Back to Home

    Privacy Policy

    Last updated: March 20, 2026

    Freshbase ("we," "us," or "our") operates the Freshbase platform (the "Service"), a B2B SaaS product that transforms meeting content into structured technical documentation. This Privacy Policy explains how we collect, use, store, and protect your information.

    By using the Service, you agree to the collection and use of information in accordance with this policy.

    1. Information We Collect

    1.1 Account Information

    When you create an account, we collect:

    • Name and email address
    • Organization/company name
    • Authentication credentials (managed by our identity provider)

    1.2 Meeting and Content Data

    Through your use of the Service, we process:

    • Meeting transcriptions (captured via browser extension, third-party integrations, or direct upload)
    • Audio metadata (duration, participant count — we do not store raw audio permanently)
    • Generated documentation outputs (user stories, ADRs, BDD scenarios, tasks)
    • Your edits, approvals, and feedback on generated content

    1.3 Usage Data

    We automatically collect:

    • Feature usage and interaction patterns
    • Performance metrics and error logs
    • Browser type, device information, and IP address
    • Pages visited and actions taken within the Service

    1.4 Payment Information

    Payment processing is handled by our third-party payment processor. We do not directly store credit card numbers or bank account details.

    2. How We Use Your Information

    We use collected information to:

    • Provide, maintain, and improve the Service
    • Process meeting content and generate documentation outputs
    • Manage your account and provide customer support
    • Send transactional communications (e.g., billing, security alerts)
    • Analyze usage patterns to improve product quality
    • Train and improve our AI models (see Section 3)
    • Comply with legal obligations

    3. AI Processing and Model Training

    3.1 How AI Processing Works

    The Service uses third-party large language models (LLMs) to process your meeting transcriptions and generate structured documentation. Your content is sent to these AI providers solely for the purpose of generating outputs within the Service.

    3.2 Model Training

    We do not use your meeting content or generated outputs to train our own AI models. Your content is processed in real-time and is not fed into any training pipeline.

    Third-party AI providers we use (such as Google, Anthropic, or OpenAI) have their own data processing agreements. We select providers that commit to not using API-submitted data for model training.

    3.3 Human Review

    In limited cases, our team may review anonymized or aggregated content to debug issues, improve prompt quality, or evaluate output accuracy. We will never share identifiable meeting content externally.

    4. Data Sharing and Third-Party Services

    We share information only in the following circumstances:

    • Service Providers: With third-party services that help us operate the Service (e.g., cloud hosting, authentication, payment processing, AI model providers, analytics). These providers are contractually bound to protect your data.
    • Legal Requirements: When required by law, regulation, or legal process.
    • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.
    • With Your Consent: When you explicitly authorize sharing.

    We never sell your personal information or meeting content to third parties.

    Key Third-Party Services

    ServicePurposeData Processed
    Google Cloud PlatformInfrastructure & hostingAll service data
    SupabaseDatabaseAccount & content data
    ClerkAuthenticationAccount credentials
    DeepgramSpeech-to-textAudio/transcription data
    Google AI (Gemini)Content generationTranscription text
    LangfuseLLM observabilityMetadata only (no PII)
    PostHogProduct analyticsUsage data
    Google AnalyticsWebsite analytics and conversion measurementWebsite usage data
    Microsoft ClarityWebsite analytics and session insightsWebsite usage data
    StripePayment processingBilling data

    5. Data Retention

    • Account Data: Retained for the duration of your account, plus 30 days after deletion.
    • Meeting Content & Outputs: Retained for the duration of your account. You may delete individual sessions at any time.
    • Usage Data: Retained in anonymized/aggregated form for up to 24 months.
    • Payment Records: Retained as required by applicable tax and financial regulations.

    Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.

    6. Data Security

    We implement industry-standard security measures, including:

    • Encryption in transit (TLS 1.2+) and at rest
    • Access controls and authentication
    • Regular security assessments
    • Infrastructure hosted on SOC 2-compliant cloud providers

    While we strive to protect your data, no method of electronic transmission or storage is 100% secure.

    7. Your Rights

    7.1 General Rights

    You have the right to:

    • Access your personal data
    • Correct inaccurate data
    • Delete your data (subject to legal retention requirements)
    • Export your data in a structured format
    • Withdraw consent for optional data processing

    7.2 Rights Under LGPD (Brazil)

    If you are located in Brazil, you have additional rights under the Lei Geral de Proteção de Dados (LGPD), including confirmation of processing, access, correction, anonymization, portability, consent revocation, and information about shared data.

    To exercise any of these rights, contact us at admin@getfreshbase.com.

    7.3 Rights Under GDPR (European Union)

    If you are located in the EU/EEA, you have rights under the GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is contract performance (for service delivery) and legitimate interest (for analytics and improvement).

    8. International Data Transfers

    Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

    9. Children's Privacy

    The Service is not directed at individuals under 18. We do not knowingly collect data from minors. If we become aware of such collection, we will delete the data promptly.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 15 days before they take effect.

    11. Contact Us

    If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

    Freshbase
    Email: admin@getfreshbase.com
    Location: São Paulo, SP — Brazil