Privacy Policy

Ghost Mic (the “Service”) is operated by Pair and Pivot, LLC, a Delaware limited liability company (“we,” “us,” or “our”). For data-protection purposes, Pair and Pivot, LLC is the controller of personal data processed through the Service. You can reach us at pairandpivot@gmail.com.

This policy explains what personal data the Service processes, why, who it is shared with, how long it is kept, and the rights you have. It applies to the Ghost Mic web app and marketing site. It does not cover third-party services that have their own privacy policies (see section 5).

The Service is designed to minimize the data it keeps. We process:

• Microphone audio. When you start a session, audio is captured in your browser and streamed to our server purely to generate a live transcript. It is processed in memory and is not written to disk or retained by us.
• Transcripts. The text produced from your audio is held in a short rolling window (about 60 seconds) in server memory for the duration of your session and is then discarded. It is not saved to a database.
• Show notes you paste. If you use Prep mode, the notes you enter are sent to our AI provider to research topics in advance. They are processed for that purpose and not retained on our servers afterward.
• Cards and preferences in your browser. Cards you save and your layout settings are stored locally in your browser (local storage), not on our servers. A random session identifier appears in your page URL so a session can be rejoined.
• Technical and log data. Like most online services, our hosting providers automatically process limited technical data — such as IP address, browser/device type, and timestamps — to deliver and secure the Service. These logs are kept only briefly.
• Messages you send us. If you email us, we process your email address and whatever you choose to include, to respond.

We do not ask for an account, name, password, or payment. We do not intentionally collect special-category or sensitive personal data. Because audio and transcripts can contain anything you say, please avoid sharing sensitive information you don't want processed by the providers in section 5.

We process the data above to provide the Service you ask for, to keep it secure and working, and to respond to you. Where the EU or UK GDPR (or a similar law) applies, our legal bases are:

• Your consent — for accessing your microphone and processing your audio. Your browser asks for microphone permission, and you can withdraw consent at any time by stopping the session or revoking the permission, without affecting prior processing.
• Performance of a contract / taking steps at your request — to deliver the transcription, cards, and prep features you initiate.
• Our legitimate interests — to secure the Service, prevent abuse, debug, and improve it, balanced against your rights.

We do not use your audio, transcripts, or notes to send you marketing, and we do not make decisions producing legal or similarly significant effects about you through automated means.

We use a small set of trusted providers to run the Service. They process data on our behalf or as independent controllers under their own terms:

• Deepgram — converts your audio to text (speech-to-text).
• Cerebras — AI inference that decides when to surface a card and drafts card content.
• Google (Gemini & Google Search) — AI research for Prep mode and a fallback for live cards, including grounded web search.
• Hosting & infrastructure — Vercel (web app and marketing site), Google Cloud Platform (backend), and Cloudflare (DNS) host and route traffic for the Service.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We may disclose data if required by law or to protect our rights, users, or the public.

We are based in the United States and our providers are largely located there, so your data is processed in the U.S. and potentially other countries. Where you are in the EEA, the UK, or another region with transfer restrictions, these international transfers are made under appropriate safeguards — such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or equivalent mechanisms offered by our providers. You may contact us for more information about these safeguards.

Our design is to keep as little as possible. Audio is processed in memory and not stored. Transcripts exist only in a short rolling window during your session and are discarded when the session ends or the server restarts. We do not maintain a user database. Cards and preferences you save remain in your browser until you clear them. Technical logs are retained only briefly for security and troubleshooting. Email correspondence is kept as long as needed to handle your request. Our third-party providers retain inputs according to their own policies.

We do not use advertising or cross-site tracking cookies. The Service uses your browser's local storage to remember the cards you save and your layout preferences, and a session identifier in the page URL — all of which are needed for the app to function. Our hosting providers may set strictly necessary cookies to deliver and secure the site. You can clear local storage and cookies at any time in your browser settings.

Depending on where you live, you may have some or all of the following rights over your personal data:

• Access, correction, and deletion of personal data we hold about you.
• Portability — to receive your data in a portable format.
• Restriction and objection — to limit or object to certain processing, including processing based on legitimate interests.
• Withdraw consent at any time, without affecting processing already carried out.
• Opt out of sale or sharing and to limit use of sensitive personal information — though, as noted, we do not sell or share your data.
• Non-discrimination for exercising your rights.

To exercise any right, email us at pairandpivot@gmail.com. We will respond as required by applicable law and may need to verify your request. Note that because we do not retain your audio or transcripts and keep no user accounts, in many cases we will not hold personal data to access or delete; data saved in your browser is already under your control, and you can clear it yourself.

EEA/UK users: you have the right to lodge a complaint with your local data-protection supervisory authority. California users (CCPA/CPRA) and residents of other U.S. states with privacy laws have the rights described above; you may also use an authorized agent where permitted.

We use industry-standard measures to protect data, including encryption in transit (TLS) and in-memory processing that avoids persisting your audio. No method of transmission or processing is completely secure, however, and we cannot guarantee absolute security.

The Service is not directed to children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has used the Service, contact us and we will take appropriate steps.

We may update this policy from time to time. When we do, we will revise the “Last updated” date above, and material changes will be reflected on this page. Your continued use of the Service after changes take effect means you accept the updated policy.

For any privacy question or request, email pairandpivot@gmail.com. See also our Terms of Service.