Privacy Policy
Overview
Northlight Meetings is a Windows desktop application that records, transcribes, and analyzes client calls to help consultants capture insights and generate follow-up documents. This policy explains exactly what data the app handles, where it goes, and what controls you have.
Short version: Your call recordings and transcripts stay on your computer. Audio is sent to Groq for transcription and analysis, and documents are pushed to your own Google Drive and ClickUp accounts — not to Northlight servers. Error reports are sent to Sentry to help fix crashes.
Who This Policy Applies To
This policy applies to individuals who use Northlight Meetings as a licensed user. The app is a single-user desktop tool; it does not have accounts, cloud sync, or a Northlight-operated backend.
Data the App Handles
Audio Recordings
The app captures audio from two sources:
- Microphone — your voice, captured directly by Windows audio APIs.
- System audio — audio playing on your computer (e.g., remote participant voices routed via VB-Audio Cable / Voicemeeter Banana).
Recordings are held in memory during the session and immediately sent to Groq for transcription when you stop recording. Audio files are not saved to disk.
Transcripts and Analysis
The text transcript and AI analysis output (summaries, action items, draft documents) are saved locally to a JSON file at:
%APPDATA%\Northlight Meetings\sessions.json
This file is stored only on your device and is not transmitted to Northlight or any third party.
API Credentials and Tokens
The following credentials are stored encrypted on your device using Windows DPAPI (Data Protection API) via Electron's safeStorage:
- Groq API key
- ClickUp API key
- Google OAuth refresh token
- Google OAuth client ID and secret
These credentials are never transmitted to Northlight. They are decrypted only at the moment they are needed for an API call and are bound to your Windows user account.
Integration configuration
Non-sensitive configuration (Google Drive folder IDs, ClickUp list IDs, template document IDs) is stored in plain JSON at %APPDATA%\Northlight Meetings\integration-config.json on your device only.
Third-Party Services
The app connects to the following external services on your behalf. Northlight does not operate any of these services and does not receive copies of the data sent to them.
Groq
What is sent: Raw audio data (transcription), then the resulting transcript text (analysis).
Why: Groq runs Whisper large-v3 for speech-to-text and Llama 3.3 70B for analysis.
Data handling: Governed by Groq's Privacy Policy. Groq does not use your data to train models by default.
Retention: Groq processes requests in real time. Audio and transcripts are not retained by Groq after processing.
Google (Drive, Docs, Calendar)
What is sent: Structured text content (proposal drafts, meeting notes, date entries) is written to your own Google Drive, Google Docs, and Google Calendar using OAuth credentials that you authorize.
Why: To create documents and calendar events in your own Google Workspace.
Data handling: Data is written to your Google account. Northlight has no access to your Google account. Governed by Google's Privacy Policy.
Scopes requested: drive, documents, calendar.events — limited to creating and updating files, not reading your full Drive or inbox.
ClickUp
What is sent: Task names, descriptions, priorities, and due dates extracted from call analysis — written to a ClickUp list you specify.
Why: To create client action items in your ClickUp workspace.
Data handling: Written to your own ClickUp workspace using your personal API key. Governed by ClickUp's Privacy Policy.
Sentry
What is sent: Crash reports and unhandled error details — including stack traces, app version, OS version, and environment (development or production). Call content, transcripts, and credentials are not included in error reports.
Why: To identify and fix bugs in the app.
Data handling: Governed by Sentry's Privacy Policy. Reports are visible only to Northlight.
What Northlight Does Not Do
- Northlight does not operate a backend server that receives your call data.
- Northlight does not store copies of your transcripts, recordings, or analysis.
- Northlight does not use your call data for any purpose other than operating the app.
- The app does not include analytics, telemetry, or behavioural tracking.
- The app does not display ads.
Call Participant Consent
You are responsible for obtaining consent from call participants before recording. Requirements vary by jurisdiction:
- Canada (PIPEDA / provincial laws): One-party consent in most provinces; two-party consent required in some contexts.
- United States: Federal law requires one-party consent; some states (California, Florida, Illinois, etc.) require all-party consent.
- European Union (GDPR): Explicit informed consent from all participants is typically required.
A common practice is to announce at the start of a call that it is being recorded and ask for verbal confirmation. Northlight recommends doing this regardless of legal minimums.
Data Retention and Deletion
All session data is stored in %APPDATA%\Northlight Meetings\sessions.json on your device. You can delete individual sessions within the app or delete the entire file to remove all stored data.
Credentials stored via safeStorage can be cleared from within the app's Settings screen. Uninstalling the app does not automatically delete the %APPDATA%\Northlight Meetings\ folder — you may delete it manually after uninstalling.
Children's Privacy
Northlight Meetings is a professional tool intended for business use by adults. It is not directed at children under 13 and does not knowingly collect data from children.
Changes to This Policy
If this policy changes materially, the updated version will be posted at this URL and the "Last updated" date at the top will change. Continued use of the app after a material change constitutes acceptance of the updated policy.
Contact
For privacy questions related specifically to Northlight Meetings — including requests to understand what data may be held on your behalf, or to exercise rights under PIPEDA or GDPR — email the address above with the subject line "Meetings Privacy".