Opaq is built to process meeting data with the smallest possible footprint.

At a glance

We designed Opaq so that meeting audio and screen content stay on your Mac whenever possible. When the product needs a cloud service to do its job — speech-to-text or AI answer generation — the data is streamed, acted on, and dropped. On release builds, Opaq does not retain transcripts or meeting audio on our servers, and we do not use your meeting content to train models.

This summary is a plain-language overview. The sections below are the binding terms.

1. Information we collect

Account information

When you create an account on opaqai.com, we collect your email address, authentication tokens issued by Supabase, your subscription tier, and (for paid plans) a customer identifier from Stripe. We do not store credit card numbers or bank information — payment methods are held by Stripe, not by Opaq.

Meeting audio and transcripts

When you start a session in the Mac app, Opaq captures system audio via ScreenCaptureKit and streams it to Deepgram for real-time transcription. Transcribed text is sent to the selected reasoning provider (Anthropic by default) to generate an answer. On release builds, the app does not persist transcripts or audio recordings unless you explicitly enable local session memory.

Screen content (opt-in)

When you invoke the on-demand screen scan (⌘⇧R), Opaq takes a one-time screenshot of the active window, runs on-device OCR via Apple Vision, and sends the extracted text to the reasoning provider along with your prompt. We do not capture continuous screen video and we do not upload screenshots to our servers.

Context you provide

You may attach resumes, call playbooks, product briefs, or similar context to a session. These files stay on your Mac unless you choose to sync them to your account, in which case they are stored encrypted at rest in our database.

Operational telemetry

The app sends limited diagnostic signals — app version, build number, crash signatures, and non-content error reports — so we can fix bugs. The app does not send transcribed audio, screen content, or prompts to our analytics.

Website usage

opaqai.com collects standard server logs (IP address, request paths, timestamps) for debugging and abuse prevention. We use a privacy-preserving analytics setup that does not use third-party cookies to track you across sites.

2. How we use information

We use the information listed above to:

• • Deliver the core Opaq product — transcription, answer generation, session state.
• • Authenticate your account, sync entitlements, and process subscription payments.
• • Prevent abuse, enforce our Terms, and investigate security incidents.
• • Debug the product and improve reliability through non-content telemetry.
• • Communicate with you about your account, billing, and material product changes.

We do not sell personal information, and we do not share meeting content with advertisers or data brokers. We do not use your meeting audio, transcripts, or prompts to train our own models or the models of our subprocessors.

3. On-device processing

The Opaq overlay window is configured with sharingType = .none, which excludes it from every macOS screen capture and screen share API. This is enforced by the operating system, not by a policy we can break; if the overlay ever appears in a capture, it is a macOS bug, not a Opaq change.

Provider API keys (Anthropic, Deepgram, OpenAI) live exclusively on Opaq's backend, never on your device. The desktop app authenticates with your Opaq account and the backend issues short-lived, in-memory credentials for each session. Keys are not written to your filesystem, the Keychain, configuration files, or diagnostic reports.

If you enable local session memory, past session transcripts and summaries are stored in your user Application Support directory on your Mac. You can delete individual sessions, or clear all of them, from within the app.

4. Subprocessors

Opaq uses a small number of vendors to deliver the service. Each operates under its own published terms and data processing agreement.

We notify account holders by email at least thirty days before materially changing this list.

5. Data retention

• • Meeting audio and transcripts: not retained on our servers. Deepgram processes the stream in memory and does not persist content when we call their API with the zero-log flag we set by default.
• • AI prompts and completions: not retained on our servers. Anthropic retains requests for up to 30 days for trust-and-safety purposes under its standard terms; see anthropic.com/privacy for details.
• • Local sessions: kept on your Mac until you delete them.
• • Account and billing records: retained for as long as your account is active and for up to seven years after closure to meet tax and accounting obligations.
• • Server logs: retained for up to 90 days, then deleted or aggregated.

6. Security

We transmit data to providers over TLS. Account credentials are hashed via Supabase. Provider API keys are held server-side, scoped per-organization, and rotated on a schedule. Our infrastructure uses role-based access, audit logging, and least-privilege service accounts. No system is perfectly secure; if we ever experience a breach that affects you, we will notify you as required by applicable law.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. Residents of California, the European Economic Area, the United Kingdom, and other comparable jurisdictions have specific statutory rights under the CCPA, GDPR, and equivalent laws.

To exercise any of these rights, email support@opaqai.com. We may ask you to verify your identity before we act. We will respond within the time required by applicable law, typically within 30 days. You will not be charged for a reasonable request, and we will not retaliate against you for exercising your rights.

8. Cookies & analytics

The website uses first-party cookies for authentication and session state. We use privacy-preserving analytics to count page views and understand broad usage patterns; this does not require third-party ad cookies and does not build a cross-site profile. The Mac app does not use browser cookies.

9. International transfers

Opaq is operated from the United States. If you use the product from outside the United States, your information will be transferred to, stored, and processed in the United States and in other countries where our subprocessors operate. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms to lawfully transfer personal information out of the European Economic Area and the United Kingdom.

10. Children

Opaq is a professional tool and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact support@opaqai.com and we will delete it.

11. Changes to this policy

We may update this policy to reflect new features, new subprocessors, or legal changes. When we make a material change, we will update the "Last updated" date above and, where appropriate, notify account holders by email. Continued use of Opaq after a change takes effect means you accept the updated policy.

12. Contact

For privacy questions, data requests, or to report a concern, email support@opaqai.com. For urgent security reports, use the same address with "Security" in the subject line.