Privacy Notice for Meeting Participants
This page is for people who participated in a meeting where Sally AI was present — for example, as a colleague, client, or external guest. You are not a customer of Sally AI. The company that invited you to the meeting is responsible for how your data is used.
Who controls your data?
Sally AI acts as a Data Processor — not a Data Controller. The company that organised or hosted the meeting is the Data Controller and is solely responsible for deciding how your personal data is used and on what legal basis.
Sally AI is an AI assistant that joins online meetings on platforms such as Microsoft Teams, Zoom, and Google Meet to automatically transcribe and summarize them for the company using the service. Before recording begins, Sally AI posts a notification in the meeting chat so all participants are informed.
The organisation that invited you to the meeting. They decided to use Sally AI, they set the retention rules, and they are your primary contact for privacy requests. They determine the legal basis for processing your data.
Sally AI acts only on the company's instructions. We do not decide why or how your data is used — we only provide the technical service. We process your data exclusively to deliver the transcription and summary service to the company.
What data is processed?
When Sally AI is active in a meeting, the following categories of personal data may be processed:
Your audio and, if enabled, video feed — captured only if the company has activated recording for this meeting.
A text transcription of everything spoken during the meeting. This is the core output of the service.
Your full name and role as they appear in the meeting platform metadata (e.g., display name, job title if shown).
Date, time, platform, meeting ID, and other technical details that identify the meeting session.
Why is this data processed? The company using Sally AI needs meeting transcripts and summaries for their internal business processes — for example, documentation, action items, and follow-ups. The legal basis for this processing is determined by the Data Controller (the company), not by Sally AI.
Where is data stored and how long is it kept?
All data is stored and processed exclusively in EU-only data centers, primarily in Germany. There are no transfers to countries outside the EU.
Retention periods are set by the company. Temporary audio pipeline data is automatically deleted once the transcript is created, unless the company has enabled recording storage. For transcript and summary retention, contact the company directly.
Your rights under GDPR
As a meeting participant, you have the following rights under the GDPR (Arts. 15–21):
Request a copy of the personal data we hold about you.
Ask for inaccurate or incomplete data to be corrected.
Request deletion of your personal data ("right to be forgotten").
Ask us to limit processing while a dispute is being resolved.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests.
How to exercise your rights
The company that hosted the meeting is the Data Controller and your first point of contact for any privacy request. Check the meeting invitation, the company's privacy policy, or ask the organiser directly.
If you cannot identify the company or cannot reach them, you can contact Sally AI at privacy@sally.io. We will do our best to assist you or forward your request to the correct controller.
Sally AI acknowledges all incoming privacy requests within 5 business days. Where Sally AI can act directly, we will; otherwise we will coordinate with the company on your behalf.
Opt-out & notification
- →Ask the meeting organiser to disable recording for this specific meeting.
- →Leave the meeting if you do not consent to being recorded or transcribed.
- →All participants receive an automatic notification in the meeting chat when Sally AI joins. If you did not receive one, ask the organiser to confirm whether recording is active.