SalesMemo Logo

SalesMemo

Slovensky

Privacy Policy (GDPR)

Last updated: March 13, 2026

This Privacy Policy (the “Policy”) explains how Mijoo s.r.o. (the “Controller,” “we”) processes personal data when you use the SalesMemo service (the “Service” or the “App”), including the website, mobile app, and related features.

Our goal is to process only the minimum necessary data, keep it secure, and stay transparent about what, why, and how we process it.

Zero-Knowledge Architecture (No Access to Your Data)

SalesMemo is designed so that we, as the service provider, do not have the technical ability to listen to your recordings.

  • Client-side encryption: Each audio recording is encrypted directly on your device before being stored in our cloud using a unique AES-256 key.
  • Key management: The encryption key is stored only on your phone (iOS Keychain). We do not own it, store it, or have access to it.
  • Consequence: If you lose your device and you have not backed up your keys, we cannot recover your recordings — to us they remain readable only as encrypted data.

1. Who is the controller?

Controller of personal data:

  • Mijoo s.r.o.
  • Klimkovičova 3166/25, 040 23 Košice – mestská časť Sídlisko KVP, Slovak Republic
  • Company ID (IČO): 54245044
  • Tax ID (DIČ): 2121609589
  • VAT ID: SK2121609589
  • E-mail: privacy@salesmemo.sk

Data protection contact / DPO (if appointed): dpo@salesmemo.sk

2. Basic terms (so we understand each other)

  • Personal data: information that can directly or indirectly identify you (e.g., e-mail, IP address, billing data).
  • Data subject: a user of the Service or a person whose data ends up in the Service (e.g., someone mentioned in a recording).
  • Processing: any operation with data (storage, deletion, transfer, analysis…).
  • Processor: a partner who technically helps us provide the Service (e.g., hosting, payments, analytics, AI).

3. What data do we process?

3.1 Data you provide

  • Registration data: first name, last name, e-mail, password (encrypted)
  • Profile data: role/segment (e.g., real estate agent, financial advisor, salesperson)
  • Content you add to the Service: voice recordings, texts, notes, meeting names, tasks, resulting summaries
  • Communication with us: e-mails, support messages, any requests and feedback

3.2 Data collected automatically

  • Technical data: device type, OS, browser, language, time zone, app versions
  • Usage data: clicks, features used, session duration, visited pages (for security and improvements)
  • Identifiers: IP address, logs, cookies (more in the Cookies section)

3.3 Payment and billing data

  • billing details (e.g., company, company ID, address)
  • plan information, subscription status, payment status

Note: We generally do not process your payment card data directly – this is handled by a certified payment provider.

4. Why we use your data and on what legal basis

We process your data only to the extent necessary for running the Service.

A) Providing the Service and its features

  • Purpose: account creation, login, profile management, storing outputs, history, synchronization
  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)

B) AI processing of recordings (transcription, summary, tasks, follow-up texts)

  • Purpose: converting voice to text, creating structured outputs, improving user productivity
  • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  • Important: the user is responsible for having permission to record content (e.g., consent of meeting participants if required by law).

C) Support, communication, and customer service

  • Purpose: answering questions, solving issues, onboarding, service status notifications
  • Legal basis: performance of a contract / legitimate interest (Art. 6(1)(b/f) GDPR)

D) Billing, accounting, and legal obligations

  • Purpose: issuing invoices, recording payments, accounting duties
  • Legal basis: legal obligation (Art. 6(1)(c) GDPR)

E) Security, abuse prevention, and incidents

  • Purpose: account protection, fraud detection, access logging, security audits
  • Legal basis: legitimate interest (Art. 6(1)(f) GDPR)

F) Analytics and product improvement

  • Purpose: usage statistics, performance, UX improvements, bug detection
  • Legal basis: consent (cookies/marketing) or legitimate interest (only to the necessary extent, anonymized) – depending on settings

On the website, cookie consent is managed by Cookiebot by Usercentrics. We use Google Tag Manager to deliver analytics tags only after consent has been granted for analytics cookies. Google Analytics 4 remains blocked until that analytics consent is granted.

G) Marketing (only if you explicitly opt in)

  • Purpose: newsletter, product updates, offers
  • Legal basis: consent (Art. 6(1)(a) GDPR) or legitimate interest for B2B communication in a reasonable scope (as permitted by law)
  • Opt-out: always easy – 1 click or e-mail.

5. AI processing of voice recordings and content

SalesMemo uses artificial intelligence for transcription and generating outputs (e.g., summaries, tasks, follow-up messages).

How it works from a data protection perspective:

  • transfer happens over a secure connection (TLS/HTTPS)
  • processing is performed solely to provide the feature the user requests
  • after processing, a text output is created and stored with your account
  • AI provider used for these operations: OpenAI Global, LLC. (processor/sub-processor)
  • data categories sent for AI processing: audio recording, generated transcript text, and selected processing context (language, personality, profession)
  • AI processing starts only after explicit in-app consent
  • consent can be withdrawn at any time in the app (Profile -> Preferences), after which AI processing features are disabled until consent is granted again

Use of data for model training:

  • we do not use users’ personal data or content to train public AI models unless a specific consent or contractual arrangement is in place

Recommendation (B2B practice):

  • we do not recommend uploading sensitive data (e.g., health data, national ID numbers, document numbers) unless strictly necessary
  • users should consider their company’s internal rules (compliance)

6. Who has access to the data?

Your data is accessible only to:

  • you (as the user) within your account
  • authorized personnel of the Controller, only to the necessary extent (e.g., handling a technical incident)
  • our vetted processors (subcontractors) who provide the Service infrastructure

Access is permission-based, audited, and limited to the minimum.

7. Data sharing and processors

We do not sell your data or provide it to third parties for marketing purposes.

Your data may be processed by our partners who help us provide the Service, especially:

  • hosting / infrastructure / cloud storage
  • payment and billing provider
  • AI processing (transcription and text generation)
    • OpenAI Global, LLC. (AI processor)
  • analytics and monitoring (e.g., performance, errors, cookies)

We sign data processing agreements (DPAs) with every processor and require an appropriate level of protection.

8. Transfers to third countries (outside the EEA)

Some technology partners may process data outside the European Economic Area (EEA).

In such cases, we ensure protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • other appropriate safeguards under the GDPR.

9. How long we keep the data

We store data only for as long as necessary for the purposes for which it was collected:

  • Account and profile: for the duration of the active account
  • Generated content (summaries, tasks, texts): for the duration of the account (unless you delete it)
  • Voice recordings: typically according to the Service settings (e.g., temporary storage) or according to the user’s chosen retention mode
  • Billing data: 10 years (legal obligation)
  • Security logs: proportionately (usually months) for system protection purposes
  • Analytics data: depending on the tool type (e.g., 26 months), or shorter

After the retention period expires, we securely delete or anonymize the data.

10. Your rights under the GDPR

You have the right to:

  • access your data
  • rectify inaccurate data
  • erasure (“right to be forgotten”)
  • restrict processing
  • data portability
  • object to processing based on legitimate interest
  • withdraw consent (if consent is the legal basis)

We handle requests without undue delay, no later than within 1 month.

Contact: privacy@salesmemo.sk

11. Data security

We use appropriate technical and organizational measures, in particular:

  • encryption of communications (TLS/HTTPS)
  • encryption of stored data (where suitable and available)
  • access controls and internal access logging
  • account protection (secure passwords, abuse protection)
  • regular updates, monitoring, and security measures
  • backups and recovery in case of incidents

Despite our efforts, the internet is not 100% risk-free – we recommend using a strong password and protecting access to your account.

12. Cookies and similar technologies

We use cookies for proper website operation and to improve user experience.

Current website cookie categories:

  • Necessary cookies – required for website functionality and login
  • Analytics cookies – measuring traffic and behavior (e.g., Google Analytics 4) only with consent

Cookiebot by Usercentrics collects, stores, and updates your website cookie choices. Google Tag Manager forwards that consent state to analytics tags, which stay blocked until analytics consent is granted.

You can change your analytics consent at any time via the Cookie settings link in the footer. The current Cookiebot cookie declaration for this website is embedded below on this page.

13. Using the Service within a company (B2B note)

If you use SalesMemo within a company and process third-party data (e.g., clients), the following may apply:

  • you or your company are the controller of that data,
  • we are the processor in such a case (processing data according to your instructions).

We recommend having internal legal permission to record and process meetings (e.g., informing participants).

14. Changes to this Policy

We may update this Policy from time to time (e.g., when features or legislation change). We will inform you about significant changes by e-mail or in-Service notification.

15. Contact and complaints

If you have questions, requests, or suggestions:

You also have the right to lodge a complaint with the supervisory authority:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27
Web: www.dataprotection.gov.sk

This Privacy Policy is effective from: March 13, 2026