Privacy Policy
Last updated: May 17, 2026
10xMeet (“we”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Platform.
1. Information We Collect
Account information
- Name, email, password (hashed with bcrypt)
- Username, timezone, optional avatar and bio
- OAuth tokens for Google / Microsoft / Zoom (encrypted at rest with AES-256-GCM)
- Stripe customer / subscription IDs for billing
Event & booking data
- Event types you create, availability rules, custom questions
- Bookings made on your link: invitee name, email, timezone, time, meeting link
- Answers to your custom booking questions and lead-qualification fields
- Optional AI-generated summaries and lead scores
- Private notes you attach to bookings (only visible to you)
Usage data
- Pages visited, features used, request logs
- IP address (used for rate-limiting and abuse prevention; not stored long-term)
- Browser type, device type, referrer
2. How We Use Information
- Service delivery: running your booking pages, sending confirmation/reminder emails, generating meeting links via connected providers (Google Meet, Zoom, Teams)
- AI features (AI Pro plan): generating qualification scores, summaries, reminder text, and no-show recovery messages
- Communication: transactional email (booking confirmations, password resets) and occasional product updates
- Analytics: understanding usage to improve the product
- Security: rate limiting, fraud detection, account protection
- Compliance: fulfilling legal obligations
3. Information Sharing
We do not sell your personal information. We share data only with:
Service providers
- Stripe — payment processing (subscriptions and paid bookings). Card data is entered on Stripe-controlled fields and never touches our servers.
- Resend — transactional email delivery.
- OpenAI — when AI features are enabled, the specific booking-form answers are sent to OpenAI's API to generate output. Per OpenAI's API terms, this data is not used to train their models.
- Google / Microsoft / Zoom — when you connect a calendar/meeting provider, we exchange tokens with them to read availability and create events on your behalf. Their use of that data is governed by their own policies.
- DigitalOcean — hosting infrastructure.
Invitee data
When someone books a meeting on your link, you (the host) receive their information. You are responsible for handling invitee data in accordance with applicable privacy laws.
Legal requirements
We may disclose information when required by law, court order, or government request, or when necessary to protect rights, safety, and property.
Business transactions
If 10xMeet is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
4. Data Security
- Encryption in transit: all traffic uses TLS
- Encryption at rest: OAuth tokens for calendar/Zoom connections are encrypted with AES-256-GCM before being written to the database
- Password hashing: bcrypt with cost factor 12
- Webhook signing: outbound webhooks signed with HMAC-SHA256
- Rate limiting: applied to login, signup, booking, and password reset endpoints
- Security headers: HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-Frame-Options
No system is completely secure. Protect your account credentials and notify us immediately at support@10xmeet.com of any unauthorized access.
5. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate data (most via your account settings)
- Delete your account and associated data
- Export a copy of your data in a portable format
- Opt out of marketing emails (transactional emails like booking confirmations cannot be opted out of while you have an active account)
Email support@10xmeet.com to exercise any of these rights.
6. Cookies & Tracking
We use only essential cookies (session/auth, CSRF protection, OAuth state). We do not use advertising cookies, third-party analytics tags, or cross-site tracking.
7. Data Retention
- Account data — while your account is active and 30 days after deletion (recovery window)
- Bookings — retained for as long as your account is active (historical record)
- Webhook delivery logs — last 90 days
- Password reset tokens — 60 minutes
- Billing records — 7 years per tax requirements
8. Legal Basis (EU/UK users)
Under GDPR/UK GDPR, we process personal data on these bases:
- Contract — to provide the service you signed up for
- Legitimate interest — for security, fraud prevention, essential analytics
- Legal obligation — for tax, accounting, lawful requests
9. Children
10xMeet is not intended for anyone under 16. We do not knowingly collect data from children under 16. If you believe a child has created an account, contact us and we will delete the account immediately.
10. Changes
We may update this policy. Material changes will be announced in-app or by email. The “Last updated” date at the top reflects the most recent revision.
11. Contact
Email support@10xmeet.com. We respond within 30 days.
By using 10xMeet you acknowledge you have read and understood this Privacy Policy and agree to its terms.