Skip to main content
Northlight
Meetings — Privacy Policy

Privacy Policy

Northlight Meetings — Desktop Application

Effective: July 5, 2026  ·  Last updated: July 5, 2026

Overview

Northlight Meetings is a Windows desktop application that records, transcribes, and analyzes client calls to help consultants capture insights and generate follow-up documents. This policy explains exactly what data the app handles, where it goes, and what controls you have.

Short version: Your call recordings and transcripts stay on your computer. Audio is sent to Groq for transcription and analysis, and documents are pushed to your own Google Drive and ClickUp accounts — not to Northlight servers. Error reports are sent to Sentry to help fix crashes.

Who This Policy Applies To

This policy applies to individuals who use Northlight Meetings as a licensed user. The app is a single-user desktop tool; it does not have accounts, cloud sync, or a Northlight-operated backend.

Data the App Handles

Audio Recordings

The app captures audio from two sources:

Recordings are held in memory during the session and immediately sent to Groq for transcription when you stop recording. Audio files are not saved to disk.

Transcripts and Analysis

The text transcript and AI analysis output (summaries, action items, draft documents) are saved locally to a JSON file at:

%APPDATA%\Northlight Meetings\sessions.json

This file is stored only on your device and is not transmitted to Northlight or any third party.

API Credentials and Tokens

The following credentials are stored encrypted on your device using Windows DPAPI (Data Protection API) via Electron's safeStorage:

These credentials are never transmitted to Northlight. They are decrypted only at the moment they are needed for an API call and are bound to your Windows user account.

Integration configuration

Non-sensitive configuration (Google Drive folder IDs, ClickUp list IDs, template document IDs) is stored in plain JSON at %APPDATA%\Northlight Meetings\integration-config.json on your device only.

Third-Party Services

The app connects to the following external services on your behalf. Northlight does not operate any of these services and does not receive copies of the data sent to them.

Groq

Transcription + Analysis

What is sent: Raw audio data (transcription), then the resulting transcript text (analysis).

Why: Groq runs Whisper large-v3 for speech-to-text and Llama 3.3 70B for analysis.

Data handling: Governed by Groq's Privacy Policy. Groq does not use your data to train models by default.

Retention: Groq processes requests in real time. Audio and transcripts are not retained by Groq after processing.

Google (Drive, Docs, Calendar)

Document Generation + Calendar Events

What is sent: Structured text content (proposal drafts, meeting notes, date entries) is written to your own Google Drive, Google Docs, and Google Calendar using OAuth credentials that you authorize.

Why: To create documents and calendar events in your own Google Workspace.

Data handling: Data is written to your Google account. Northlight has no access to your Google account. Governed by Google's Privacy Policy.

Scopes requested: drive, documents, calendar.events — limited to creating and updating files, not reading your full Drive or inbox.

ClickUp

Task Creation

What is sent: Task names, descriptions, priorities, and due dates extracted from call analysis — written to a ClickUp list you specify.

Why: To create client action items in your ClickUp workspace.

Data handling: Written to your own ClickUp workspace using your personal API key. Governed by ClickUp's Privacy Policy.

Sentry

Error Reporting

What is sent: Crash reports and unhandled error details — including stack traces, app version, OS version, and environment (development or production). Call content, transcripts, and credentials are not included in error reports.

Why: To identify and fix bugs in the app.

Data handling: Governed by Sentry's Privacy Policy. Reports are visible only to Northlight.

What Northlight Does Not Do

Call Participant Consent

You are responsible for obtaining consent from call participants before recording. Requirements vary by jurisdiction:

A common practice is to announce at the start of a call that it is being recorded and ask for verbal confirmation. Northlight recommends doing this regardless of legal minimums.

Data Retention and Deletion

All session data is stored in %APPDATA%\Northlight Meetings\sessions.json on your device. You can delete individual sessions within the app or delete the entire file to remove all stored data.

Credentials stored via safeStorage can be cleared from within the app's Settings screen. Uninstalling the app does not automatically delete the %APPDATA%\Northlight Meetings\ folder — you may delete it manually after uninstalling.

Children's Privacy

Northlight Meetings is a professional tool intended for business use by adults. It is not directed at children under 13 and does not knowingly collect data from children.

Changes to This Policy

If this policy changes materially, the updated version will be posted at this URL and the "Last updated" date at the top will change. Continued use of the app after a material change constitutes acceptance of the updated policy.

Contact

Northlight

Privacy inquiries: hello@bynorthlight.ca

bynorthlight.ca

For privacy questions related specifically to Northlight Meetings — including requests to understand what data may be held on your behalf, or to exercise rights under PIPEDA or GDPR — email the address above with the subject line "Meetings Privacy".