1. Parties and roles
For Customer Data captured through the meeting-bot API, the customer is the controller and meetbot is the processor. For account, billing, abuse-prevention, and product analytics data, meetbot acts as an independent controller as described in the privacy policy.
2. Processing instructions
meetbot processes Customer Data only to join meetings you designate, capture the requested media and metadata, upload outputs to the storage destination you configure, deliver signed webhooks, provide support, secure the service, and meet legal obligations.
3. Security measures
Production runs in Hetzner Falkenstein by default, secrets are stored outside source control, API tokens are hashed, webhook signatures use HMAC-SHA256, admin access is limited to named operators, and error reporting is configured for the Sentry EU region with PII scrubbing.
5. International transfers
The default bot and control plane stay in the EEA. Where a sub-processor has a US parent or US processing path, meetbot relies on the European Commission Standard Contractual Clauses and supplementary transfer-impact review.
6. Security incidents
meetbot notifies affected customers without undue delay after confirming a personal-data breach involving Customer Data, shares known scope and remediation, and provides follow-up details as the investigation stabilizes.
7. Data subject requests
If a data subject contacts meetbot about Customer Data, we redirect the request to the customer where legally permitted. We provide reasonable assistance for access, export, correction, restriction, objection, and erasure requests.
8. Return and deletion
Meeting outputs are written to the customer-controlled bucket. Temporary bot storage is deleted after upload completion by default. Account erasure is available from the dashboard and via DELETE /api/v1/consumers/me, while legally required invoice records are retained.
9. Audit support
Until SOC 2 is complete, meetbot provides security documentation, sub-processor details, architecture notes, and reasonable written responses to customer audit questions under NDA or equivalent confidentiality terms.
10. Signing and contact
To sign this DPA, request redlines, or attach it to an enterprise order form, email legal@meetbot.dev from an account-owner address. Privacy requests go to privacy@meetbot.dev.
4. Sub-processors
The list below is the operative sub-processor schedule. We notify account owners at least 30 days before adding a new sub-processor that materially changes the processing of Customer Data.
| sub-processor | purpose | jurisdiction |
|---|---|---|
| Hetzner Online GmbH | Primary hosting (compute, Postgres, optional storage) | Germany |
| Stripe Payments Europe Ltd / Stripe Inc. | Payments, invoicing, customer-portal billing | Ireland (EU entity) + United States (parent) — SCCs in DPA |
| Cloudflare, Inc. | CDN, TLS termination, inbound email worker | United States — SCCs in DPA |
| Functional Software Inc. (Sentry) | Error tracking | Sentry EU region (Frankfurt, DE) selected; parent US — SCCs in DPA |
| PostHog Inc. (planned) | Product analytics on the marketing site (not live yet) | PostHog EU region (Frankfurt, DE); parent US — SCCs in DPA |
| Anthropic PBC | LLM inference for sample apps that use Claude (e.g. action-items-bot) | United States — SCCs in DPA; BAA path TBD; we do not route customer recordings to Anthropic for our own product |