HiNotes
desktop

Turn Any Conversation Into Organized Text

Just hit upload, HiNotes takes care of the rest

Data Processing Addendum (DPA)

Processor: HiDock LLC("Processor", "we", "us", "our"), operator of HiNotes and related services

This Data Processing Addendum (“DPA”) forms part of and supplements the Terms of Service and Privacy Policy between you (“Controller” or “you”) and Processor. By using our services, you agree to this DPA without the need for a physical signature.

1. Scope and Roles

  • The Controller determines the purposes and means of processing personal data.
  • The Processor processes personal data on behalf of the Controller in connection with the provision of audio recording, transcription, and meeting note generation services.

2. Subject Matter, Duration, and Purpose

  • Subject Matter: Processing of personal data for the provision of HiNotes services.
  • Duration: For as long as you use our services or until personal data is returned or deleted as described in Section 9.
  • Purpose: Providing, maintaining, improving, and securing our services.

3. Categories of Data & Data Subjects

  • Data Subjects: Users of the service and participants in recorded/transcribed meetings.
  • Personal Data: Names, contact details, voice recordings, meeting transcripts, and other data submitted or generated through the service.
  • Special Categories: Only if provided by you in the course of using the service.

4. Processor Obligations

We will:

  1. Process personal data only on your documented instructions.
  2. Ensure confidentiality of persons authorized to process the data.
  3. Maintain security measures per GDPR Article 32.
  4. Assist with data subject requests and GDPR compliance where applicable.
  5. Notify you of any personal data breach without undue delay and no later than 72 hours after becoming aware of it.

5. Sub-Processors

  • OpenAI, L.L.C. - AI transcription and summarization (DPA)
  • Anthropic PBC - AI summarization (DPA)
  • Microsoft Azure - Hosting and storage (DPA)

We consent to our use of these sub-processors. We will notify you of changes to this list.

6. International Transfers

If personal data is transferred outside the EEA, the UK or Switzerland, we will ensure appropriate safeguards such as:

  • An adequacy decision (GDPR Art. 45),
  • Standard Contractual Clauses, or
  • The EU-US Data Privacy Framework.

7. Security Measures

We Maintain, at minimum:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security testing
  • Backup and recovery procedures

8. Data Subject Requests

If we receive a request directly from a data subject, we will forward it to you and not respond except on your instructions.

9. Return or Deletion of Data

Upon termination of services, we will delete or return personal data at your choice, unless retention is required by law.

10. Audit Rights

You may request reasonable information to verify our compliance with this DPA. On-site audits are subject to our approval and may be conducted by an independent auditor under confidentiality obligations.

11. Liability

Our aggregate liability under this DPA is limited to the liability cap stated in our Terms of Service, except as prohibited by law.

12. Governing Law

This DPA is governed by the same law as the Terms of Service.

By continuing to use our services, you acknowledge and agree to this Data Processing Addendum.

Privacy Policy