Privacy Policy (GDPR)

Last updated: January 25, 2026

This Privacy Policy (the “Policy”) explains how Mijoo s.r.o. (the “Controller,” “we”) processes personal data when you use the SalesMemo service (the “Service” or the “App”), including the website, mobile app, and related features.

Our goal is to process only the minimum necessary data, keep it secure, and stay transparent about what, why, and how we process it.

Zero-Knowledge Architecture (No Access to Your Data)

SalesMemo is designed so that we, as the service provider, do not have the technical ability to listen to your recordings.

Client-side encryption: Each audio recording is encrypted directly on your device before being stored in our cloud using a unique AES-256 key.
Key management: The encryption key is stored only on your phone (iOS Keychain). We do not own it, store it, or have access to it.
Consequence: If you lose your device and you have not backed up your keys, we cannot recover your recordings — to us they remain readable only as encrypted data.

1. Who is the controller?

Controller of personal data:

Mijoo s.r.o.
Klimkovičova 3166/25, 040 23 Košice – mestská časť Sídlisko KVP, Slovak Republic
Company ID (IČO): 54245044
Tax ID (DIČ): 2121609589
VAT ID: SK2121609589
E-mail: privacy@salesmemo.sk

Data protection contact / DPO (if appointed): dpo@salesmemo.sk

2. Basic terms (so we understand each other)

Personal data: information that can directly or indirectly identify you (e.g., e-mail, IP address, billing data).
Data subject: a user of the Service or a person whose data ends up in the Service (e.g., someone mentioned in a recording).
Processing: any operation with data (storage, deletion, transfer, analysis…).
Processor: a partner who technically helps us provide the Service (e.g., hosting, payments, analytics, AI).

3. What data do we process?

3.1 Data you provide

Registration data: first name, last name, e-mail, password (encrypted)
Profile data: role/segment (e.g., real estate agent, financial advisor, salesperson)
Content you add to the Service: voice recordings, texts, notes, meeting names, tasks, resulting summaries
Communication with us: e-mails, support messages, any requests and feedback

3.2 Data collected automatically

Technical data: device type, OS, browser, language, time zone, app versions
Usage data: clicks, features used, session duration, visited pages (for security and improvements)
Identifiers: IP address, logs, cookies (more in the Cookies section)

3.3 Payment and billing data

billing details (e.g., company, company ID, address)
plan information, subscription status, payment status

Note: We generally do not process your payment card data directly – this is handled by a certified payment provider.

4. Why we use your data and on what legal basis

We process your data only to the extent necessary for running the Service.

A) Providing the Service and its features

Purpose: account creation, login, profile management, storing outputs, history, synchronization
Legal basis: performance of a contract (Art. 6(1)(b) GDPR)

B) AI processing of recordings (transcription, summary, tasks, follow-up texts)

Purpose: converting voice to text, creating structured outputs, improving user productivity
Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
Important: the user is responsible for having permission to record content (e.g., consent of meeting participants if required by law).

C) Support, communication, and customer service

Purpose: answering questions, solving issues, onboarding, service status notifications
Legal basis: performance of a contract / legitimate interest (Art. 6(1)(b/f) GDPR)

D) Billing, accounting, and legal obligations

Purpose: issuing invoices, recording payments, accounting duties
Legal basis: legal obligation (Art. 6(1)(c) GDPR)

E) Security, abuse prevention, and incidents

Purpose: account protection, fraud detection, access logging, security audits
Legal basis: legitimate interest (Art. 6(1)(f) GDPR)

F) Analytics and product improvement

Purpose: usage statistics, performance, UX improvements, bug detection
Legal basis: consent (cookies/marketing) or legitimate interest (only to the necessary extent, anonymized) – depending on settings

We use a consent mode for analytics cookies.

G) Marketing (only if you explicitly opt in)

Purpose: newsletter, product updates, offers
Legal basis: consent (Art. 6(1)(a) GDPR) or legitimate interest for B2B communication in a reasonable scope (as permitted by law)
Opt-out: always easy – 1 click or e-mail.

5. AI processing of voice recordings and content

SalesMemo uses artificial intelligence for transcription and generating outputs (e.g., summaries, tasks, follow-up messages).

How it works from a data protection perspective:

transfer happens over a secure connection (TLS/HTTPS)
processing is performed solely to provide the feature the user requests
after processing, a text output is created and stored with your account
AI provider used for these operations: OpenAI Global, LLC. (processor/sub-processor)
data categories sent for AI processing: audio recording, generated transcript text, and selected processing context (language, personality, profession)
AI processing starts only after explicit in-app consent
consent can be withdrawn at any time in the app (Profile -> Preferences), after which AI processing features are disabled until consent is granted again

Use of data for model training:

we do not use users’ personal data or content to train public AI models unless a specific consent or contractual arrangement is in place

Recommendation (B2B practice):

we do not recommend uploading sensitive data (e.g., health data, national ID numbers, document numbers) unless strictly necessary
users should consider their company’s internal rules (compliance)

6. Who has access to the data?

Your data is accessible only to:

you (as the user) within your account
authorized personnel of the Controller, only to the necessary extent (e.g., handling a technical incident)
our vetted processors (subcontractors) who provide the Service infrastructure

Access is permission-based, audited, and limited to the minimum.

7. Data sharing and processors

We do not sell your data or provide it to third parties for marketing purposes.

Your data may be processed by our partners who help us provide the Service, especially:

hosting / infrastructure / cloud storage
payment and billing provider
AI processing (transcription and text generation)
- OpenAI Global, LLC. (AI processor)
analytics and monitoring (e.g., performance, errors, cookies)

We sign data processing agreements (DPAs) with every processor and require an appropriate level of protection.

8. Transfers to third countries (outside the EEA)

Some technology partners may process data outside the European Economic Area (EEA).

In such cases, we ensure protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission, or
other appropriate safeguards under the GDPR.

9. How long we keep the data

We store data only for as long as necessary for the purposes for which it was collected:

Account and profile: for the duration of the active account
Generated content (summaries, tasks, texts): for the duration of the account (unless you delete it)
Voice recordings: typically according to the Service settings (e.g., temporary storage) or according to the user’s chosen retention mode
Billing data: 10 years (legal obligation)
Security logs: proportionately (usually months) for system protection purposes
Analytics data: depending on the tool type (e.g., 26 months), or shorter

After the retention period expires, we securely delete or anonymize the data.

10. Your rights under the GDPR

You have the right to:

access your data
rectify inaccurate data
erasure (“right to be forgotten”)
restrict processing
data portability
object to processing based on legitimate interest
withdraw consent (if consent is the legal basis)

We handle requests without undue delay, no later than within 1 month.

Contact: privacy@salesmemo.sk

11. Data security

We use appropriate technical and organizational measures, in particular:

encryption of communications (TLS/HTTPS)
encryption of stored data (where suitable and available)
access controls and internal access logging
account protection (secure passwords, abuse protection)
regular updates, monitoring, and security measures
backups and recovery in case of incidents

Despite our efforts, the internet is not 100% risk-free – we recommend using a strong password and protecting access to your account.

12. Cookies and similar technologies

We use cookies for proper website operation and to improve user experience.

Types of cookies:

Necessary cookies – required for website functionality and login
Functional cookies – remembering preferences (e.g., language)
Analytics cookies – measuring traffic and behavior (e.g., Google Analytics 4) only with consent
Marketing cookies – used only if you actively allow them

You can change your consent at any time via the cookie settings on the site.

13. Using the Service within a company (B2B note)

If you use SalesMemo within a company and process third-party data (e.g., clients), the following may apply:

you or your company are the controller of that data,
we are the processor in such a case (processing data according to your instructions).

We recommend having internal legal permission to record and process meetings (e.g., informing participants).

14. Changes to this Policy

We may update this Policy from time to time (e.g., when features or legislation change). We will inform you about significant changes by e-mail or in-Service notification.

15. Contact and complaints

If you have questions, requests, or suggestions:

privacy@salesmemo.sk
dpo@salesmemo.sk (if a responsible person/DPO is appointed)

You also have the right to lodge a complaint with the supervisory authority:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27
Web: www.dataprotection.gov.sk

This Privacy Policy is effective from: January 25, 2026