# Privacy policy *Last updated 11 June 2026 · Lexicanon is operated by Govannon, a company based in the Netherlands.* **The short version:** we collect as little as we can, your meeting data belongs to you, we host it in the EU, we never sell it, and we never use your meetings to train our own AI. We also rely on a few outside services to transcribe and analyse meetings — we name every one of them, and tell you which can use your data, on the [Data flows](/data-flows.md) page. You can leave with your data at any time. ## This website lexicanon.com runs **no analytics, no tracking cookies, and no ad pixels**. Our web server keeps standard technical logs (IP address, time, page requested) for security and debugging; they rotate out automatically and we don't build profiles from them. If you book a demo or join the waitlist, we ask for your name, company, and work email, plus an optional message. We use that to reply and schedule the demo — nothing else. You will not be added to a marketing list. The confirmation email is delivered through Resend, our email provider. ## The product When you use Lexicanon with an account, we store: - **Account data** — your name, email, and sign-in details (or your company's single sign-on identity). - **Meeting data** — the audio you record or upload, and everything we derive from it: transcripts, summaries, decisions, and action items. - **Voice signatures** (optional) — small mathematical fingerprints of a speaker's voice, used only to recognise returning speakers inside your own workspace. Workspace admins can review and delete them at any time. They never leave your workspace. All of it is stored on our servers in **Germany** (Hetzner), under EU jurisdiction. Voice signatures and meeting content are strictly isolated per workspace — one customer can never see another's data. ## Who processes your data Turning audio into transcripts and summaries means sending it to AI providers for processing. On our managed Cloud plan, depending on configuration, that means: - **Transcription** — Deepgram, AssemblyAI, Speechmatics, Soniox, or Microsoft Azure. - **Summarisation** — Anthropic, OpenAI, or OpenRouter. - **Email** — Resend (transactional mail only). - **Infrastructure** — Hetzner (hosting, Germany) and Cloudflare (DNS only — it resolves our domain names and does not see your meeting content). These providers process your data to deliver the service and for nothing else. Where a provider offers terms or settings that keep your content out of their model training, we use them — but this varies by provider, so we set out the exact, per-provider position on the [Data flows](/data-flows.md) page. On a **BYOK plan**, the same processing happens but under *your own* accounts with those providers — your agreements with them apply, and we never see or mark up your usage. On a **self-hosted** deployment, your meeting data never reaches us at all. A standard [Data Processing Agreement (DPA / Verwerkersovereenkomst)](/dpa.md) is also available. ## What we never do - We never sell your data, to anyone, for anything. - We never show ads or share data with advertisers. - We never use your meetings to train our own AI. For the outside services that transcribe or analyse your meetings, we use the providers' API terms that exclude training wherever the provider offers it — and we tell you the exact, per-provider position (including the few we're still tightening up) on the [Data flows](/data-flows.md) page. - Our staff don't look at your workspace content. The exceptions: you explicitly ask us to during a support request, or the law compels us. ## How long we keep things Meetings stay in your workspace until you delete them — there is no automatic expiry today. You can permanently delete any meeting yourself, and you can ask us to delete specific data at any time. If you close your account or workspace, we remove your data from our systems within 30 days. Demo-request details are kept only as long as we're actually talking to you. ## Your rights Under the GDPR you can ask us to show you the data we hold about you, correct it, export it, or delete it. Email demo@lexicanon.com and we'll handle it — no forms, no runaround. If you're not happy with how we handle it, you can complain to the Dutch data protection authority (Autoriteit Persoonsgegevens), though we'd appreciate the chance to fix it first. ## Cookies This website sets none. The app sets exactly one kind: a session cookie that keeps you signed in. That's why there is no cookie banner — there's nothing to consent to. ## Changes If we change how we handle data, we update this page and the date at the top. For meaningful changes, account holders are notified by email or in the app before the change takes effect. --- *Markdown edition for AI assistants — canonical page: [https://lexicanon.com/privacy](https://lexicanon.com/privacy) · Lexicanon.*