UnwarpSign in
Privacy

Privacy policy

Last updated 2026-05-26

Unwarp is a voice-first note-taking service operated by Pentaeon (registered in France; postal address and contact details below). This notice explains, in line with Articles 13 and 14 GDPR, what personal data we collect, the lawful basis for processing it, who else sees it, how long we keep it, and how to exercise your rights.

Questions, access requests, or complaints: write to privacy@pentaeon.dev. You also have the right to lodge a complaint with the French supervisory authority (the CNIL).

Controller identification

Data controller: Pentaeon, Paris, France. Postal address and registration number available on request to privacy@pentaeon.dev. Unwarp does not currently have a designated Data Protection Officer; privacy@pentaeon.dev reaches the founder directly.

What we collect

  • Account data — your email address (used for sign-in via Supabase Auth), and the handle, display name, and timezone you set during onboarding. If you sign in with Google, we also receive your Google account name and email so we can suggest a default first-name during onboarding.
  • Voice-note recordings — the voice captures you make inside the app outside the /meeting flow. Audio is sent to our speech-to-text processor (AssemblyAI by default, Groq as fallback) for transcription and then permanently deleted from our servers within one hour of the recording being captured. The transcript is what we keep. A nightly orphan sweep enforces the cap in the rare case the in-line delete fails. Meeting recordings follow a separate retention rule — see the next item.
  • Transcripts & notes — the text Unwarp derives from your recordings, any notes you type directly, action items, calendar events extracted from notes, and tags.
  • Meeting recordings — when you use the /meeting flow, the recording is sent for transcription and diarisation (speaker labels A/B/C), the resulting transcript is saved, and the original audio is retained for 30 days so you can replay it and jump to the exact moment something was said. After 30 days the audio is permanently deleted; the transcript stays until you delete the meeting.
  • Profile photo and workspace logos (optional) — if you upload an avatar from /youor a workspace logo from a workspace you own, we store the image as a 512×512 WebP with EXIF / colour-profile metadata stripped before storage. The original file is not retained. Avatars are visible to anyone signed in to Unwarp; workspace logos are visible only to members of the workspace and people you invite.
  • Personal pronunciation dictionary — terms you teach Unwarp to spell correctly (names, jargon).
  • “What Unwarp knows about you” — the persistent memory blob you curate or that Unwarp auto-extracts to personalise future AI cleanup. You can inspect, edit, or wipe this from the You page.
  • Embeddings — 1536-dimensional numeric representations of note chunks used for semantic search. Reversibly derived from your notes; deleted when the note is deleted.
  • Activity log — minimal audit entries (note captured, AI cleanup run, export downloaded, login) shown to you on the You page and purged after 180 days.
  • Push subscription metadata — only if you opt in to daily digest notifications: a browser web-push endpoint + keys, or an FCM (Android) / APNs (iOS) device token.
  • Workspace data— if you join a workspace, its members can see notes you capture into it and you can see theirs. The workspace dictionary, memory, and meeting recordings sit in the workspace’s scope and are accessible to its other members.
  • Billing data — if you start a paid subscription: a billing display name, plan, status, and (via our payment processor) the card data necessary to charge you. Card data never lands on Unwarp servers; it lives with the payment processor.
  • API / OAuth credentials— if you mint a personal API key or connect an MCP client (Claude, ChatGPT, Cursor, …), we store the SHA-256 hash of the token and the metadata you supplied at creation. The raw token is only ever shown to you once.

We do not use cookies for tracking, advertising, or third-party analytics. The only cookies set are: the Supabase Auth session cookies; UI-state preferences you choose (sidebar collapsed, notes view mode, note focus mode). No third-party scripts run on the marketing pages.

Lawful basis

  • Contract (Art 6(1)(b)) — providing the Unwarp service: account creation, capture, transcription, AI cleanup, sync, billing, workspace sharing.
  • Legitimate interest (Art 6(1)(f)) — security, abuse prevention, rate limiting, error logging. Balanced against your interests; you can object at privacy@pentaeon.dev.
  • Consent (Art 6(1)(a)) — push notifications, optional AI personalisation features, marketing emails. Withdraw any time from the You page.
  • Legal obligation (Art 6(1)(c)) — VAT records and other accounting obligations for paid invoices.

We do not rely on Article 9 (special categories of data) for any processing. Voice recordings could in principle contain such data; the short audio-retention windows (one hour for note captures, 30 days for meetings) and the absence of any downstream classification of those categories are the primary controls.

Sub-processors and recipients

Unwarp relies on a small set of trusted sub-processors to deliver the service. Each receives only the data needed for the function it provides; none receives your account password (we don’t store one — sign-in is magic-link only) or your push subscription tokens.

  • Supabase(EU region) — managed Postgres, Auth, and object storage. Everything in “What we collect” lives here at rest. Region: EU.
  • AssemblyAI(United States) — primary speech-to-text. Receives raw audio + optional speaker diarisation request. Audio is deleted on our side within one hour for note captures and within 30 days for meeting recordings; AssemblyAI’s own retention is governed by their API terms (they state they do not train on customer audio sent via the API).
  • Groq (United States) — speech-to-text fallback (Whisper Large v3). Used only when AssemblyAI fails. Same one-hour / 30-day deletion rules on our side.
  • Anthropic(United States) — Claude models for note cleanup, chat, reorganisation, and meeting summarisation. Receives transcripts, your “memory” blob, and the workspace memory when applicable. Anthropic state they do not train models on API customer data by default.
  • OpenAI(United States) — text embeddings (text-embedding-3-small) for semantic search and TTS (tts-1) for the “read note aloud” feature. OpenAI state they do not train models on API customer data by default.
  • Resend (United States / EU) — transactional email (sign-in magic links, welcome, account-deletion confirmation, workspace invitations).
  • Google Firebase Cloud Messaging (United States) — only if you opt in to daily-digest push notifications on Android.
  • Apple Push Notification Service (United States) — only if you opt in to daily-digest push notifications on iOS.
  • Google OAuth(United States) — only if you choose “Continue with Google” at sign-in.
  • Stripe (United States / Ireland) — payment processor for paid subscriptions, if/when you upgrade.
  • Let’s Encrypt (EU) — TLS certificate issuance.

The authoritative, dated list of sub-processors lives at /privacy/sub-processors. Material changes there are announced 30 days in advance for Unwarp Team customers under a signed DPA.

We never sell your data. We do not share it with any other third party except where required by law or with your explicit prior consent.

User-selected sub-processors (MCP)

Unwarp ships an MCP server that lets you connect external AI hosts (Claude, ChatGPT, Cursor, and any MCP-capable client) to read and modify your notes on your behalf. When you connect a host you are deliberately granting it access; that host becomes a sub-processor of your choosing. You can review and revoke connected hosts at any time from /you/connections.

International transfers

Several sub-processors above operate from the United States. Transfers rely on one or more of the following Art 46 safeguards depending on the vendor:

  • EU–US Data Privacy Framework certification, where the processor is certified (Stripe, Google, Apple, Anthropic and OpenAI hold or have applied for DPF certification at various points; check dataprivacyframework.gov for live status);
  • European Commission Standard Contractual Clauses (2021/914), flowed down through each processor’s Data Processing Addendum;
  • Supplementary technical measures (TLS in transit; minimal payloads; short audio retention — one hour for note captures, 30 days for meetings).

We hold signed DPAs with each named sub-processor. Copies of the SCCs in force are available to data subjects on request.

Where the data lives

The hosted Unwarp service at unwarp.app uses a Supabase project in the EU region. Inference and email sub-processors operate primarily from US infrastructure under the safeguards above.

This policy covers the hosted Unwarp service that Pentaeon operates. It does not cover any separate deployment of the software that you, or anyone else, may operate yourselves — in that case the operator of that deployment is the controller of the data on it, not Pentaeon.

How long we keep it

  • Note audio recordings — at most one hour from capture (enforced inline by the transcription pipeline and backed up by an hourly orphan sweep).
  • Meeting audio recordings — retained for 30 days from capture so you can replay them and jump to the exact moment something was said, then permanently deleted.
  • Notes, transcripts, action items, events, embeddings, dictionary, memory — kept until you delete the note or the account.
  • Notes in the Bin — hard-deleted after 10 days.
  • Activity log — 180 days, then purged.
  • Deleted accounts— when you press “Delete account” we mark the account for deletion and disable access immediately; the account and all associated data are hard-deleted after a 7-day grace period during which you can cancel by emailing privacy@pentaeon.dev. Backups may retain previously-stored copies for up to 30 days before rotating out.
  • Billing records — retained for the period required by French and EU accounting law (typically 10 years for invoices), separately from your account data.

Your rights (Art 15–22 GDPR)

From within the app you can:

  • Access — view all your notes, action items, events, dictionary, memory, audit log, and billing status across the app.
  • Portability — download a machine-readable ZIP of your account (Markdown notes + manifest.json including dictionary, action items, events, settings, audit log, push subscriptions, OAuth grants metadata) at /you → Export.
  • Rectification — edit your profile, notes, tags, dictionary, memory directly.
  • Erasure — delete individual notes (10-day bin then hard-delete) or your entire account from /you.
  • Restriction / objection — toggle off AI features (cleanup personalisation, embeddings, weekly memory consolidation, digests) from /you → Privacy & AI.
  • Withdraw consent — disable push notifications, marketing emails, and AI personalisation features at any time from the same panel.

Decisions made by Unwarp’s AI cleanup pipeline (tag assignment, topic guess, action-item extraction, memory updates) are notsolely automated decisions with legal or similarly significant effect under Art 22; the outputs are suggestions you can edit, reject, or revert via the “Versions” history on each note. You can also switch the AI cleanup off entirely.

For anything that can’t be self-served, including a full account export delivered out-of-band, email privacy@pentaeon.dev. We respond within 30 days as required by Art 12(3).

Workspaces and billing visibility

When you join an Unwarp workspace, other members can see notes you capture into the workspace, the workspace dictionary, the workspace memory, and meeting recordings (until the audio is deleted). The bill-payer of an Unwarp Team subscription can see per-seat usage statistics (number of notes, total storage, total audio seconds) for the workspace they pay for, to support invoicing — they cannot read the contents of seat-holders’ notes.

Security

TLS for everything in transit. Row-Level Security on every user-owned table in Postgres. Object-storage policies enforce per-user ownership at the storage layer. API keys and OAuth tokens are stored as SHA-256 hashes. Service-role credentials are server-only and never exposed to the browser bundle. See SECURITY.md for the full hardening list.

Suspected vulnerabilities: write to security@pentaeon.dev.

Children

Unwarp is not directed at children under 16. Sign-up requires you to confirm you are 16 or older. If you believe a minor has registered, email privacy@pentaeon.dev and we will delete the account.

AI processing — what happens to your audio

Tapping the capture button initiates an outbound transmission of your audio to our speech-to-text processor (AssemblyAI by default, Groq as fallback), and the resulting transcript to Anthropic (cleanup) and OpenAI (embeddings, optional TTS). These processors are based in the United States; the safeguards above apply. For a note capture the audio is deleted within one hour; for a meeting recording the audio is retained for 30 days so you can replay it, then deleted. The transcript is what we keep long-term.

Changes to this policy

Material changes bump the version stamp at the top of this page and are announced in-app to existing users with a one-tap acknowledgement. Continuing to use Unwarp after a material change means you accept the updated policy. The version of the policy you accepted at sign-up is recorded on your profile.

Contact

Pentaeon · Paris, France · data-controller for Unwarp.
Privacy & data-subject requests: privacy@pentaeon.dev.
Security disclosures: security@pentaeon.dev.
General support: support@pentaeon.dev.