Privacy Settings in Sally - Overview
Full control over how meetings are recorded, how participants are informed, and how long data is stored. Tailor Sally to your organization's privacy and compliance requirements.
Get Started →What you'll find in this section
Notify participants by email before a recording starts. Manage opt-in and opt-out consent.
Control how participants are informed about Sally's presence in a meeting.
Define whether and how meetings are recorded by Sally.
Set retention periods so meeting data is automatically deleted after a defined time.
Control whether users can download transcripts, recordings, and summaries.
Define which email domains are considered internal, affecting how privacy notices are applied.
Your data. Your control.
Sally processes meeting data — including audio, transcripts, and summaries — on behalf of your organization. Under the GDPR, your company acts as the data controller, while Sally operates as the data processor in accordance with Art. 28 GDPR.
Here's what that means in practice:
- EU-only hosting - All data is stored and processed exclusively within the European Union. No data ever leaves the EU.
- Data masking - Personal data is automatically masked before being sent to any AI model. Identifiable information never reaches the language model.
- No AI training - Your data is never used to train or improve language models. This is guaranteed both contractually and technically.
- Retention you define - You decide how long meeting data is stored. Automatic deletion ensures data is removed after the period you set.
- Participant consent - Sally supports opt-in and opt-out consent workflows so you can meet your notification obligations under the GDPR.
- Data Processing Agreement - A GDPR-compliant DPA under Art. 28 is available for every customer.
For full details on hosting, certifications, subprocessors, and how to request a DPA, visit our Privacy & Security section.