Privacy Policy for Sally AI

Aliru GmbH
Julian Kissel
Julius-Hatry-Straße 1
68163 Mannheim
contact@sally.io
+49 621 49088670

For questions or concerns regarding data protection, please contact our Data Protection Officer at contact@sally.io.

Sally AI is a software solution that supports companies in conducting, documenting, and following up on virtual meetings. The AI-based application actively participates in online meetings on common platforms such as Zoom, Microsoft Teams, or Google Meet. After a meeting ends, Sally AI automatically generates a summary of the conversation content and identifies recognized tasks, which are then assigned to the respective responsible participants. The goal is to minimize the administrative effort associated with meetings and enable efficient follow-up.

The processing of personal data by Sally AI serves the following purposes:

• Participation in virtual meetings: Analysis and processing of spoken content in real-time or retrospectively for the creation of meeting summaries.
• Creation of summaries: Provision of a compact overview of the essential content and key results of the respective meeting.
• Task recognition: Automated identification of tasks resulting from the conversation, as well as their system-supported assignment to responsible persons.
• Management and documentation: Storage of summaries and recognized tasks in the collaboration platforms used (e.g., Microsoft Teams) for later review by authorized users.

Processing is carried out exclusively within the framework of contractual agreements with our customers and on the basis of the relevant data protection regulations.

The processed personal data is not used for the purpose of further development or training of AI models.

Various categories of personal and non-personal data are processed in connection with the use of Sally AI. Data processing is carried out exclusively to the extent necessary to provide the contractually agreed services. The following data types may be affected in particular:

User data

• First and last name, email address, user ID, team or department affiliation
• Meeting metadata such as title, date, and time

Meeting content

• Audio recordings and/or transcripts of meetings used to create automated summaries
• Content contributions of participants, including discussed topics, tasks, and decisions made

Task recognition and management

• Tasks identified through AI-based analysis and their contextual content
• Automated assignment of tasks to responsible persons via integrated tools (e.g., Microsoft Teams tasks or Microsoft Outlook)

Log and connection data

• Time and duration of Sally AI's participation in virtual meetings
• Information about the conference platform used (e.g., Zoom, Microsoft Teams, Google Meet)
• Technical information such as IP address, device identifiers, browser used

Technical usage data

• Usage statistics and telemetry data for optimization, error analysis, and stability improvement

Note: Processing is carried out exclusively for the purposes stated in Section 2. No other use of the content, in particular for training purposes or profiling, takes place.

For the operation and provision of Sally AI's features, we rely on specialized, contractually bound external service providers. These providers handle tasks in the areas of infrastructure, payment processing, language processing, AI functionalities, and system hosting. All service providers have been carefully selected and integrated in compliance with Art. 28 GDPR. Data processing takes place exclusively within the European Union or on the basis of appropriate safeguards pursuant to Art. 44 ff. GDPR.

The processing of personal data in connection with the use of Sally AI is carried out in compliance with the relevant data protection regulations, in particular the GDPR. Depending on the purpose and context, processing is based on the following legal grounds:

• Art. 6(1)(b) GDPR– for the performance of a contract to which the data subject is a party, or for carrying out pre-contractual measures;
• Art. 6(1)(c) GDPR– for compliance with a legal obligation to which the controller is subject;
• Art. 6(1)(f) GDPR– for the purposes of legitimate interests pursued by the controller or a third party;
• Art. 6(1)(a) GDPR– on the basis of freely given consent, where such consent is required.

Personal data is only transferred to third parties to the extent necessary for the fulfillment of contractual obligations, based on a legal obligation, or on the basis of express consent from the data subject.

Data processing and storage takes place exclusively within the European Union. A transfer of personal data to third countries within the meaning of the GDPR does not take place and is not intended.

Aliru GmbH implements appropriate technical and organizational security measures to protect personal data pursuant to Art. 32 GDPR. These include encrypted data transmissions, access controls, and regular security audits.

Detailed information about our security measures can be found in our DPA and its Annex (1) on TOMs: https://www.sally.io/de/avv

Personal data is only stored for the period necessary to fulfill the respective processing purposes or as long as statutory retention periods require longer storage. After the processing purpose ceases to apply or the relevant statutory retention periods expire, the data is promptly deleted or anonymized.

Data subjects have the following rights under the GDPR:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, please contact us using the contact details provided above.

You have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data violates data protection regulations.

We reserve the right to amend this privacy policy at any time with effect for the future. The current version is always available on our website at www.sally.io.

The Data Processing Agreement pursuant to Art. 28 GDPR and the overview of technical and organizational measures (TOMs) are available at: https://www.sally.io/de/avv

For questions or concerns regarding this privacy policy or the processing of your personal data, please contact us at:

Aliru GmbH
Julius-Hatry-Straße 1
68163 Mannheim
contact@sally.io

Note:This privacy policy serves to provide comprehensive information pursuant to Art. 12 ff. GDPR and ensures that the processing of your personal data is transparent and GDPR-compliant.