Privacy Policy

Effective date: May 24, 2026

This policy describes how Précis (“we,” “us,” or “the app”) collects, uses, stores, shares, and protects your information. Précis is published by Pliologik LLC, a Florida limited liability company, which is the company responsible for Précis and the data controller for the information described below. Précis is a meeting notes app that records audio on your device, transcribes it on-device, and uses AI processing to turn transcript text into structured minutes. The summary below gives the practical version first; the sections that follow explain the legal and technical details.

Privacy at a glance

Audio stays on your device by default. Précis uploads audio only if you subscribe to Précis Pro and enable cloud audio backup. Current clients encrypt cloud audio on your device before upload; older backups may remain server-side encrypted legacy audio until replaced or deleted.
Transcripts are used to make the app work. Transcript text is sent to our backend for AI minutes, follow-up suggestions, sync, and related features. We do not use your content for advertising or sell it.
Shared meetings create recipient copies. If you share a meeting with another Précis user, the recipient receives their own copy of the meeting metadata, minutes, transcript, and encrypted audio access after they accept. Revoking a share stops future accepts and shared-audio downloads, but it does not erase a copy the recipient already accepted.
AI processing is limited to supported no-training and Zero Data Retention routes. We route AI requests through providers and gateway settings selected for no-training commitments and zero data retention. Gateway payload logging and response caching are disabled.
Paid features use the same account boundary. Pro unlocks cloud audio backup, semantic search, reprocessing, template customisation, and research or draft helpers; those features still operate inside your authenticated account.
You can delete your account in the app. Deleting your Précis account removes your Précis data, but it does not cancel an App Store subscription.

1. Information We Collect

1.1 Identity and authentication

CloudKit record name — an opaque identifier derived from your iCloud account, scoped to your Apple ID and the Précis app container. We use it as your stable internal account identity. We do not receive your Apple ID, name, or email.
App Attest key — a cryptographic key generated in your device’s Secure Enclave that proves API requests come from a genuine, unmodified copy of Précis. We store the key’s identifier server-side; the private key never leaves your device.
Device identifier — a randomly generated identifier (a ULID) created at first launch, used to apply per-device rate limits and to bind your subscription to your device. Stored on your device’s Keychain.
Session token — a JSON Web Token (JWT) issued after device verification, valid for 24 hours, used to authenticate API requests.

1.2 Meeting content

Audio recordings. Recorded on your device when you press record. Stored on your device for every user. Audio is uploaded to our servers only for paying subscribers who have the cloud audio backup feature enabled. Current app versions encrypt backed-up audio before upload; older cloud audio backups are marked as legacy plaintext server objects until replaced or deleted. Free-tier users’ audio never leaves the device.
Transcripts. Generated on your device by Apple’s SpeechAnalyzer framework. The transcript text (not the audio) is sent to our servers for AI processing and stored alongside the meeting. The canonical transcript body is stored in object storage; our database keeps the meeting metadata, transcript manifest, search projection, and compatibility records needed to sync and search your meetings.
Meeting minutes. Structured summaries (overview, key decisions, action items, topics, open questions, etc.) produced by AI processing of your transcript on our servers, then synced back to your device.
Shared meetings. If you share a meeting with another Précis user, we store the share link record, acceptance record, recipient public sharing key, copied meeting metadata, copied transcript and minutes records, and encrypted-audio grant metadata needed to let the recipient access their copy. Shared audio remains encrypted; the sender device wraps the audio file key for the recipient, and we store that wrapped envelope without receiving the unwrapped audio key.
Templates. Built-in and user-customised templates that determine the structure of your meeting minutes. Stored both on your device and on our servers.
Search embeddings. For paying subscribers using semantic search, we generate numerical vector representations of your transcript text and store them in a vector index. These vectors are not stored as readable transcript text, but they can reflect the meaning of your meetings, so we treat them as meeting content and keep them scoped to your account.

1.3 Subscription and purchase data

Your subscription status (active, expired, billing retry, grace period, none).
The product identifier you subscribed to (precis_pro_monthly or precis_pro_annual).
The original transaction identifier provided by Apple, used for entitlement verification.
A log of subscription state changes received via Apple’s App Store Server Notifications.

We never see your full payment information — Apple processes the purchase and shares only the verification envelope with us.

1.4 Operational data

Authentication and security events — a server-side audit log of identity attestation, assertion, and account-lifecycle events, used to detect abuse and fraud.
Object-deletion events and erasure operations — audit and retry records used to confirm that audio files, transcript objects, search embeddings, and short-lived cache entries are deleted when you delete content or your account.
Sync log — a record of when your device synchronised meetings with our servers, used for diagnostics.
Request logs — structured operational logs at our cloud edge containing request method, route, status code, and timing. We do not log request bodies, authentication headers, transcript content, audio paths, or any personally identifying information.

1.5 Diagnostics

On-device crash reports. Précis subscribes to Apple’s MetricKit framework to receive system-level crash and hang reports for Précis. These reports are written to the device’s system log. They are not transmitted to our servers automatically.
System logs. Précis writes diagnostic messages to the device’s unified logging subsystem. These remain on your device.

2. How We Use This Information

We use the categories of data listed in §1 only to provide the app’s core functionality:

Authenticating you and protecting your account.
Recording, transcribing, and summarising your meetings.
Synchronising your meetings between your devices (if you use Précis on more than one).
Letting you share a meeting snapshot with another Précis user when you choose to do so.
Providing semantic search across your transcripts (paid feature).
Generating follow-up suggestions and optional paid research or draft helpers from meeting context.
Verifying your subscription and providing paid features.
Detecting and preventing abuse, fraud, and unauthorised access.
Diagnosing and fixing software issues.

We do not use your data for advertising, behavioural targeting, profiling that produces legal or similarly significant effects, or any purpose unrelated to providing Précis.

3. On-Device vs. Cloud Processing

Précis is designed so that the most sensitive part of the recording — the audio — stays on your device by default.

Audio capture and transcription happen on your device. We use Apple’s SpeechAnalyzer framework, which transcribes locally and does not send audio to Apple or to us during transcription.
Only the transcript text leaves your device for AI processing.
Audio is uploaded to our servers only if you are a paying subscriber and the cloud audio backup feature is enabled. Current app versions encrypt backed-up audio locally before upload. Free-tier users’ audio is never transmitted to our servers.

4. AI Processing

To produce meeting minutes and related AI features, Précis sends only the content needed for that feature to a supported large-language-model route through our AI gateway. For meeting minutes, that means transcript text plus the selected template instructions. For follow-up suggestions and paid research or draft helpers, that means the relevant meeting-derived context needed for the feature. We do not send audio recordings, payment information, or account identifiers beyond the routing metadata required to operate the gateway.

Précis is configured to use supported provider routes that offer no-training commitments and Zero Data Retention for API traffic. Provider commitments may change over time; if a route no longer satisfies this posture, we remove or replace it before using it for Précis traffic and update this policy if the change is material.

Prompt caching. Some supported routes offer a short-lived ephemeral cache, typically for a few minutes, for repeated prompt prefixes. We use this only to reduce cost and latency. Cached content is not retained beyond the cache duration and is not used for training.

Gateway logging. Our AI gateway is configured so that request and response bodies (your transcript content and the generated minutes) are not retained by the gateway. The gateway still records operational metadata for each request (model, provider, token counts, status code, cost, and duration) so that we can monitor cost and reliability; this metadata does not contain transcript text or a direct account identifier.

5. Where Your Data Is Stored

Your data is stored on third-party cloud infrastructure with encryption at rest:

Object storage — client-encrypted audio backup files for current app versions, legacy audio files for older backups, and canonical transcript objects for meetings synced to our servers. Object storage is also encrypted at rest using keys managed by the storage provider.
Database — structured records and indexes (meetings, transcript manifests, transcript search projections, legacy compatibility transcript rows, minutes, shared meeting links and grants, templates, subscription state, audit logs). Encrypted at rest using keys managed by the database provider.
Vector index — semantic search vectors (paying subscribers using search), namespaced per user.
Transient cache — short-lived subscription-status cache with a 60-second time-to-live.

All data in transit between your device and our servers, and between our servers and supported AI providers, is transmitted over HTTPS/TLS. Audio downloads use signed URLs that expire after one hour.

6. Data Retention

The retention periods below are configured server-side and applied by automated purge jobs (a daily content purge and a weekly inactive-account sweep).

Active meeting content (audio, transcripts, minutes) — retained while your account is active.
Inactive accounts — if you do not sign in for an extended period, we may delete your account and all of its data after a cancellable grace period. The inactivity window is 90 days for empty accounts that never subscribed, and 2 years for accounts that have saved content or a lapsed subscription. Once your account is flagged as inactive, there is a 30-day grace period during which any sign-in cancels the deletion and keeps your account; only after that does deletion proceed. Active subscribers are never deleted for inactivity. Because Précis does not collect your email address, signing back in is how you cancel a pending inactive-account deletion.
Shared meeting copies — retained as part of the recipient account after acceptance. The recipient can delete their shared copy. Sender revocation stops future accepts and future shared-audio downloads, but it does not delete a recipient copy that already exists.
Meetings you delete in the app — the audio file is removed from our servers immediately. The transcript and minutes enter a 30-day backup window before permanent erasure. This window exists so we can recover your data if a deletion is made in error due to a technical fault.
Custom templates you delete — same 30-day backup window as deleted meetings.
Authentication and security audit log — 365 days, then automatically purged.
App Attest device key registrations — keys unused for 365 days are removed automatically.
Object-deletion audit log — 365 days. After your account is deleted, any remaining entries are anonymised (your user identifier is removed) and retained for the rest of the 365-day window for forensic and abuse-prevention purposes.
Erasure operation records — retained only as long as needed to complete account deletion across object storage, the vector index, and transient cache. If an external deletion temporarily fails, the operation record is kept for retry or alerting; raw object keys are removed from this retry manifest once the deletion completes.
Subscription records — retained while your account is active. Cascade-deleted on account deletion. We may retain redacted financial records longer where required by tax or accounting law applicable to us; we do not currently apply any such retention.
Subscription status cache — 60-second time-to-live, refreshed on demand.
Session tokens (JWTs) — 24-hour expiry; not stored server-side.

7. Account Deletion

You can delete your entire account at any time from within the app: Settings → Account → Delete Account. Once deletion is accepted, your account is immediately disabled and cannot continue using authenticated app features. Deletion then removes:

All your meetings, transcripts, meeting minutes, transcript segments, and templates.
All your audio files, shared audio copies you received, and any legacy audio files associated with your account.
Your meeting sharing records — the share links you created, the share acceptances and encrypted-audio grant envelopes that involve you as sender or recipient, and your sharing public keys.
All your search embeddings.
Your authentication audit events and your registered App Attest device keys.
Your subscription event log and your subscription-status cache entry.
Your account record itself.

To make deletion reliable across our database, object storage, vector index, and cache, we create a temporary operational erasure record before deleting the account data. This record contains only the identifiers needed to complete and retry deletion, is not used for product features, and is deleted or anonymised when erasure completes. If an external storage provider is temporarily unavailable, this operational record may survive beyond the request so deletion can be retried and failures can be alerted instead of silently losing the manifest.

The object-deletion audit log retains anonymised entries (with no link to you) for the remainder of the 365-day audit window, as described in §6. Completed erasure jobs may also retain anonymised operational metadata showing that deletion completed, but not the object keys or your account identifier.

Deleting your Précis account does not cancel your App Store subscription. You must cancel it separately through your Apple Account settings (Settings → [Your Name] → Subscriptions on iOS). If you do not cancel, Apple will continue to charge you on the renewal date.

For data access, correction, or deletion requests that you cannot complete in the app, contact us as described in §15. We will respond within 30 days for GDPR requests and within 45 days for CCPA requests, after verifying your identity.

8. International Data Transfers

Our cloud infrastructure providers operate in many countries; your data may be processed in any region where they run the services we use. Our LLM providers are based in the United States.

For users in the European Economic Area, the United Kingdom, or Switzerland: cross-border transfers rely on each processor’s data-processing terms, including (where applicable) Standard Contractual Clauses approved by the European Commission. You may request a copy of the relevant safeguards by contacting us (see §15).

9. Your Privacy Rights

9.1 GDPR (EEA, United Kingdom, Switzerland)

If you are in the EEA, the UK, or Switzerland, you have the following rights under the GDPR or local equivalent:

Access — obtain a copy of the personal data we hold about you.
Rectification — correct inaccurate personal data.
Erasure — request deletion of your personal data. The in-app account deletion described in §7 satisfies this for the data Précis controls.
Restriction of processing — ask us to limit how we use your data.
Data portability — receive a structured, machine-readable copy of your meetings, transcripts, and minutes.
Objection — object to processing based on legitimate interests.
Withdraw consent — where we rely on consent, you may withdraw it at any time.
Lodge a complaint — with your local supervisory authority.

Lawful basis. We process your data on the basis of contract (Article 6(1)(b) GDPR) — processing is necessary to provide the app you signed up to use. For audit logs and security telemetry we additionally rely on legitimate interests (Article 6(1)(f) GDPR) in protecting users from abuse.

Controller and processors. Pliologik LLC is the data controller. Our cloud infrastructure providers and supported AI providers referenced in §4 act as data processors on our behalf under their published data-processing terms, and are contractually required to protect your data to a standard at least equivalent to this policy and to process it only on our instructions. Personnel of Pliologik LLC may access your data only as needed to operate, support, and secure Précis, under the same protections described here.

To exercise any of these rights, contact us (see §15).

9.2 CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA. The business responsible for Précis is Pliologik LLC.

Right to know — what categories of personal information we collect and disclose.
Right to access — a copy of the specific pieces of personal information we hold about you.
Right to delete — deletion of your personal information.
Right to correct — correction of inaccurate personal information.
Right to opt out of sale or sharing — Précis does not sell or share your personal information, including for cross-context behavioural advertising. There is no opt-out to exercise.
Right to limit use of sensitive personal information — we use audio recordings (a sensitive category under CPRA) only to provide the app’s core functionality; no further limitation applies.
Right to non-discrimination — we will not deny service or charge different prices because you exercise your privacy rights.

Categories of personal information we collect (per Cal. Civ. Code §1798.140(v)):

Identifiers (CloudKit record name, device identifier, App Attest key identifier).
Commercial information (subscription status, product identifier, transaction identifier).
Internet or other electronic network activity (request logs, sync logs).
Audio information (meeting recordings; on server only for paying subscribers using cloud audio backup).
Inferences drawn from any of the above (LLM-extracted summaries, action items, decisions, topics).

To exercise these rights, contact us (see §15).

10. Tracking and Advertising

Précis does not track you across other apps or websites. We do not use advertising identifiers, third-party SDKs, analytics services, or data brokers. The app’s privacy manifest declares NSPrivacyTracking = false. As such, the App Tracking Transparency prompt does not appear in Précis.

11. Permissions Précis Requests

Microphone — required to record meetings. Used only when you start a recording. We do not access the microphone in the background unless you start a recording and then move the app to the background or lock your device.
Background audio — declared so that recordings continue when your screen locks.
iCloud — required for identity. Précis uses CloudKit only to read your account’s opaque record name; it does not read or write to your iCloud Drive, Photos, Notes, Contacts, or any other iCloud data. CloudKit data sync is not configured.
Face ID — optional. Requested only if you turn on the in-app App Lock. Face ID is handled entirely by iOS; Précis receives only the unlock success or failure result and never your biometric data.
Calendar (write-only) — optional. Requested only when you choose to turn a meeting action item or Suggested Next Move into a calendar event. Précis uses write-only access to open Apple’s native calendar editor pre-filled with the event you selected; it cannot read your existing calendar.
Reminders — optional. Requested only when you choose to turn a meeting action item or Suggested Next Move into a reminder. Apple’s Reminders API requires full access to add a reminder, so Précis requests it at that moment and uses it only to add the reminder you selected; it does not read or use your existing reminders.

Précis does not request access to your camera, photo library, location, contacts, or health data.

12. Security

App Attest. Every API request is bound to a key in your device’s Secure Enclave. We will reject requests from devices that fail attestation.
HTTPS/TLS. All transit between your device, our servers, and supported AI providers is encrypted.
Client-side audio backup encryption. Current app versions encrypt cloud audio backups on your device before upload. The server stores the ciphertext and non-secret metadata needed for devices that have your iCloud Keychain audio-backup key to download and decrypt it. If no device has the required key, Précis cannot recover that encrypted audio backup.
Server-side encryption at rest. Object storage and our database are encrypted at rest using keys managed by the storage and database providers.
File protection on device. The app’s on-device storage uses iOS’s data-protection classes — completeUnlessOpen for the meeting database (transcripts, minutes, metadata) and completeUntilFirstUserAuthentication for audio files (so a recording can continue across screen locks). Both classes encrypt your data at rest with keys derived from your device passcode.
Per-user data isolation. Every server-side query that touches your data carries a user-scope clause. Audio file paths are namespaced under your account identifier. Search vectors are namespaced per user.
Rate limiting. All API routes are rate-limited per device to mitigate abuse.
Credentials. Secrets are managed through our secret-management system, not committed to source control.

No system is perfectly secure. If you discover a vulnerability, please report it to us (see §15).

13. Children’s Privacy

Précis is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information through Précis, please contact us (see §15) and we will delete it promptly.

14. Changes to This Policy

We may update this policy from time to time. For material changes, we will:

Update the effective date at the top of this page.
Where possible, surface a brief notice in the app on your next launch.

Your continued use of Précis after a material change means you accept the updated policy. If you do not accept it, you can delete your account at any time as described in §7.

15. Contact

Précis is operated by Pliologik LLC. For privacy enquiries, data-subject requests, or vulnerability reports, email privacy@precis.run. You can also reach the company at contact@pliologik.com.