Legal

Privacy Policy

Last updated: March 2026

1. Introduction

Shuli (“we,” “our,” or “us”), operated by Arachnid Solutions LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered meeting notes service (“Service”). By using the Service you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and company information. If you sign in through a third-party service (such as Google or Microsoft), we receive basic profile information (name, email, profile picture) from that service.

2.2 Meeting Data

When Shuli joins your meetings or when you upload audio recordings, we temporarily process the audio to generate meeting summaries. We do not store raw recordings, uploaded audio files, or full transcripts beyond the processing period. Uploaded audio files are deleted immediately after transcription. Only structured meeting summaries are retained, subject to your retention settings.

2.3 Integration Data

When you connect third-party services, we access only the data necessary to provide our Service. The specific data accessed by each integration is described in Section 6 below. We do not access or store data beyond what is required for the specific integration.

2.4 Usage Data

We collect anonymized usage data to improve our Service, including feature usage, performance metrics, and error logs. This data does not include meeting content.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our Service
  • Generate AI-powered meeting summaries, action items, and follow-ups
  • Sync meeting notes to your connected CRM and file storage services
  • Create and send follow-up email drafts on your behalf (only when you initiate)
  • Send you service-related communications
  • Improve and optimize our Service
  • Comply with legal obligations

4. Data Retention

Raw meeting audio, video, and uploaded audio files are deleted immediately after processing. Transcripts are also deleted immediately after processing; we do not retain transcripts. Only meeting note summaries are stored, and they are retained according to your notes retention setting (options: immediately after processing, 7 days, 14 days, 30 days, or indefinitely). You can delete meeting notes at any time from your Data & Privacy settings in the app.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers who assist in operating our Service (cloud hosting on AWS, AI processing via OpenAI/AWS Bedrock, meeting recording via Recall.ai, email delivery via Resend)
  • Third-party integrations you have authorized — data is only sent to services you explicitly connect (see Section 6)
  • Law enforcement when required by law

6. Third-Party Integrations

Shuli integrates with the following third-party services. Each integration is optional and activated only when you explicitly connect it. You can disconnect any integration at any time from your app settings, which revokes our access and deletes stored tokens.

6.1 Google (Calendar, Gmail, Drive)

Authentication: OAuth 2.0 via Google Identity Platform. We do not store your Google password.

Data accessed and purpose:

  • Google Calendar (calendar.events scope — read and write access to events only) — We read your calendar events (titles, times, attendees, conferencing links) to identify upcoming video meetings and automatically join them with a notetaker bot when you enable auto-join. We create new calendar events with Google Meet links when you schedule a follow-up meeting through Shuli. We subscribe to calendar change notifications to detect new or updated meetings in real time. The calendar.events scope does not grant access to calendar sharing settings, ACLs, or other calendars you have not authorized.
  • Gmail (gmail.send scope — send only; we cannot read, list, search, or modify your mailbox) — After a meeting, Shuli generates follow-up email drafts pre-populated with meeting summaries and action items. You review and edit these drafts within the Shuli interface, then the email is sent from your Gmail account only when you click “Send”. We never send, forward, or store emails automatically. The gmail.send scope does not grant us access to your inbox, sent folder, drafts, or any other Gmail data.
  • Google Drive Picker (no data access) — You can select Google Drive files via the Google Picker to include as shareable links in follow-up emails. Shuli does not download, read, or store any Drive file content — only the file name and shareable URL are used.
  • Profile information (email, name) — Used to identify your account and display your name in the interface.

Retention: OAuth tokens are stored encrypted in our database. Calendar event data is cached only during active processing. Email content is composed within the Shuli interface and sent via Gmail — we do not create drafts in your Gmail account. We do not download or store any Google Drive file content.

Revocation: Disconnect Google from your Shuli settings at any time. You can also revoke access from your Google Account permissions page.

Google API Services User Data Policy — Limited Use: Shuli's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide or improve user-facing features that are prominent in the Shuli interface (auto-joining scheduled meetings, creating follow-up calendar events, and sending user-reviewed follow-up emails).
  • We do not transfer Google user data to third parties except as necessary to provide these features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notification.
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not use Google user data (including Gmail message content or Calendar event content) to develop, improve, or train generalized or non-personalized AI and/or machine learning models.
  • We do not allow humans to read Google user data unless we have obtained your explicit consent to read specific messages or events, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized for internal operations.

6.2 Microsoft (Outlook Calendar, Outlook Mail, OneDrive, OneNote)

Authentication: OAuth 2.0 via Microsoft Identity Platform (Azure AD). We do not store your Microsoft password.

Data accessed and purpose:

  • Outlook Calendar (read & write) — We read your calendar events to identify upcoming meetings. We create calendar events with Teams meeting links when you schedule through Shuli. We subscribe to calendar change notifications for real-time meeting detection.
  • Outlook Mail (send) — We draft follow-up emails with meeting summaries and action items inside Shuli. You review and edit drafts before sending. We send emails only at your explicit request.
  • OneDrive (read & write) — You can browse and attach OneDrive files to emails. We can save meeting notes to your OneDrive.
  • OneNote (create) — We can create OneNote pages with meeting summaries and action items when you choose OneNote as your sync destination.
  • Profile information (email, name) — Used to identify your account.

Retention: OAuth tokens are stored encrypted. Calendar and mail data is processed in real-time and not permanently cached. OneDrive and OneNote content is processed in memory only.

Revocation: Disconnect Microsoft from your Shuli settings. You can also revoke access from your Microsoft account permissions page.

6.3 Salesforce (CRM)

Authentication: OAuth 2.0 with PKCE (Proof Key for Code Exchange) via Salesforce Connected App. We do not store your Salesforce password.

Data accessed and purpose:

  • Contacts & Accounts (read) — We search contacts and accounts to match meeting attendees with CRM records for meeting preparation.
  • Tasks (create & update) — We create follow-up tasks from meeting action items.
  • Notes (create & update) — We create ContentNotes with meeting summaries and link them to the relevant Contact or Account record.
  • Schema metadata (read) — We read object field descriptions for custom field mapping configuration.

Retention: OAuth tokens are stored encrypted. Contact search results are cached temporarily during meeting preparation. Meeting summaries are generated from our own meeting data and pushed to Salesforce; we do not bulk-export Salesforce data.

Revocation: Disconnect Salesforce from your Shuli settings, which revokes the OAuth token. You can also revoke access from Salesforce Setup → Connected Apps.

6.4 Dropbox (File Storage)

Authentication: OAuth 2.0 via Dropbox API. We do not store your Dropbox password.

Data accessed and purpose:

  • Files (read only) — You can browse, search, and select Dropbox files as meeting context for AI-powered preparation. We read file metadata (names, paths) and download content for selected files only.
  • Account information (read) — We read your account email to display connection status.

Retention: OAuth tokens are stored encrypted. File content is read on-demand, processed in memory, and not permanently stored.

Revocation: Disconnect Dropbox from your Shuli settings, which revokes the OAuth token. You can also revoke access from your Dropbox connected apps page.

6.5 Wealthbox (CRM)

Authentication: API key. Data accessed and purpose are similar to Salesforce: contact matching, note syncing, and task creation for financial advisory workflows.

7. Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) for all data transmission
  • Encryption at rest (AES-256) for stored data
  • OAuth tokens encrypted before database storage
  • PKCE (Proof Key for Code Exchange) for Salesforce OAuth flows
  • CSRF protection via state parameters on all OAuth flows
  • Role-based access controls
  • Infrastructure hosted on AWS with SOC 2 compliant services

For more details, see our Security page.

8. Your Rights & Data Controls

You have the right to:

  • Access your personal data via your account dashboard
  • Correct inaccurate data in your account settings
  • Delete your data — you can delete individual meeting notes or all notes from the Data & Privacy section of your settings
  • Export your data in standard formats
  • Disconnect any third-party integration at any time, which revokes access and deletes stored tokens
  • Control retention — set custom retention periods for meeting notes
  • Object to certain processing by contacting us

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at privacy@shuli.ai.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing is your consent (for integrations) and legitimate interest (for service operation). To exercise your GDPR rights, contact us at privacy@shuli.ai.

11. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the “Last updated” date, and sending an email notification for significant changes.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: privacy@shuli.ai
Arachnid Solutions LLC
Scottsdale, AZ