Legal

Privacy Policy

Last updated: 4 July 2026

Recdr is operated by Marwood X Pty Ltd (ABN 55 695 551 538) ("Recdr", "we", "us", "our") from Australia. This policy explains how we collect, use, store, disclose and protect personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and, where applicable, the EU General Data Protection Regulation (GDPR).

The short version: we store your recordings encrypted in Australia and delete the audio after 30 days; the minutes are yours; we send audio to Google's Gemini API to transcribe it; we don't run ads, we don't sell data, and this website carries no third-party analytics or tracking.

1. Who this policy applies to

This policy applies to visitors to recdr.com, users of the Recdr mobile app and web recorder, recipients of minutes distributed through the service, and anyone who appears in a recording made with Recdr.

2. Information we collect

Account information: name, email address, profile photo URL, Google account ID (if you sign in with Google), authentication tokens, and timestamps for account creation and sign-in.

Recordings and derived content: the audio you record, its transcript, AI-generated summaries, minutes and action items, meeting titles, and the projects you organise them into.

Distribution settings: the Telegram chats and email addresses you configure as recipients of your minutes.

Device and usage data: IP address, user agent, device type, push notification tokens (if you enable push notifications), and timestamps. Server logs are used for security and debugging.

Communications: contact form submissions and any correspondence you send us.

3. Recordings of other people

Recordings you make will usually capture the voices of other meeting participants. As the person making the recording, you are responsible for ensuring it is lawful and consented to (see our Terms). We process recording content only as your service provider: to transcribe it, generate minutes, and deliver them to the recipients you choose. If you believe you have been recorded with Recdr without consent, contact us and we will assist, including deleting content where appropriate.

4. How we use your information

Under the GDPR, our lawful bases are: performance of a contract (providing the service), legitimate interests (security, fraud prevention, product improvement), consent (push notifications), and legal obligation.

5. AI processing

Audio is transcribed and minutes are generated using Google's Gemini API. Recording audio and transcripts are sent to Google for processing under Google's API terms; we use API endpoints for which Google states that content is not used to train their models. We do not use your recordings, transcripts or minutes to train AI models ourselves.

6. Storage, security and retention

Audio is stored in Amazon Web Services S3 in the ap-southeast-2 (Sydney) region, encrypted at rest, and automatically deleted 30 days after upload. Transcripts, minutes and account data are stored in an encrypted database, also in Australia, and retained until you delete the meeting or your account. When you delete your account we delete or anonymise your personal information within 30 days, except where the law requires longer retention.

We protect personal information with TLS encryption in transit, encryption at rest, short-lived signed URLs for audio access, bearer-token authentication, and rate limiting. No system is perfectly secure; if we become aware of a data breach likely to result in serious harm we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

7. Disclosure to third parties

We share personal information only with service providers we use to run Recdr, and only to the extent necessary:

We do not sell, rent or trade personal information. We may disclose information where required by law, court order, or to protect the rights, property or safety of Recdr, our users or the public.

8. Share links

When you create a share link, anyone who has the link can read that meeting's minutes without an account. Share pages are marked so search engines do not index them, but the link itself is the only access control — share it carefully. You can revoke a share link at any time, which disables it immediately.

9. Cookies and analytics

The Recdr website and web recorder use only what is strictly necessary: authentication tokens and your preferences, stored in your browser. We do not use third-party analytics, advertising trackers, or social media pixels on recdr.com.

10. International data transfers

Your data is primarily stored in Australia (AWS ap-southeast-2). Some sub-processors (Google, Telegram, Apple, Expo) may process data in the United States or other regions. Where this occurs we rely on the recipient's standard contractual clauses, certifications, or equivalent safeguards.

11. Your rights

Under the APPs and (where applicable) the GDPR you have the right to:

To exercise any of these rights, use the contact page or email hello@recdr.com. We will respond within 30 days.

12. Children

Recdr is not directed at children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. The "last updated" date above reflects the most recent revision. Significant changes will be communicated by email or a prominent notice on the site at least 14 days before they take effect.

14. Contact

For privacy questions, complaints, or to exercise any of your rights:
Marwood X — Privacy Officer
Email: hello@recdr.com
Contact form: recdr.com/contact