How, where, and why Akompa processes your data
Last updated: May 13, 2026
The registry below presents the main types of data processed by Akompa, the reasons they are processed, the technology service providers participating in their processing, the applicable security measures, and the territories involved. It is intended, among other things, to help professionals and organizations using Akompa Notes complete, when necessary, their privacy impact assessment.
| Type of data | Why this data is processed | Providers involved | Security | AI models | Transit outside Quebec | Long-term storage outside Quebec | Long-term storage in Quebec |
|---|---|---|---|---|---|---|---|
Audio recordings | To generate transcripts, which are then used to generate notes | storage: AWS (Quebec), transcript generation: Modal Labs | ISO 27001, SOC 2, AES-256 encryption at rest, data processing agreement (DPA) | Akompa-controlled open-source model. Data is not used to train the model. | Yes, United States | No | Yes, max 24h |
Transcripts, initial notes in processing, and note examples of a custom template | To generate notes and custom note templates | orchestration: Modal Labs, AI: OpenAI | ISO 27001, SOC 2, AES-256 encryption at rest, DPA | Various OpenAI models. Data is not used to train the models. | Yes, United States | No | No |
Client identifiers (name, ID, or alias), revised notes, and transcripts | To allow you to access notes and transcripts from past sessions and organize them by client | AWS (Quebec), Supabase (Quebec) | ISO 27001, SOC 2, AES-256 encryption at rest, DPA | none | No | No | Yes, retention depends on configuration (default 24–48 hours) |
| Type of data | Why this data is processed | Providers involved | Security | AI models | Transit outside Quebec | Long-term storage outside Quebec | Long-term storage in Quebec |
|---|---|---|---|---|---|---|---|
Name, email address, and other waitlist information | Signup request management, user profile creation, secure authentication, and technical support | AWS (Quebec), Supabase (Quebec) | ISO 27001, SOC 2, AES-256 encryption at rest, DPA | none | No | No | Yes, for the lifetime of the account |
Financial information | Credit card payments | Stripe | PCI-DSS Level 1, SOC 1 & 2, AES-256 at rest, TLS 1.2, DPA | none | Yes, United States | For the term of the agreement and any period required by law (e.g., financial record keeping). | No |
First name and email address | Sending emails required for the web application to function | Resend | SOC 2 Type II, AES-256 at rest, TLS in transit, DPA | none | Yes, United States | Yes | No |
Name, email address, and other waitlist information | Sending optional emails to users (e.g., reminders or resource sharing), with unsubscribe available from the link at the bottom of each message | MailerLite | ISO 27001:2022, AES-256 at rest, TLS in transit, DPA | none | Yes, European Union | Yes | No |
Technical metadata (browser, operating system, etc.) | Diagnosing technical errors and improving application stability | Sentry | SOC 2 Type 2, ISO 27001, AES-256 at rest, TLS in transit, DPA | none | Yes, United States | Yes | No |
Name and email address | Receiving and sending emails (e.g., about your questions and comments) | Microsoft 365 (Quebec) | SOC 1/2/3, ISO 27001, HITRUST, AES-256 at rest, TLS in transit, DPA | none | No | No | Yes |
Video conversations with our team and their transcript | Videoconference discussions about Akompa Notes and analysis of these discussions | Zoom | SOC 2 Type 2, ISO 27001, ISO 27018, AES-256 at rest, TLS in transit, DPA | Zoom AI for transcription and summary of discussions. Data is not used to train the models. | Yes, United States | Yes | No |