Security & Privacy
Security & Privacy
This page describes how InterMIND handles your data in plain terms. For legal language, see the Privacy Policy and Terms of Service.
In Transit
All connections to InterMIND go over HTTPS / WSS (TLS). HTTP requests are redirected to HTTPS automatically — there is no plaintext fallback. This includes the web app, the WebSocket server that carries chat and signaling, and any media routed through our infrastructure.
Authentication
| Method | Status |
|---|---|
| Email + verification code | Available |
| Sign in with Google (OAuth 2.0) | Available |
| Sign in with Microsoft (OAuth 2.0) | Available |
| SSO / SAML | Not available today |
Passwords are never stored — sign-in is either a one-time verification code or an OAuth flow with Google / Microsoft. Sessions are kept in HTTP-only cookies; you can sign out from the profile menu at any time.
Real-Time Translation
Real-time voice and subtitle translation runs on InterMIND's own infrastructure — speech audio is processed on our private WebSocket service, not sent to a public OpenAI / Google Translate / Azure endpoint.
Document translation (PDF, DOCX, PPTX, XLSX) uses DeepL as the translation provider. Files are uploaded to DeepL over a TLS connection for translation and the result is returned to your meeting chat. DeepL's data handling is governed by DeepL's own privacy terms — they do not retain content for training.
Recordings and Transcripts
| Data | Storage | Retention |
|---|---|---|
| Meeting recordings | S3-compatible object storage | Stored until you delete them |
| Transcripts | Linked to the recording / meeting | Same as the recording |
| Chat messages | Database, linked to the meeting or channel | Until you delete them, or — for ad-hoc meetings — purged when the call ends |
There is no automatic expiry: a recording stays until someone with access deletes it. If you need a strict retention policy (90 days, 1 year, etc.), enforce it on your side or contact support to discuss.
Where Your Data Lives
InterMIND's primary application region is Paris (CDG, France) on Fly.io. Storage backends are S3-compatible and deployed in the same region. There is currently no per-customer region pinning — every account uses the same primary region.
What Other Parties See
| Party | What they see |
|---|---|
| InterMIND | Meeting metadata, chat content, recordings (until you delete them), transcripts, your account info |
| DeepL | Only the contents of documents you ask to translate, on a per-file basis |
| Google / Microsoft (if you sign in with them) | Your name, email, profile photo — standard OAuth scopes only |
| Stripe (if you pay) | Billing details (card, address) — InterMIND never sees the raw card number |
| Sentry, PostHog (error & analytics) | Anonymous usage events and crash traces; meeting content is never sent |
What InterMIND Does Not Do
- No model training on your data. Conversations, documents, and recordings are not used to train any AI model.
- No selling or sharing. Your data is not sold or shared with advertisers.
- No third-party tracking inside meetings. No tracking pixels, no ad SDKs in the meeting room.
Deleting Your Data
| To delete | How |
|---|---|
| A single recording | Open the meeting → Recordings → delete |
| A standalone chat history | Open the channel → Delete Channel Permanently (removes the channel and all its messages, files, and history) |
| Your entire account | Profile → Settings → Delete account, or contact support@intermind.com |
Account deletion removes your profile, meetings, recordings, transcripts, and chat history. Backups may take up to 30 days to age out.
Reporting a Security Issue
Email support@intermind.com with subject SECURITY and a short description. Do not include exploit details in tickets that aren't marked SECURITY.
Related
- Privacy Policy — Legal text
- Terms of Service — Legal text
- Billing & Plans — Plan-level data handling differences