NextUpNextUp

Privacy Policy

Last updated: 19 April 2026

Overview

NextUp AI ("NextUp," "we," "us," or "our") is operated by Digital3 Pty Ltd. This Privacy Policy explains how we collect, use, and safeguard your information when you use the NextUp mobile applications (iOS, macOS, watchOS), web application, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Information We Collect

Information You Provide

  • Account information: When you sign in with Apple or Google, we receive your name, email address, and a unique identifier. We do not receive or store your password.
  • Audio recordings: Audio files you record or upload for transcription. These are processed and then deleted from our servers (see Data Retention below).
  • Voice characteristics (voiceprints): To tell speakers apart across meetings, we generate and store a mathematical voice embedding for each speaker you label. These are derived from your recordings, stored in encrypted form, and never shared. You can delete them at any time by deleting the associated meeting or your account.
  • Text content: Action items, notes, project names, tags, transcripts, and other text you create within the Service.
  • Calendar data: If you connect Google or Microsoft calendar, we access event titles, times, and attendees to provide meeting context. We do not modify your calendar.
  • Email content (optional): If you connect Gmail or Outlook, we read message subjects and bodies solely to extract action items. Message content is processed in memory and is not stored on our servers.
  • Approximate location (optional): If you grant location permission on iOS, we use your approximate location to show weather and city name on the Today screen. Location is never stored, shared, or associated with recordings.

Information Collected Automatically

  • Usage events: We log anonymised interaction events (e.g., "action_created", "recording_started") to improve the product. These events are stripped of personally identifiable information before storage.
  • Device information: Device model, operating system version, and app version for crash reporting and compatibility.
  • Push notification tokens: Device tokens for delivering push notifications. These are stored securely and removed when you unregister.

Information We Do Not Collect

  • We do not store your location. Location is used only in-memory for weather lookup and discarded.
  • We do not access your contacts, photos, or files beyond what you explicitly share with the app.
  • We do not use advertising trackers or sell your data to third parties.

How We Use Your Information

  • Transcription and AI processing: Audio is sent to our servers for transcription and AI-powered summarisation, action extraction, and suggestions.
  • Sync: Your actions, projects, and settings are synced across your devices via our cloud infrastructure.
  • Personalisation: We use your accept/reject patterns on AI suggestions to improve future recommendations for your account.
  • Notifications: To send you reminders and processing completion alerts via Apple Push Notifications.
  • Billing: To manage your subscription, credit balance, and purchase history.
  • Support and improvement: To diagnose issues, improve features, and respond to your feedback.

Data Processing and Third-Party Services

We use the following third-party services to process your data. Each service receives only the minimum data necessary for its function:

  • OpenAI: Receives transcript text for embeddings and image OCR. Audio is never sent to OpenAI. OpenAI does not use API data for training. OpenAI API Data Usage Policy
  • Anthropic (Claude): Receives transcript text for summarisation, action extraction, and the in-app chat assistant. Anthropic does not use API data for training. Anthropic Privacy Policy
  • Google Cloud (Gemini Live and KMS): Receives streamed audio and text when you use the voice assistant feature. We also use Google Cloud Key Management Service to encrypt your data at rest with per-user keys. Google Cloud DPA
  • Modal: Runs our backend transcription and API compute.
  • Apple: Handles Sign in with Apple authentication, In-App Purchases, iCloud sync, and Push Notifications.
  • Google: Handles Sign in with Google authentication and optional Gmail, Calendar, and Drive integrations.
  • Microsoft: Handles optional Outlook Mail and Calendar integrations.
  • Stripe: Processes web-based payments. We do not store your credit card details. Stripe Privacy Policy

Data Retention

Audio files uploaded for transcription are processed and deleted from our servers once the transcription job is complete. We do not retain audio recordings beyond the processing window.

Transcribed text, action items, and other content you create are retained as part of your account data for as long as your account is active. Local data on your device is stored in Core Data and optionally synced via iCloud.

Anonymous analytics data is retained for up to 12 months.

Data Storage and Security

  • Account data, actions, and sync data are stored in a PostgreSQL database hosted on secure infrastructure.
  • All data in transit is encrypted using TLS (HTTPS).
  • Sensitive fields — including transcript segments, voiceprints, and AI-generated summaries — are encrypted at rest with per-user keys managed by Google Cloud Key Management Service (AES-256-GCM). When you delete your account, the encryption key is destroyed so remaining ciphertext cannot be recovered.
  • API authentication uses JWT tokens and shared secrets.
  • Local data on your device is stored in Core Data and optionally synced via Apple's encrypted iCloud (CloudKit) infrastructure.

Your Rights

You have the right to:

  • Access all your data within the app at any time
  • Export your actions and session data
  • Delete your account and all associated data directly inside the app — go to Settings → Account & Profile → Delete Account. Deletion takes effect immediately; we destroy your per-user encryption key so remaining ciphertext cannot be recovered.
  • Disable push notifications through your device settings
  • Disconnect calendar, email, and storage integrations at any time
  • Request a copy of your data by emailing privacy@nextupai.app

Australian residents have additional rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Residents of the EU, UK, or California have rights under GDPR, UK GDPR, and CCPA respectively, including the right to access, correct, port, and erase personal information. Contact privacy@nextupai.app to exercise these rights.

Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States (where our cloud infrastructure and AI service providers are located). By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place as required by applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@nextupai.app.

Developer: Digital3 Pty Ltd