Privacy Policy

Effective Date: March 14, 2026 | Last Updated: March 14, 2026

H33.ai, Inc. ("H33.ai," "we," "us," or "our") operates V101.ai, a platform that records conversations and uses AI to produce derivative content — clips, shorts, transcripts, social posts, titles, descriptions, and marketing assets — and distributes that content across multiple channels from a single canonical source. We are committed to protecting your privacy and maintaining the security of your personal information in accordance with applicable privacy laws including GDPR, CCPA, and HIPAA (where applicable under a signed Business Associate Agreement).

1. Information We Collect

1.1 Account Information

  • Full name
  • Email address (used for authentication via magic link)
  • Company/organization name (optional, provided at signup)
  • Payment information (processed securely through Stripe; we do not store card numbers)

1.2 Authentication Data

  • JSON Web Tokens (JWT) stored in your browser's localStorage for session management
  • Refresh tokens for session continuity
  • Two-factor authentication (2FA) enrollment status
  • Magic link verification tokens (sent via email, expire after 15 minutes)

1.3 Usage Information

  • Device information (IP address, browser type, operating system)
  • Video conference metadata (date, time, duration, room IDs, participants)
  • Feature usage (views accessed, actions taken within the platform)
  • Workspace and settings preferences

1.4 Content & Media Information

  • Video and audio recordings — captured via your device camera, microphone, and/or screen sharing when recording is explicitly enabled by the meeting host
  • AI-generated transcripts — created from your audio using third-party transcription services (see Section 4)
  • Chat messages — sent during video conferences via WebSocket, stored server-side
  • Video clips and edits — clips created from recordings, including caption styles, edited segments, and export configurations
  • Screen sharing content — transmitted to meeting participants during active screen shares

1.5 Client-Side Storage

V101.ai stores data locally in your browser to provide a seamless experience:

  • localStorage: Authentication tokens, user profile data, workspace settings, theme preferences, language/timezone settings, connected social accounts, and integration states
  • IndexedDB: Video recording blobs for local recording before upload

This data remains on your device and can be cleared by clearing your browser data or logging out. We do not use cookies for tracking. No third-party analytics or advertising trackers are loaded.

1.6 Social Media Account Data

When you connect social media accounts for video publishing, we receive and store:

  • OAuth access tokens for each connected platform (TikTok, Instagram, YouTube, LinkedIn, Facebook)
  • Basic profile information (username, profile name) from each connected platform
  • Connection status and platform-specific publishing permissions

We only request the minimum permissions needed to publish video content on your behalf. You can disconnect any platform at any time from your Settings.

1.7 API & Developer Data

If you use our developer tools:

  • API keys you generate and their associated permissions
  • Webhook endpoint URLs you configure and delivery logs
  • API usage metrics and rate limit data

2. How We Use Your Information

2.1 Service Provision

  • Authenticate you and manage your session
  • Facilitate video conferencing via WebRTC peer-to-peer connections
  • Process and store recordings when explicitly requested
  • Generate AI-powered transcripts, highlights, and summaries
  • Enable video editing, clipping, captioning, and export
  • Publish content to connected social media platforms on your behalf
  • Process billing and payments
  • Deliver webhook events to your configured endpoints

2.2 Security

  • Validate authentication tokens
  • Maintain audit logs of account activity
  • Detect and prevent unauthorized access

2.3 Platform Improvement

  • Analyze aggregate usage patterns to improve service quality
  • Develop and test new features
  • Generate analytics dashboards (viewable by you in your account)

2.4 Communications

  • Send magic link authentication emails
  • Send service-related notifications
  • Provide account updates and security alerts

3. Video Conferencing & WebRTC

V101.ai uses WebRTC (Web Real-Time Communication) for video and audio conferencing:

  • Peer-to-peer connections: Video and audio streams are transmitted directly between participants where possible
  • Signaling server: Connection setup metadata (ICE candidates, session descriptions) passes through our WebSocket signaling server at wss://turn.v100.ai. This metadata includes your IP address.
  • TURN relay: When direct peer-to-peer connections cannot be established (e.g., due to firewalls), media may be relayed through our TURN server. In this case, encrypted media passes through our infrastructure.
  • Camera, microphone, and screen capture: Access to these device capabilities requires your explicit browser permission. You can enable/disable your camera and microphone at any time during a call.

4. Third-Party Data Processors

4.1 AI Transcription Services

Important: When AI transcription features are enabled, your audio data is sent to third-party AI services for processing:

  • Deepgram — Used for real-time (live) transcription during conferences. Audio is streamed to Deepgram's API and processed in real-time. See Deepgram's Privacy Policy.
  • OpenAI (Whisper) — Used for batch transcription of recorded audio. Audio files are sent to OpenAI's API. See OpenAI's Privacy Policy.
  • AssemblyAI — Used as an alternative transcription provider. Audio is sent to AssemblyAI's API. See AssemblyAI's Privacy Policy.

Transcription is only activated when you or the meeting host explicitly enables it. You will see a visual indicator when transcription is active. We do not send audio to AI services without an explicit user action.

4.2 Authentication & Email

  • Auth1 (by Z101) — Handles authentication, magic link delivery, and user account management. Your email address and name are stored by Auth1.
  • AWS (Amazon Web Services) — Infrastructure hosting and email delivery (SES)

4.3 Payment Processing

  • Stripe — Processes all payments. Card numbers and payment details are handled directly by Stripe and never touch our servers. See Stripe's Privacy Policy.

4.4 Social Media Platforms

When you connect and publish to social platforms, content and metadata are shared with:

  • TikTok — Video content, titles, descriptions for publishing
  • Instagram — Video content, captions for publishing
  • YouTube — Video content, titles, descriptions, tags for publishing
  • LinkedIn — Video content, text for publishing
  • Facebook — Video content, descriptions for publishing

Each platform's own privacy policy governs how they handle your content after it is published. We recommend reviewing each platform's policies before connecting your accounts.

4.5 Additional Services

  • HeyGen — AI avatar video generation (when enabled). Video and text prompts are sent to HeyGen for processing.
  • Recall.ai — Meeting bot integration (when enabled). Meeting access data is shared with Recall.ai.

4.6 We Do NOT:

  • Sell your personal information to third parties
  • Share personal information with advertisers or data brokers
  • Use your content to train AI models (our AI sub-processors process your data for transcription only and do not retain it for model training under our agreements)
  • Share video recordings or transcripts except with authorized meeting participants
  • Load third-party tracking pixels, advertising scripts, or analytics trackers

5. HIPAA Compliance

V101.ai can be used in HIPAA-regulated environments when a Business Associate Agreement (BAA) is in place. If you are a Covered Entity or Business Associate:

5.1 Business Associate Agreement

Contact support@h33.ai to execute a BAA before transmitting Protected Health Information (PHI) through V101.ai.

5.2 PHI Safeguards

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access controls restrict data access
  • Audit Logs: Comprehensive audit trails track all access and modifications
  • Breach Notification: We will notify you of any PHI breaches as required by law

6. Data Security

6.1 Technical Safeguards

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • WebRTC media encryption (DTLS-SRTP) for video/audio streams
  • JWT-based authentication with token expiration
  • Two-factor authentication (2FA) support
  • API key authentication with granular permissions
  • Content Security Policy (CSP) headers to prevent XSS attacks

6.2 Important Security Note

Authentication tokens are stored in your browser's localStorage. While convenient, this means tokens could be accessed by malicious browser extensions or XSS vulnerabilities. We mitigate this through strict CSP headers and input sanitization. For maximum security, we recommend keeping your browser and extensions up to date.

7. Data Retention and Deletion

7.1 Retention Periods

  • Account Information: Retained while account is active and for 90 days after closure
  • Recordings & Clips: Retained per your settings (default 30 days, configurable up to 7 years)
  • Transcripts: Same retention as their source recordings
  • Chat Messages: Retained for the duration of the meeting and stored with meeting records
  • Audit Logs: Retained for 7 years for compliance purposes
  • Client-Side Data: Persists until you log out or clear browser data
  • PHI: Retained as specified in your BAA (typically 6 years minimum per HIPAA)

7.2 Data Deletion

Upon request or account closure, we will:

  • Delete personal information within 90 days
  • Remove all recordings, clips, transcripts, and exports
  • Revoke all API keys and webhook configurations
  • Disconnect all social media platform connections
  • Return or destroy PHI as specified in BAA
  • Maintain audit logs as required by law

8. Your Rights

8.1 Access and Portability

  • Access your personal information
  • Request a copy of your data in a portable format
  • Download your recordings, clips, and transcripts
  • Export your data via our API

8.2 Correction and Deletion

  • Correct inaccurate personal information
  • Request deletion of your data (subject to legal retention requirements)
  • Close your account and have your data removed

8.3 Control and Consent

  • Opt out of marketing communications
  • Enable or disable AI transcription features
  • Connect or disconnect social media accounts at any time
  • Control recording settings
  • Manage camera/microphone permissions via your browser
  • Revoke API keys
  • Withdraw consent for optional data processing

8.4 California Privacy Rights (CCPA)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed (we do not sell personal information)
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising CCPA rights

8.5 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights including:

  • Right to restriction of processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time

9. International Data Transfers

V101.ai is based in the United States. Your data is processed in the United States. For international users, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) where applicable
  • Data Processing Agreements with international customers
  • Compliance with GDPR for EU users

10. Children's Privacy

V101.ai is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notification

Continued use of V101.ai after changes constitutes acceptance of the updated policy.

12. Contact Information

H33.ai, Inc.

Privacy Officer

Email: support@h33.ai

For HIPAA-related inquiries: support@h33.ai

For security concerns: support@h33.ai

13. Breach Notification

In the event of a data breach, we will:

  • Notify affected users without unreasonable delay, and in no case later than 72 hours (GDPR) or 60 days (HIPAA)
  • Provide detailed information about the breach
  • Document our investigation and response
  • Implement measures to prevent future breaches
  • Notify relevant supervisory authorities as required by law

This Privacy Policy was last updated on March 14, 2026. For questions or to exercise your rights, please contact us at support@h33.ai.