Privacy Policy

Effective November 2025

Entity: In Parallel Oy ("we", "us", "our")

1. Scope and roles

This Privacy Policy applies to (a) our websites and marketing properties (the "Websites") and (b) our software and related services, including Navigator and any meeting assistant/bot, integrations, and APIs (the "Services").

For personal data collected via the Websites, In Parallel Oy is the controller. For data we process in the Services on behalf of a business customer ("Customer Content"), the Customer is the controller and In Parallel is the processor. Our Data Processing Addendum ("DPA") forms part of our contract with customers.

2. The data we process

Depending on how you interact with us, we may process:

  • Account & Profile: name, email, password hash or SSO identifier, role, organization.
  • Customer Content (Services): meeting transcripts and summaries, action items, topics and decisions captured by Navigator or the meeting bot—controlled by your organization's admin settings and integrations.
  • Usage & Telemetry: pages visited, features used, device, browser, IP address, session IDs.
  • Marketing: contact details submitted through forms, event sign-ups, or content downloads; campaign-performance data from cookies and tracking pixels (see Cookie Policy).
  • Communication: messages you send us via support, chat, or email.
  • Third-party integrations: data synced through calendar, project-management, or messaging integrations that your organization connects to In Parallel.

3. Purposes and legal bases

We process personal data for these purposes and on these legal bases:

  • Providing and operating our Services: performance of contract (Art. 6(1)(b) GDPR)
  • Improving and developing the platform: legitimate interest (Art. 6(1)(f))
  • Meeting capture and transcript processing: legitimate interest of the customer's business operations plus the customer's obligation to obtain participant consent where required by applicable law
  • Marketing, analytics, and advertising cookies: consent (Art. 6(1)(a))
  • Complying with legal obligations: legal obligation (Art. 6(1)(c))
  • Protecting our rights and preventing fraud: legitimate interest (Art. 6(1)(f))

4. Automated decision-making

We do not make decisions with legal or similarly significant effects solely based on automated processing.

5. Meeting capture and transcripts

If your admin—or you—enables meeting capture, our assistant may join calls to record audio and generate transcripts/summaries.

Consent should be obtained from all participants before allowing In Parallel to access the meeting. Once added, the assistant announces its presence and links to its privacy notice in the meeting chat (where supported).

Your organization is responsible for providing all legally required notices and securing consent. Admins can configure defaults for recording/transcripts and set retention.

6. Third-party processors and integrations

We use trusted subprocessors (e.g., cloud hosting, storage, logging, transcription/LLM providers) to operate the Services under written contracts that meet GDPR Article 28.

An up-to-date list of subprocessors is available upon request. We will notify customers of material subprocessor changes in advance.

7. International data transfers

Some subprocessors are based outside the EEA. For each transfer we rely on one or more of: EU adequacy decisions, Standard Contractual Clauses, the EU-U.S. Data Privacy Framework.

Customer Content is stored in the EU by default; alternative residency options may be available by agreement.

8. Security

Technical and organizational measures include encryption at rest and in transit (TLS 1.2+), access controls, least-privilege principles, audit logging, vulnerability management, and incident-response procedures.

We hold ISO 27001 and ISO 42001 certifications and conduct annual external audits and penetration tests.

9. Retention

We retain personal data only as long as needed for its purpose or as required by law.

Customer Content retention defaults are set by the customer's admin. Marketing data is retained until consent is withdrawn. Website analytics data is retained in anonymized/aggregated form.

When data is no longer needed, it is securely deleted or anonymized in accordance with our retention schedule.

10. Your rights (EEA/UK)

Under GDPR you have the right to:

  • Access: obtain a copy of your data.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion ("right to be forgotten").
  • Restriction: limit processing in certain cases.
  • Portability: receive your data in a structured, machine-readable format.
  • Object: object to processing based on legitimate interest.
  • Withdraw consent: at any time for consent-based processing (e.g., cookies, marketing emails).
  • Lodge a complaint: with your local supervisory authority.

To exercise any of these rights, contact us at info@in-parallel.com or through the means listed below. We will respond within 30 days.

11. Data Protection Officer

Name: Kristian Luoma
Email: info@in-parallel.com

12. Contact

In Parallel Oy
Salomoninkatu 17 B 4
00100 Helsinki, Finland
info@in-parallel.com

13. Changes

We may update this policy from time to time. Material changes will be communicated via email or in-product notice. The "Effective" date at the top shows the latest version.