Indigo Logo
HQ ProNewgoClawLabsResearchInsightsLog In

Privacy Policy

Indigo AI, Inc.

Last Updated: March 27, 2026

1. Introduction

Indigo AI, Inc. ("Indigo," "we," "us," or "our") provides an AI-powered operating system that helps teams build, deploy, and orchestrate AI workers and workflows. This Privacy Policy describes how we collect, use, share, and protect your information when you use our website, desktop application, command-line tools, API integrations, and related services (collectively, the "Service").

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

  • Name, email address, and profile details provided during registration
  • Authentication credentials managed through our identity provider
  • Account preferences and settings
  • Subscription and billing information

Meeting Data

  • Meeting recordings and audio files
  • Meeting transcripts generated from recordings
  • Meeting metadata, including title, description, date, time, duration, and URL
  • Participant information, including names, email addresses, and roles
  • Calendar event details from connected calendar accounts

AI-Extracted Signals

  • Decisions, action items, accomplishments, and key facts identified from your meetings
  • Direct quotes and citations attributed to meeting participants
  • Speaker attribution and contextual information
  • Relationships between people, teams, projects, and initiatives referenced in meetings

Chat & Interaction Data

  • Messages and queries submitted through our conversational AI features
  • AI-generated responses and insights provided to you

Usage & Technical Data

  • Device information, browser type, and operating system
  • Log data, including access times and pages viewed
  • Product usage patterns and feature interactions
  • Error reports and performance data

Payment Information

Billing details are collected and processed by our payment processor, Stripe. We do not directly store your full credit card number.

3. How We Collect Information

  • Directly from you when you create an account, configure settings, or interact with the Service
  • Automatically when our meeting bot joins your meetings to record and transcribe, or when you use the Service
  • From third-party integrations you connect, such as Google Calendar, Slack, Zoom, or email
  • From AI processing when our models analyze your meeting content to extract signals and insights

4. How We Use Your Information

We use the information we collect to:

  • Record, transcribe, and analyze your meetings
  • Extract actionable signals such as decisions, action items, and key facts
  • Provide AI-powered insights and conversational features
  • Maintain and improve the Service's functionality and performance
  • Manage your account, process payments, and communicate with you about the Service
  • Send transactional emails related to your account or activity
  • Monitor for errors, security issues, and abuse
  • Comply with legal obligations

5. AI & Automated Processing

Indigo uses large language models and other AI technologies to process your meeting recordings, transcripts, and related data. This processing is used to:

  • Generate transcripts from audio recordings
  • Extract signals (decisions, actions, accomplishments, key facts) from meeting content
  • Provide conversational AI features and meeting summaries
  • Build and maintain a taxonomy of people, teams, projects, and initiatives referenced across your meetings

Your data is used for per-user inference only. We do not use your meeting content, transcripts, or extracted signals to train or fine-tune AI models. Your data is processed solely to deliver insights back to you and your organization.

6. Google User Data Access and Usage

Our application accesses Google user data only with your explicit authorization and only as required to perform the functions you have enabled. Below is a complete list of the Google OAuth scopes we request, grouped by sensitivity classification.

Restricted Scopes

These scopes provide access to sensitive Google data and are subject to additional verification and usage restrictions.

  • Gmail — Read-Only (gmail.readonly) – To read email messages and metadata for extracting meeting-related context, follow-ups, and action items referenced in conversations.
  • Google Drive — Read-Only (drive.readonly) – To read and download files from your Google Drive so Indigo can analyze documents referenced in or relevant to your meetings.
  • Google Drive — Metadata (drive.metadata) – To view file metadata (titles, dates, sharing permissions) in your Google Drive for organizing and linking documents to meeting context.

Sensitive Scopes

  • Google Docs — Read-Only (documents.readonly) – To read Google Docs content so Indigo can analyze documents shared or referenced during your meetings.
  • Google Contacts — Read-Only (contacts.readonly) – To read your contact list for identifying meeting participants and enriching participant profiles with names and roles.
  • Google Sheets — Read-Only (spreadsheets.readonly) – To import spreadsheets and perform AI-powered analysis using the data in context while answering your questions.
  • Google Calendar — Read-Only (calendar.readonly) – To view your calendars so you can select which calendar the AI bot monitors for upcoming meetings.
  • Google Calendar Events — Read-Only (calendar.events.readonly) – To fetch event details (title, time, attendees, conferencing links) from your selected calendar so the AI bot can join meetings and provide relevant insights.

Non-Sensitive Scopes

  • Google Drive — App Data (drive.appdata) – To store and retrieve Indigo application configuration data in a private, app-specific folder in your Google Drive. This data is not visible to you or other apps.
  • Google Drive — Per-File Access (drive.file) – To access individual files that you explicitly open or share with Indigo, allowing targeted document import without broad Drive access.
  • Google Calendar Settings — Read-Only (calendar.settings.readonly) – To read your calendar settings (timezone, default event length) for accurate scheduling and event display.
  • Gmail Labels (gmail.labels) – To read and manage email labels, enabling Indigo to categorize and filter relevant email threads.
  • OpenID Connect (openid) – To verify your identity during sign-in using Google as an authentication provider.
  • Email Address (userinfo.email) – To retrieve your email address for account creation, login, and communication.
  • Basic Profile (userinfo.profile) – To retrieve your name and profile picture for personalizing your experience within the application.

Google API Services Limited Use Disclosure

Indigo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The following commitments apply to all Google user data accessed through any of the scopes listed above:

  • We do not sell Google user data to third parties, and we do not use it for serving advertisements.
  • We do not use Google user data for credit-scoring, lending, or any form of creditworthiness assessment.
  • We limit our use of Google user data to providing and improving the user-facing features of Indigo that are visible and prominent in our user interface.
  • We do not transfer Google user data to third parties unless (a) it is necessary to provide or improve user-facing features that are prominent in our interface, (b) it is necessary to comply with applicable laws, or (c) the user provides explicit, informed, affirmative consent. All such transfers are subject to the same Limited Use restrictions.

Your Google data remains secure and is accessed only with your explicit consent. You can revokeIndigo's access to your Google account at any time through your Google Account permissions settings.

7. Information Sharing & Third-Party Services

We do not sell your personal information. We share information only in the following circumstances:

Service Providers (Sub-Processors)

We use third-party service providers to operate the Service. These providers process data on our behalf under contractual obligations to protect your information:

ProviderPurpose
Recall.aiMeeting recording and transcription
Amazon Web Services (S3)Cloud storage for recordings and files
OpenAIAI-powered meeting analysis and insights
AnthropicAI-powered meeting analysis and insights
DeepgramSpeech-to-text processing
Arcade.aiDelegated OAuth and credential management for channel integrations
ClerkUser authentication and identity management
StripePayment and subscription processing
ResendTransactional email delivery
MongoDB AtlasDatabase hosting
VercelApplication hosting and web analytics
SentryError tracking and performance monitoring
Customer.ioCustomer messaging and product analytics

Other Disclosures

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Indigo, our users, or the public.

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

8. Data Storage & Security

We implement technical and organizational measures to protect your information, including:

  • Encryption at rest and in transit for stored data and network communications
  • AES-256-GCM encryption for API keys and sensitive credentials
  • Field-level encryption for sensitive data stored in our database
  • Multi-tenant data isolation ensuring that your data is accessible only to authorized users within your organization, enforced automatically at the query layer
  • Webhook signature verification for third-party integrations

Meeting recordings and files are stored in encrypted cloud storage (AWS S3). Database records are hosted on MongoDB Atlas with access controls and encryption.

While we take reasonable steps to protect your information, no system is completely secure. We cannot guarantee absolute security.

9. Data Retention & Deletion

Retention Periods

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods are as follows:

  • Meeting recordings and transcripts — Retained for the duration of your active account. Deleted within 30 days of account deletion or upon an earlier deletion request.
  • AI-extracted signals and insights — Retained for the duration of your active account. Deleted within 30 days of account deletion or upon an earlier deletion request.
  • Google user data (email content, Drive files, calendar data, contacts, documents) — Retained for the duration of your active account. Deleted within 30 days of account deletion, revocation of Google OAuth access, or upon a specific deletion request.
  • Account information (name, email, profile, preferences) — Retained until you delete your account. Deleted within 30 days of account deletion.
  • Payment and billing records — Retained for 7 years after the last transaction as required by applicable tax and financial regulations.
  • Usage and technical data — Identifiable usage data is deleted within 30 days of account deletion. Aggregated or anonymized analytics data may be retained indefinitely as it cannot be linked back to you.

Deleting Your Account and Data

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or regulation (see exceptions below). To delete your account and all associated data:

  1. Sign in to your Indigo account at getindigo.ai
  2. Navigate to Settings and select Delete Account
  3. Confirm the deletion when prompted

Alternatively, you can request account and data deletion by emailing privacy@getindigo.ai with the subject line "Data Deletion Request." We will process your request and complete deletion within 30 days of receiving it.

Deleting Google Data Specifically

If you want to delete only the Google-sourced data that Indigo has stored — without deleting your entire account — you can do so by following these steps:

  1. Revoke access — Go to your Google Account permissions page and remove Indigo from your authorized apps. This immediately stops Indigo from accessing any new Google data.
  2. Request deletion — Email privacy@getindigo.ai with the subject line "Google Data Deletion Request" and include the email address associated with your Google account.
  3. What we delete — Within 30 days of your request, we will delete all Google-sourced data stored by Indigo, including: Gmail message content and metadata, Google Drive files and file metadata, Google Docs content, Google Sheets data, Google Calendar events and settings, Google Contacts data, and any AI-extracted insights derived solely from Google-sourced content.

We will send you a confirmation email once the deletion is complete.

Exceptions to Deletion

Certain data may be retained beyond the 30-day deletion period where required or permitted by law. This includes:

  • Payment and billing records required to be retained under tax, accounting, or financial regulations
  • Data necessary to comply with a legal obligation, resolve disputes, or enforce our agreements
  • Records required to be maintained for regulatory compliance or audit purposes
  • Aggregated or anonymized data that can no longer be linked to you

10. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access — Request a copy of the personal information we hold about you
  • Correction — Request correction of inaccurate or incomplete information
  • Deletion — Request deletion of your personal information, subject to legal retention requirements
  • Data Portability — Request your data in a structured, commonly used format
  • Opt-Out of Analytics — You may opt out of product analytics tracking by contacting us
  • Withdraw Consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at the address provided below. We will respond within the timeframe required by applicable law.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Categories of Personal Information Collected

  • Identifiers (name, email address, account ID)
  • Commercial information (subscription and payment history)
  • Internet or electronic network activity (usage data, log data)
  • Audio and electronic information (meeting recordings, transcripts)
  • Professional or employment-related information (as referenced in meeting content)
  • Inferences drawn from the above (AI-extracted signals and insights)

Your CCPA Rights

  • Right to Know — You may request the categories and specific pieces of personal information we have collected about you
  • Right to Delete — You may request deletion of your personal information
  • Right to Opt-Out of Sale — We do not sell your personal information
  • Right to Non-Discrimination — We will not discriminate against you for exercising your rights

To submit a request, contact us using the information in Section 15 below.

12. International Users

If you are located outside the United States, please note that your information is transferred to and processed in the United States, where our servers and service providers are located.

Legal Basis for Processing (EEA/UK)

  • Performance of a contract — To provide the Service you have requested
  • Legitimate interests — To operate, improve, and secure the Service
  • Consent — Where you have provided explicit consent for specific processing activities

Data Transfers

We transfer data outside the EEA/UK using appropriate safeguards, including standard contractual clauses approved by the European Commission or equivalent mechanisms.

Additional Rights for EEA/UK Residents

  • Right to restrict processing
  • Right to object to processing based on legitimate interests
  • Right to lodge a complaint with your local data protection authority

13. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice within the Service prior to the changes taking effect. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Indigo AI, Inc.

Email: privacy@getindigo.ai

Website: https://getindigo.ai