Privacy Policy
Last updated July 8, 2026
BoardReporter (“BoardReporter,” “we,” “us,” or “our”) provides a board-governance portal that helps nonprofits and small organizations run meetings, build packets, and turn recordings into human-reviewed draft minutes. This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have. It applies to our website and application (the “Service”).
We designed BoardReporter around a simple principle: your board’s records belong to your board. We collect only what we need to run the Service, and we protect it with the safeguards described in our Security & data protection overview.
Information we collect
Information you provide
- Account information — your name, email address, and a securely hashed password.
- Board and governance content — organizations, memberships and roles, meetings, agendas, packets, RSVPs, motions and votes, action items, resolutions, minutes, and documents you upload.
- Meeting recordings — audio you record or upload is transcribed and then permanently deleted. We retain only the resulting text transcript; the audio file is never stored after transcription.
- Communications — messages you send us for support or other inquiries.
Information collected automatically
- Usage and log data — basic technical information such as IP address, browser type, and actions taken in the Service, used to operate, secure, and improve it.
- Cookies — we use a strictly necessary, secure session cookie to keep you signed in. We do not use third-party advertising cookies.
Payment information
Payments are processed by Stripe. We do not collect or store your full card number; Stripe handles payment details under its own privacy and security terms.
How we use information
- Provide, maintain, and secure the Service and your board’s account.
- Transcribe recordings and generate draft minutes and summaries for a human to review and approve.
- Send transactional messages such as meeting reminders, invitations, and account notices.
- Process subscriptions and prevent fraud and abuse.
- Understand aggregate, non-identifying usage to improve the product.
We do not sell your personal information, and we do not use your board’s private content to train third-party AI models beyond what is required to provide the transcription and drafting features you request.
How information is shared
We share information only with service providers (“sub-processors”) that help us operate the Service, each bound to protect it:
- Vercel — application hosting and private file storage.
- Neon — managed PostgreSQL database.
- Stripe — subscription billing and payments.
- Resend — transactional email delivery.
- AI processing providers — recordings and transcripts are sent to trusted AI providers solely to produce transcripts and draft minutes for your board.
We may also disclose information if required by law, to protect our rights or users’ safety, or in connection with a merger or acquisition (subject to this Policy).
Data isolation and access
Each board’s data is logically isolated, and access within a board is limited by role (officer, staff, guest) with owner controls and scoped advisor grants. Executive-session material is restricted to its participants and is excluded from cross-board views, search, and platform analytics.
Data retention
- Audio recordings are deleted immediately after transcription.
- Your board’s governance records are retained while your account is active so they remain available as the organization’s minute book. Approved and locked minutes are preserved as a permanent, tamper-evident record.
- We retain information as needed to comply with legal, tax, and audit obligations.
Your rights and choices
You may access and update your account information at any time. You may request a copy of your board’s data, correction of inaccurate information, or deletion of your account. Some records may be retained where required by law or to preserve the integrity of an organization’s governance record. To make a request, contact us at privacy@boardreporter.com.
Security
We protect information with encryption in transit, hashed passwords, rate-limited authentication, private document storage served through short-lived authorized links, strict browser security headers, and an append-only audit trail for sensitive administrative actions. No system is perfectly secure, but we work continuously to safeguard your data. See our Security & data protection overview for details.
Children’s privacy
The Service is intended for organizational and business use and is not directed to children under 13. We do not knowingly collect personal information from children.
Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you.
Contact us
Questions about this Policy or your data? Email privacy@boardreporter.com.