Privacy Policy

Last updated: May 2, 2026

Becki is a privacy-first professional memory platform. This Privacy Policy explains what we collect, how we use it, and the controls you have. Becki is built on a local-first architecture: meeting audio, verbatim transcripts, AI-generated summaries, your meeting notes, and other participants' contact information stay on your device. Only the structured cross-tool memory (decisions, commitments, dead-ends, open-loops) syncs to our servers, scoped to your account, encrypted in transit and at rest.

1. Who we are

Becki is operated by Bryan dos Santos d/b/a Becki. Contact: hello@becki.io. Privacy inquiries: privacy@becki.io. Website: www.becki.io.

2. Plain-language summary

We do not send your meeting audio to our servers or to any third party. Transcription happens entirely on your device using a local Whisper-based model.
We do not send your verbatim transcript text to our servers. Transcripts stay in a local SQLite database on your machine.
We do not send AI-generated meeting summaries or your meeting notes to our servers.
We do not store other meeting participants' names or email addresses on our servers.
We do not sell your data, run advertising on it, or share it with advertisers.
We do not read your data as humans for any purpose other than providing or supporting the service. Your synced data is scoped to your account.
We do store extracted structured memory (decisions, commitments, dead-ends, open-loops, project list) in our cloud database so Becki can sync across your devices and make context available to AI tools you authorize.
We do send your transcript text to a third-party AI provider (Anthropic) at extraction time so structured memory can be derived from it. The transcript is in transit to that provider for seconds during extraction; no copy is retained server-side after extraction.
We do collect minimal diagnostics needed to run the product (crash reports if you opt in, aggregate usage counts).

3. Data we collect and where it lives

3.1 Account data

When you create a Becki account we collect your email address, an optional display name, and assign a unique user identifier. We do not require a phone number. Authentication is provided by Supabase (see Subprocessors). If we add paid plans in the future, payment will be processed by a third-party payment provider; we will receive only a customer identifier and subscription status, never your card number.

3.2 Meeting audio (local-only)

When you record a meeting, audio is captured and transcribed entirely on your Mac using a local Whisper-based model bundled with the app. Raw audio never leaves your device. No third party, including us, ever receives or listens to your meeting audio. You control whether audio files are retained after transcription; by default, audio is deleted once transcription completes.

3.3 Verbatim transcripts (local-only)

The text transcript of each meeting, including per-word timing data and speaker labels, is stored exclusively in a local SQLite database on your Mac. The transcript is sent to a third-party AI provider (currently Anthropic) once at extraction time so that structured memory can be derived from it (see Section 3.6). After extraction, the transcript is not retained by that provider and is never copied to Becki's cloud database.

3.4 Meeting summaries and your notes (local-only)

AI-generated meeting summaries and any free-form notes you type into the app are stored exclusively in your local SQLite database. They do not sync to our cloud and are not visible to anyone other than you on your machine.

3.5 Other participants' information (local-only)

Speaker labels you assign to meeting participants and any names or email addresses associated with those participants are stored exclusively in your local SQLite database. We do not store other people's names or contact information in our cloud database. If a meeting involves participants who have not consented to having their information stored on third-party servers, this design protects them.

3.6 Structured memory and the NeuraVault (synced)

Becki extracts structured items — decisions, dead-ends, commitments, open-loops, and notes — from your meetings, commits, and AI conversations. These structured items, together with their text content, are stored locally AND synced to our cloud database. We do this because the entire purpose of Becki is to make this structured memory available to AI tools you use across multiple devices and contexts; if it stayed local-only, there would be no cross-tool memory.

The synced data includes:

Vault entries (table: vault_embeddings) — the text of each decision, dead-end, commitment, etc., plus a vector embedding produced by Voyage AI for retrieval.
Commitments (table: commitments) — extracted action items with owner, recipient, deadline.
Daily briefings (table: daily_briefings) — server-precomputed briefings drawing from the above.
Meeting metadata (table: meetings) — title, start time, end time, calendar event id only. Summary and notes columns are explicitly null on push.
Project list (table: projects) — name, path, and metadata for projects you've added so a cross-device project picker works.

All synced data is row-level-security-scoped to your account: no other user can read your records via the API. Becki personnel may have administrative access to the database for support and infrastructure operation; we do not access your records except as needed to provide or support the service or as required by law.

3.7 Integrations and third-party services

Becki connects to additional services that power specific features. Optional integrations only activate when you explicitly configure them.

Calendar (optional) — read-only access to your macOS Calendar via EventKit for scheduled-meeting detection and meeting-prep context. Becki never creates, modifies, or deletes calendar events.
Source-control integrations (optional) — read-only access to GitHub or GitLab repos you authorize, used to ingest commits and pull/merge requests into your vault. Becki never writes to any repository.
AI processing — embedding (Voyage AI). All vector embeddings (of vault content and of your queries) are generated by Voyage AI, called server-side from Becki's edge function using Becki's API key. Voyage acts as a data processor on Becki's behalf and contractually does not use your content to train their models. Voyage is not available as BYOK — the embedding architecture is part of Becki's product.
AI processing — generation (Anthropic Claude). Generative AI calls (extraction, summarization, semantic reranking, prose synthesis) use Anthropic's Claude family. Two routing modes apply, depending on your Settings:
- Becki-managed (default). The HTTP request goes from your Mac to Becki's server-side function, which forwards to Anthropic using Becki's API key, subject to per-user usage caps. Anthropic acts as a data processor on Becki's behalf.
- Bring-your-own-key (BYOK). If you provide your own Anthropic API key in Settings → Providers, the HTTP request goes directly from your Mac to api.anthropic.com using your key. Becki's servers never see the request body. Anthropic acts as a processor for you, governed by your separate agreement with them. Becki has no visibility into BYOK calls beyond Settings remembering you opted in.
AI tool consumption (Claude Code, Cursor, etc.). When AI tools you've installed query your vault via the Becki MCP server, the AI inference itself happens entirely on your device or in the AI tool's own infrastructure (e.g., Anthropic if Claude Code is using Claude). Becki only serves the retrieved vault chunks — the AI provider for the tool is the tool's own provider relationship, not Becki's.
Cross-tool memory (MCP) — AI tools you install on your machine (Claude Code, Cursor, etc.) read from your synced vault via the Becki MCP server. Each tool authenticates as you and respects the same row-level scoping. You control which tools are connected.
Authentication and cloud storage — Supabase authenticates your account and stores your synced vault content, scoped to your user id.

A current list of all subprocessors is published at www.becki.io/subprocessors.

3.8 Diagnostics and logs

Application logs are written locally on your Mac to help you debug issues. If you opt in to crash reporting, crash traces are sent to us without user-identifying payload. We do not embed third-party analytics SDKs or tracking pixels in the application.

4. Where your data lives, summarized

Local-only (your Mac)	Meeting audio · Verbatim transcripts (text + per-word timing) · AI-generated meeting summaries · Free-form meeting notes · Speaker labels · Other participants' names and emails · Application logs · Local search index
Synced to our cloud	Account email + display name · Decisions, dead-ends, commitments, open-loops, notes (their text, plus vector embeddings) · Extracted commitments · Daily briefings · Meeting metadata (title + timing only) · Project list
Sent to third-party AI providers in transit	Transcript text and vault chunks during extraction, summarization, ranking, and synthesis. No copy retained by providers; not used for model training per provider contracts.
Server infrastructure (no user content)	Token-usage counters · Embedding cache (hashed content) · Email send log · Waitlist / tester gating

5. How we use your data

To run the Becki product — capture work, extract structured memory, retrieve context on demand, deliver briefings.
To authenticate you across devices and scope your data to your account.
To make your structured memory available to AI tools you explicitly install and authorize.
To keep the service reliable — crash reports, latency metrics, incident response.
To send service emails (account verification, approval notifications, incident notices). We do not send marketing email unless you opt in.

6. Lawful basis for processing (GDPR)

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on the following lawful bases under Article 6 of the GDPR:

Performance of a contract (Art. 6(1)(b)) — to provide the service you signed up for.
Legitimate interests (Art. 6(1)(f)) — to run the service securely, prevent abuse, debug failures, and improve product quality. We balance these interests against your privacy rights.
Consent (Art. 6(1)(a)) — for optional integrations (calendar, source control), crash reporting, and any future marketing communications. You can withdraw consent at any time.
Legal obligation (Art. 6(1)(c)) — to comply with valid legal process.

7. Data sharing and disclosure

We share data only with:

Subprocessors — third parties that power Becki's infrastructure, each acting as a data processor on Becki's behalf under their own data-processing terms. Current list: www.becki.io/subprocessors.
Law enforcement or other authorities, only when compelled by valid legal process and only to the extent required.
A successor entity, in the event of a corporate merger, acquisition, or asset sale — with prior user notice.

We do not sell personal data within the meaning of the California Consumer Privacy Act (CCPA) or comparable laws. We do not run third-party advertising or tracking pixels on the product or this site.

8. Data retention

Local files (transcripts, summaries, notes) — retained on your device until you delete them. We have no remote control over local data.
Cloud-synced vault content — retained while your account is active. Deleted within 30 days of an account-deletion request.
Meeting audio — local only; default is delete-after-transcription. Configurable retention window in app settings.
Diagnostic logs (server-side) — retained for 90 days.
Email send log — retained for 13 months for delivery troubleshooting and unsubscribe handling.

9. International data transfers

Becki's primary cloud infrastructure is operated from data centers in the United States. Some subprocessors may operate from additional regions. By using Becki, you consent to the transfer of your synced data to those regions for the purposes described in this policy. Where required by law (including EU/UK/Swiss data subjects), transfers are governed by Standard Contractual Clauses or equivalent safeguards executed with each subprocessor.

10. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, and similar laws), you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your account and associated cloud data.
Export your data — your local data is already a set of files you own; cloud data is exportable via request.
Object to or restrict specific processing.
Withdraw consent for optional integrations and processing at any time.
Lodge a complaint with a supervisory authority (e.g. your local Data Protection Authority).
For California residents (CCPA/CPRA): rights to know, delete, correct, opt out of sale or sharing (we do not sell or share for cross-context behavioral advertising), and limit use of sensitive personal information. We do not discriminate against users for exercising these rights.

To exercise these rights, email privacy@becki.io. We respond within 30 days (or as required by your jurisdiction).

11. Security

Audio, verbatim transcripts, AI summaries, and notes stay on your device.
All network traffic uses TLS 1.2 or higher.
Synced cloud data is encrypted at rest using AES-256 disk-level encryption provided by our infrastructure (see Subprocessors).
Synced data is row-level-security-scoped at the database layer — no Becki user can read another Becki user's records via the API.
Third-party access tokens you provide (for optional integrations) are stored in your system Keychain where supported.
Becki personnel with administrative access to infrastructure do not access user records except as needed to provide or support the service or as required by law.

Becki is not a zero-knowledge service. Synced data is encrypted in transit and at rest, but it is not encrypted with a key only you hold — administrative access to the database means a Becki engineer with the service-role key can read synced content. This is the same model used by Notion, Linear, Slack, and most AI memory products. The sensitive raw artifacts (audio, transcripts, summaries, third-party PII) intentionally never reach our servers in the first place.

No system is perfectly secure. If we learn of a breach affecting your data, we will notify you without undue delay and as required by applicable law.

12. Recording consent and third-party participants

Becki captures meeting audio for transcription. Recording laws vary by jurisdiction — many U.S. states and several countries require all-party consent before recording a conversation. You are responsible for obtaining the legally required consent from every participant in any meeting you record using Becki. Becki does not announce that recording is in progress; doing so is your responsibility. See our Acceptable Use Policy for more.

Other participants' names and email addresses captured during a recorded meeting stay on your device and are not synced to Becki's cloud. This intentional design limits exposure of third-party data.

13. Children

Becki is intended for working professionals and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@becki.io and we will delete it.

14. Changes to this policy

If we change this Privacy Policy materially, we will update the "Last updated" date above and notify you via the app or email before the change takes effect. Non-material changes (typos, contact info updates, clarifications) will be reflected in the updated date alone.

15. Contact

Privacy questions: privacy@becki.io. General support: hello@becki.io.

For users in the EU/UK who require an EU/UK-based representative (as set out in Article 27 of the GDPR), [FILL-IN: EU/UK representative if you appoint one; or remove this paragraph if not yet applicable].