Privacy Statement

Nootely captures audio in your browser, sends it to a speech model you configure, returns transcripts to your browser, and uses an LLM you configure to produce summaries and structured form values.

• Microphone audio while a session is recording.
• Provider API keys and access token, entered in the configuration panel.
• Form structure, field values, and any manual edits you make.

Audio is streamed from your browser to the speech provider you configure. Nootely itself does not persist raw audio in storage you have not chosen.

Transcripts are returned to your browser and held in memory for the duration of the session. They are persisted only when you explicitly export or save them.

Summaries are produced from the transcript by the LLM you configure and follow the same handling as transcript data.

Custom form structures and AI-filled values are held in memory for the session and are persisted only on explicit export.

API keys are kept in browser memory by default. They are not written to localStorage by default and are not included in exports. For production, route keys through your own backend.

If you choose to add an Azure credential via “Connect Microsoft”, Nootely receives a short-lived Microsoft access token in your browser tab only. The token is forwarded once to a Nootely Edge Function so it can list your Azure subscriptions, Cognitive Services accounts, and deployments, and (on save) read the API key for the resource you pick. The Microsoft token is never persisted anywhere — not in this browser, not in our database — and is never returned in any response. Only the API key for the resource you explicitly select is encrypted and stored, exactly the same as the manual paste flow.

The access token is sent as a Bearer header to your backend on relevant API calls. It is not logged to the console and is not included in exports.

Audio and transcripts may be processed by OpenAI or Microsoft Azure depending on your configuration. Their privacy and data retention policies apply while data is in their possession.

Non-sensitive session metadata (titles, durations, transcripts, and form values) may optionally be cached in localStorage if the project enables that. Sensitive values such as API keys and access tokens are not stored there by default.

You can export sessions to JSON, JavaScript, or Markdown. Exports include transcripts, summaries, and form values, but not API keys or the access token.

Nootely itself does not retain your audio, transcripts, or form data outside of your browser session unless you explicitly export or save it.

You can clear sensitive configuration values at any time using the “Clear sensitive config” action in the provider panel. You can also clear browser storage to remove cached sessions.

See the Security Notes page for the recommended production deployment posture.

For privacy questions, contact the project maintainer through the project page.