts, and minutes)

Our application is designed to process Customer Content transiently:

  • uploaded documents are handled during request processing and are not stored in our application database or object storage;
  • generated minutes are produced in memory and returned in the response and are not stored in our application database or object storage; and
  • Customer Content is discarded when processing completes (request lifecycle).

Note: our Subprocessors may apply their own retention practices to data they process. Their handling of data is governed by their own policies and settings.

Current provider posture for this Service includes: OpenAI API call logging disabled in Data Controls for the relevant project/org, OpenAI request storage disabled where supported, AssemblyAI EU endpoint usage, AssemblyAI account opt-out from model-improvement data sharing, and transcript deletion requests once processing reaches a terminal state in our workflow.

6.2 Operational logs

We keep standard server and web server logs for security, abuse prevention, reliability, and troubleshooting. These logs may contain IP address and other technical metadata described in section 2.2.

During beta, we do not yet publish a fixed log-retention period. We retain logs only as long as reasonably necessary for the purposes described in this Privacy Notice and may update retention practices as the Service matures.

7. Diagnostic uploads (optional, explicit opt-in)

If you experience an issue, the Service may offer a "Send diagnostic data" option.

If you choose to send diagnostic data, we will upload the relevant session data so we can investigate the issue. This may include:

  • transcript and conversation context for the current session;
  • generated minutes for the current session; and
  • uploaded documents used in the current session.

We will use diagnostic uploads only for support, debugging, performance analysis, and security investigations. Access is restricted to authorised personnel.

If you do not opt in, we will not request diagnostic uploads from you as part of standard use of the Service.

8. Cookies and similar technologies

The Service does not currently use cookies or browser local storage mechanisms (such as localStorage or sessionStorage) to persist user content.

9. Human access and review

We generally do not review Customer Content. However, authorised personnel may access limited information where reasonably necessary for:

  • support and debugging (including where you opt in to diagnostic uploads);
  • investigating suspected abuse; and
  • security incident response.

We limit access to what is necessary for these purposes.

10. Security

We implement reasonable technical and organisational measures designed to protect information in transit and during processing. However, no system is perfectly secure and we cannot guarantee absolute security.

11. Your responsibilities

You are responsible for ensuring you have the right to submit meeting content and that you have obtained any necessary consents from meeting participants for recording, transcription, and processing (including cross-border processing where applicable).

You should avoid submitting unnecessary personal information and minimise sensitive content where reasonably possible.

12. Your choices and rights

Because the Service does not use accounts and is designed not to store Customer Content after processing, we may not be able to retrieve or delete content you submitted once processing completes.

You can choose:

  • not to use the Service if you are not comfortable with cross-border processing;
  • not to upload sensitive information;
  • not to use the optional "Send diagnostic data" feature; and
  • to contact us with questions or concerns.

13. Contact

If you have questions about this Privacy Notice or how we process information, contact:

support@sctechnology.co.za

https://sctechnology.co.za/

14. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Updates take effect when posted. Continued use of the Service after changes are posted means you accept the updated Privacy Notice.