Privacy Policy

Overview

MeetFlow is a self-hosted AI scheduling assistant. This privacy policy describes how MeetFlow handles data when deployed on your organization's infrastructure at meetflow.sh.

Data collected

MeetFlow processes the following data to provide scheduling services:

• Email content — incoming emails addressed to the assistant are read to understand scheduling requests. Thread history is used for context.
• Calendar events — event titles, times, attendees, and locations are read to determine availability. MeetFlow can create, update, and delete events on your behalf.
• OAuth tokens — securely stored in the database to maintain access to your Google or Microsoft calendar and email.
• User preferences — timezone, working hours, and scheduling instructions you provide via email.
• Contact history — basic metadata about scheduling interactions (who, when, meeting type) to improve future scheduling suggestions.

Data storage

All data is stored in a PostgreSQL database on your organization's infrastructure. MeetFlow does not transmit data to any external servers operated by MeetFlow. The data remains entirely within your deployment environment.

LLM data handling

MeetFlow uses a large language model to understand scheduling requests and compose responses:

• Local LLM (default) — when configured with Ollama, all LLM processing happens locally. No data leaves your network.
• Cloud LLM (optional fallback) — if configured with Anthropic or OpenAI as a fallback, MeetFlow applies configurable privacy levels:
  • Full — all context is sent (recommended only for local LLMs)
  • Redacted — emails, phone numbers, and names are replaced with pseudonyms before sending
  • Minimal — schedule context, contact history, and learned instructions are stripped
• An audit log can be enabled to track every LLM call for compliance review.

Third-party services

MeetFlow integrates with the following third-party services solely to provide its scheduling functionality:

• Google APIs — Gmail API (to read and send emails) and Google Calendar API (to manage events). Governed by Google's Privacy Policy.
• Microsoft Graph API — for Microsoft 365 calendar access (if configured). Governed by Microsoft's Privacy Statement.

MeetFlow does not use any third-party analytics, tracking, or advertising services.

Data retention

Data retention is configurable by your organization's administrator. By default, scheduling data is retained for 365 days. OAuth tokens are stored until revoked by the user or an administrator.

Data deletion

Users can request data deletion by contacting their organization's administrator. Since MeetFlow is self-hosted, your organization has full control over all stored data and can delete it at any time.

Contact

For privacy-related questions about this MeetFlow deployment, contact your organization's administrator or email assistant@meetflow.sh.