Privacy Policy

Second is an AI note-taking app for macOS. This policy explains what data we collect through the website and authentication flow, and what happens to the data created inside the app.

The app

Second is designed around keeping your notes and working content on your Mac. We do not run product servers that ingest or store your notes, recordings, transcripts, or generated note content as part of normal product use.

We do not use your notes, recordings, transcripts, or any content you create in Second to train AI models.

Second uses on-device AI processing on the user's Mac. Specifically, we use Apple's on-device AI capabilities for summaries/titles and local speech/transcription processing.

You are responsible for notifying meeting participants that a meeting is being recorded and for obtaining any consent required by applicable law before using Second to record.

Authentication

Second uses Google native authentication in the macOS app when you choose to sign in with Google. Google provides the account information needed to identify you, such as your Google account email address and basic profile information.

Second uses Supabase for user management and app access records. Supabase helps us maintain your account record, associate your app session with your user profile, and manage access to Second.

See Supabase's privacy policy for details on how they handle authentication data.

Google Calendar integration

If you choose to connect Google Calendar, Second requests the Google Calendar read-only scope https://www.googleapis.com/auth/calendar.readonly. Second does not request permission to create, edit, or delete calendar events.

Google user data we access

When you sign in with Google, Second accesses the Google account data needed for authentication and account management, including your email address and basic profile information returned by Google.

When you connect Google Calendar, Second may read calendars and event information available to your Google account, including calendar identifiers, event titles, event times, attendee information, meeting links, recurrence information, event descriptions, and related event metadata. We access this data only through the Google Calendar read-only scope.

How we use Google user data

We use Google account data to sign you in, create and manage your Second account, secure your session, and connect your app session to your user profile.

We use Google Calendar data only to provide the calendar integration and meeting context features you request. This includes identifying the meeting you are recording, matching a recording to the correct calendar event, showing or attaching event title, time, attendees, meeting link, and related metadata, and improving the accuracy of local meeting notes and attendee suggestions.

We do not sell Google user data, use it for advertising, use it to train AI models, or use it for unrelated product analytics. We do not use Google Calendar access to create, edit, or delete events.

Google user data sharing

We do not sell or rent Google user data. We do not share Google user data with advertisers, data brokers, or AI model providers for training.

We share Google user data only with service providers needed to operate the requested authentication, user management, and app access functionality. These providers include Supabase, which we use for user management and account records. Those providers may process data only to provide services to Second and are not permitted to use it for their own advertising or unrelated purposes.

Google user data storage and protection

Calendar event contents are used to provide context inside the app and local note workflow. We do not operate a product database intended to store your full Google Calendar event history on our servers.

We may store limited Google connection data, such as account identifiers, connection metadata, and OAuth tokens, when needed to keep Google sign-in and Google Calendar access working. This data is stored using our server-side user management infrastructure and is not exposed in client-side website code.

We protect Google user data using HTTPS in transit, access controls for production systems, server-side storage for credentials and tokens, and the security controls provided by our infrastructure providers.

Google user data retention and deletion

We retain Google account and connection data only for as long as needed to provide your Second account, Google sign-in, and Google Calendar integration, unless a longer retention period is required by law or needed for security, fraud prevention, or dispute resolution.

You can disconnect Google Calendar from the app, request disconnection by emailing us, or revoke Second's Google access at any time from your Google Account permissions. Revoking access prevents future access to Google Calendar data through your Google account.

You can request deletion of your account data, including stored Google connection data associated with your Second account, by emailing gleb@kodebusters.com. We will process deletion requests within a reasonable period, subject to legal, security, and fraud-prevention retention requirements.

Second's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data we store

• Account authentication data such as your email address
• Minimal account records needed to manage access to the app
• Limited Google account, OAuth connection, and Calendar connection data if you choose to use Google sign-in or connect Google Calendar
• Lightweight website analytics and product lifecycle metadata, such as page views, referral information, signup status, and billing status

We do not store your notes, recordings, or transcripts as part of the current product flow.

Website analytics

We use PostHog for lightweight website analytics. PostHog helps us understand basic product and website usage, such as page views, referral sources, button clicks, signup conversion, and whether users complete registration or purchase access.

We use this information to measure what is working, improve the website and onboarding flow, and understand where users drop off. We do not use PostHog analytics data to read your notes, recordings, or transcripts.

Email and communication

We use Loops to send transactional and product lifecycle emails, such as welcome emails, setup reminders, and related account communications. We may also use Loops audiences to organize users for future product communications.

For these emails, we typically share only the data needed to send and manage the communication, such as your email address, name if available, account status, and limited product lifecycle events like registration or payment completion.

Third-party services

• Supabase — user management and account records. Privacy policy
• Google — Google sign-in and optional Calendar integration. Privacy policy
• PostHog — website analytics and conversion measurement. Privacy policy
• Loops — transactional email and lifecycle communication. Privacy policy

Changes to this policy

If we update this policy, we'll update the date at the top of this page.

Contact

Questions about this policy? Reach us at gleb@kodebusters.com

Kodebusters Technologies OÜ
Kirsi tn 5-23, Kristiine linnaosa, Tallinn, Harju maakond, 10616, Estonia

See also Terms of Service, Support, and Refund Policy.