How Bonusly Protects Your 1:1 Meeting Data

Your 1:1 meetings are private conversations between you and your meeting partner. Bonusly treats everything from those meetings — transcripts, notes, summaries, and action items — as highly sensitive data. Here's how we keep it safe.

Meeting data is accessible only to the two participants. No managers, admins, or other team members can view your transcripts, summaries, or notes. This is enforced at every layer of the application — from the API to the database queries themselves.

Even in list views, Bonusly only shows whether a transcript exists, never the content. Full transcript data is only loaded when you open a specific meeting, and only after confirming you're a participant.

All meeting data is encrypted both in transit (via TLS/HTTPS) and at rest. At-rest encryption happens at the application level, meaning transcript data is stored as ciphertext — it's not readable by anyone with direct database access, including Bonusly engineers.

Encrypted fields include:

Bonusly doesn't retain meeting audio. When you record in the browser, audio is transcribed in real time and only the resulting transcript is stored.

Bonusly uses AssemblyAI for transcription and OpenAI for meeting summarization. Neither provider is allowed to use your data to train their models. Your meeting data is used solely to power Bonusly's features for you.

Either participant can delete a meeting's transcript at any time. Deletion removes the transcript text, the original file, and the raw transcription buffer. Transcript changes are tracked in an audit log for data integrity.