Download beta

Privacy Policy

Last updated July 18, 2026

Vertebrae takes notes on your meetings and calls using state-of-the-art security and end-to-end encryption. This page explains what we store, what we cannot see, and which outside parties are involved.

Information you provide

Your account. You sign in with Google or Apple. We store the name, email address, and profile photo they share with us, plus the handle you pick. We do not see or store a password.

Your phone number (optional). To place phone calls or let friends find you by number, you can verify your phone number, and we store it. You can skip this entirely.

Your contacts (optional). If you grant contacts access, matching happens by hashing phone numbers on your device and sending only the hashes. Your contacts’ names and numbers do not leave your phone.

Your conversations

  • Calls between Vertebrae users are end-to-end encrypted. Each call uses a fresh key that exists only on the participants’ devices; the audio and that key pass through our servers only in encrypted form we cannot decrypt.
  • Outbound phone calls to regular phone numbers travel over the phone network, which no one can end-to-end encrypt. We encrypt the Vertebrae leg and hand the call to our telephony carrier for the rest. Phone calls are outbound only: iOS does not give apps access to the audio of an ordinary incoming call, so we cannot transcribe inbound calls for as long as that remains the case.
  • Transcription runs on your device in real time. For higher accuracy, your call audio is also sent in chunks to a more capable model on our servers. That server-side transcription runs inside our attested trusted execution environment, the same hardware-verified environment we use for summaries (described below), so your audio is not visible to us unencrypted, and each chunk is evicted the moment the model finishes with it. There is zero data retention for call audio.
  • Your conversation records, including transcripts and summaries, are encrypted on your device with a key tied to your passkey before they are written anywhere. They are stored only as ciphertext, so wherever a record is kept, on your device or in a backup, it stays ciphertext that only you can decrypt. Records leave your device in readable form only when you choose to share them.
  • Summaries are generated inside a hardware-attested trusted execution environment. Your device verifies a signed attestation of the exact environment before sending anything, over an end-to-end encrypted channel, and the environment neither stores nor logs your transcript. We publish the attested measurements so you can check them yourself.

Information we do not have

We cannot read your conversations, with one exception you control: notes you publish (see Shared notes). Apart from those, we hold no call audio, no transcripts, and no summaries. We do not have your contact book. We hold only the public key from each of your devices; the private key does not leave your device.

Technical information

We store what is needed to operate the service: authentication tokens, your devices’ public keys, push notification tokens, and call records (who called whom, when, for how long, and for phone calls the number dialed). Push notifications carry only names and handles. Our servers keep operational logs of events like sign-ins and call setup; these can include identifiers such as your email or phone number, not conversation content.

We run no third-party analytics or crash reporting. Diagnostics stay in an on-device log that is scrubbed of personal information and is shared only if you paste it into a bug report yourself.

Shared notes

Publishing a note link is the one deliberate exception to the encrypted model above. For a note to be readable by anyone you send the link to, it has to be readable by our servers too, so when you publish a note it is decrypted and its summary and transcript are stored on our servers in plaintext. While a note is published, it is readable by us and by anyone who has the link. The link is the only thing controlling access: anyone who has it can read the note, use the AI features on the note page (which run on our own inference servers), or connect an agent through the note’s MCP endpoint. You choose how long a link lives, and published notes are deleted when they expire.

Data we do not sell

We do not sell, rent, or monetize your personal data or your content. We do not use your conversations to train AI models, and outside of notes you publish, we do not have your conversations in the first place.

Third-party services

We use Google and Apple for sign-in, Apple and Expo to deliver push notifications, and Twilio to verify phone numbers and to connect calls to the phone network (Twilio sees the numbers you dial and the audio of the phone-network leg). Each processes only what its job requires, under its own privacy policy. Our servers and attested inference run on infrastructure we control in Google Cloud and Microsoft Azure.

Questions

Write to us at support@vertebrae.ai.