This Privacy Policy describes how epsacon LLC d/b/a Speq ("epsacon," "Speq," "we," "us," or "our"), collects, uses, stores, and protects your information when you use the Speq application, website at speq.bot, and related services (collectively, the "Service").
epsacon LLC is a limited liability company registered in Texas, United States, with its principal place of business in Houston, Texas. For the purposes of EU/UK data protection law, epsacon LLC is the data controller of your personal data.
For any privacy-related questions or requests, contact us at: support@speq.bot
When you create an account, we collect your email address and a hashed version of your password. We do not store your password in plain text. If you subscribe to a paid plan, our payment processor (Stripe) collects your payment information — we do not store credit card numbers or bank details on our servers.
When you start a meeting, Speq sends a bot to join your call (Teams, Zoom, or Google Meet) via a third-party meeting bot provider. The bot captures audio and streams it to our transcription provider for real-time transcription. Audio is processed in transit and is immediately discarded after processing. We do not store, record, or retain audio files at any point. No audio data persists on our servers or on the servers of our service providers after processing is complete.
We store the text-based outputs generated from your meetings, including: transcripts (text produced by the transcription service); AI-generated advisory analysis, summaries, and debriefs; questions you ask and answers generated by the AI; speaker labels and names you assign; meeting names, labels, and metadata (start time, duration, number of transcript lines); and screenshots you explicitly capture using the screenshot feature.
You may upload documents (PDF, DOCX, or text files) to bot profiles to train the AI coach on your specific domain. Uploaded documents are stored securely and processed into searchable text chunks (embeddings). We do not use documents you upload to train any general AI models. Processing is limited to creating embeddings for retrieval within your specific bot profile only. These chunks are scoped to the bot profile they were uploaded to and are not shared across profiles or with other users. You can delete documents at any time, which removes the document file and all associated processed data.
We store your Service preferences, including custom AI prompts, interval settings, and display preferences.
We store your subscription plan, billing status, usage minutes, and billing period dates. Payment card details are handled entirely by Stripe and are never stored on our servers. We store the Stripe customer ID associated with your account to manage your subscription.
Our servers automatically log basic connection information when you use the Service, including IP addresses, connection timestamps, and WebSocket connection events. This information is used solely for security monitoring and debugging purposes. We do not use tracking pixels, analytics scripts, or third-party tracking technologies on our website or in our application. We use only strictly necessary session cookies required for authentication and functionality.
When you connect your Google Calendar or Microsoft Outlook calendar, we access your upcoming calendar events (event titles, times, and meeting URLs) through the respective calendar API. This data is used solely to display your upcoming meetings in the Speq dashboard so you can join them with one click. Calendar event data is not stored on our servers — it is fetched in real time from the calendar provider's API and displayed in your browser session only. We do not modify, share, or retain your calendar data. You can disconnect your calendar at any time, which immediately revokes our access to your calendar events.
We use the information we collect for the following purposes and no others:
— To provide the Service: processing your audio for transcription, generating AI analysis and summaries, storing your meeting data, and managing your account.
— To manage billing: processing subscription payments, tracking usage against your plan limits, and communicating billing-related information.
— To communicate with you: responding to support requests, sending account-related notifications (such as subscription confirmations or payment failures), and providing notice of changes to our Terms or this Privacy Policy.
— To maintain and improve the Service: monitoring system performance, debugging errors, and ensuring security and availability.
— To comply with legal obligations: responding to valid legal processes and enforcing our Terms of Service.
We want to be explicit about what we will never do with your information:
— We do not sell, rent, lease, or trade your personal data or meeting content to any third party, for any reason.
— We do not use your meeting content, transcripts, audio, or any user-generated data to train, fine-tune, or improve any machine learning or artificial intelligence models, whether our own or those of any third party.
— We do not display advertisements in the Service or share your data with advertisers.
— We do not use cookies for tracking, advertising, or analytics. We use only strictly necessary session cookies for authentication and functionality.
— We do not combine your data with data from other users for profiling, analytics, or marketing purposes.
— We do not share your meeting content with other users unless you explicitly choose to do so.
We use the following categories of third-party service providers to operate the Service. These providers process your data only as necessary to deliver their respective services. All providers are bound by data processing agreements (DPAs) that prohibit them from using your data for their own purposes, including model training or any use beyond delivering the contracted service.
| Provider category | Purpose | Data processed |
|---|---|---|
| Meeting bot service | Joining meeting calls to capture audio | Meeting URL, audio stream (processed in transit, not stored) |
| Speech-to-text transcription | Real-time audio transcription with speaker diarization | Audio stream (processed in transit, not stored) |
| Large language model | AI advisory, summaries, debriefs, Q&A | Transcript text, summary context, document chunks, screenshots (when captured) |
| Embeddings service | Document processing for AI coach training | Uploaded document text (chunked for similarity search) |
| Calendar provider | Displaying upcoming meetings in user dashboard | Calendar event titles, times, and meeting URLs (fetched in real time, not stored) |
| Database and hosting | Data storage, user authentication, file storage | Account data, meeting content, uploaded documents, screenshots |
| Application hosting | Running the backend application | Application logs, connection metadata |
| Payment processing | Subscription billing and payment management | Email, payment method (handled by Stripe directly) |
We do not disclose your data to any third parties beyond the service provider categories listed above, except when required by law (see Section 9).
Your data is stored on servers located in the United States. All data transmitted between your browser and our servers is encrypted in transit using TLS (Transport Layer Security). Data at rest is encrypted using the security measures provided by our infrastructure and database providers.
We implement reasonable administrative, technical, and organizational measures to protect your data against unauthorized access, loss, destruction, or alteration. These measures include encrypted connections (WSS/HTTPS), secure authentication tokens, and access controls on our infrastructure. We regularly review and update our security practices, including vulnerability scanning and access logging.
However, no method of transmission over the internet and no method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
We retain your data for as long as your account is active or as needed to provide you with the Service. Specifically:
— Account information: retained until you request account deletion.
— Meeting content (transcripts, summaries, advisory, Q&A, screenshots): retained until you delete individual meetings or request account deletion.
— Uploaded documents and processed data: retained until you delete the document from the bot profile or request account deletion.
— Subscription and billing data: retained for the duration of your account and for a reasonable period thereafter as required for accounting, tax, and legal purposes.
— Server logs: retained for up to 30 days for security and debugging purposes, then automatically deleted.
— Audio data: not retained. Audio is processed in real-time transit and immediately discarded.
Regardless of where you are located, you have the following rights regarding your data:
— Access: You can access your meeting data at any time through the Service. You may request a copy of all personal data we hold about you by contacting support@speq.bot.
— Correction: You can update your account information and meeting data through the Service. For corrections we cannot make through the interface, contact support@speq.bot.
— Deletion: You can delete individual meetings through the Service. You may request complete account and data deletion by contacting support@speq.bot. We will process deletion requests as soon as practicable, and within 30 days.
— Export: You may request an export of your data by contacting support@speq.bot.
— Objection: You may object to our processing of your data at any time by contacting support@speq.bot. If you object, we may no longer be able to provide the Service to you.
We will respond to all verifiable requests within 30 days (or 45 days where permitted by applicable law).
We may disclose your information if we have a good-faith belief that such disclosure is reasonably necessary to: comply with applicable law, regulation, legal process, or enforceable governmental request; enforce our Terms of Service, including investigation of potential violations; detect, prevent, or otherwise address fraud, security, or technical issues; or protect the rights, property, or safety of epsacon LLC, our users, or the public as required or permitted by law.
If we receive a legal request for your data, we will notify you before disclosing it unless we are legally prohibited from doing so or unless the request relates to an emergency involving danger of death or serious physical injury.
The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information and terminate the associated account. See also Section 2 of our Terms of Service regarding age eligibility.
epsacon LLC is based in the United States. If you access the Service from outside the United States, including from the European Economic Area (EEA), United Kingdom (UK), or Switzerland, your data will be transferred to and processed in the United States.
The United States may not provide the same level of data protection as your home jurisdiction. By using the Service, you consent to the transfer of your data to the United States. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed. We may in the future rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards where available to provide additional protections for international data transfers.
If you are located in the European Economic Area, United Kingdom, or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR) and equivalent UK and Swiss data protection laws.
We process your personal data on the following legal bases:
— Performance of a contract: Processing your account data, meeting content, and subscription information is necessary to provide the Service you have requested (Article 6(1)(b) GDPR).
— Legitimate interests: We process server logs and connection metadata for security monitoring, fraud prevention, and service improvement, which are our legitimate interests (Article 6(1)(f) GDPR). These interests do not override your fundamental rights given the limited nature of the data involved and the safeguards we apply.
— Legal obligation: We may process your data as necessary to comply with applicable legal obligations (Article 6(1)(c) GDPR).
— Consent: Where required by law and not covered by the bases above, we will obtain your explicit consent before processing (Article 6(1)(a) GDPR). You may withdraw consent at any time.
In addition to the rights listed in Section 8, EEA, UK, and Swiss users have the following rights:
— Right to restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing pending verification.
— Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller, where technically feasible.
— Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement if you believe our processing of your personal data violates applicable data protection law.
— Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Your data is transferred to and processed in the United States. We rely on your explicit consent to these transfers, provided when you create an account and agree to these terms. We ensure that our third-party service providers maintain appropriate data protection standards through contractual obligations, including data processing agreements. We may in the future implement Standard Contractual Clauses (SCCs) or other transfer mechanisms as appropriate.
Given the nature and scale of our operations, we have not appointed a formal Data Protection Officer. For all data protection inquiries, please contact us at support@speq.bot. We will respond to all requests from EEA, UK, and Swiss individuals within 30 days, as required by applicable law.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include the right to know what personal information we collect, the right to request deletion of your personal information, and the right not to be discriminated against for exercising your privacy rights.
We do not sell personal information as defined by the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising. California residents may also request information about the categories of personal information we have disclosed to third parties for business purposes in the preceding 12 months. To exercise your California privacy rights, contact us at support@speq.bot. We will respond to verifiable requests within 45 days, as permitted by law.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. If we make material changes, we will notify you via email to the address associated with your account or through a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
epsacon LLC d/b/a Speq
Houston, Texas
support@speq.bot