Security & AI Privacy

Rithmo Security & AI Data Privacy Whitepaper

Last updated: May 2026

This document is a draft for customer security, privacy, IT, procurement, and legal review. Reconcile it with the Privacy Policy, DPA, subprocessor list, and deployed technical controls before relying on it in procurement.
Request Full Documentation

Encryption

AES-256 at rest · TLS 1.3 in transit

Audio Retention

Processed in real time · Never stored

Model Training

Customer data never used · Ever

Last updated: May 2026

1. Executive Summary

Rithmo is an AI-enabled meeting governance platform designed for organizations that need more effective, accountable meetings without sacrificing control over sensitive business information.

Meetings often contain confidential customer discussions, internal strategy, product plans, financial information, legal analysis, personnel matters, security topics, and other high-value business context. Rithmo is built on the principle that AI can help organizations run better meetings only if meeting data is processed through clear boundaries, strong controls, and transparent vendor practices.

Rithmo’s security and privacy model is based on five core commitments:

CommitmentWhat it means
Customer controlCustomers control how Rithmo is enabled, which integrations are connected, how meeting outputs are shared, and which AI-enabled workflows are used.
Purpose-limited processingRithmo processes customer data only to provide, secure, support, administer, and improve the Rithmo service, or as otherwise authorized by the customer.
No general-purpose AI trainingRithmo does not use customer meeting content to train general-purpose AI models and requires AI providers not to train their models on customer meeting content unless expressly authorized by the customer.
Controlled AI processingExternal AI, speech, transcription, and infrastructure providers are used only through defined product pathways and contractual safeguards.
Tenant isolationOne customer’s meeting content is not used to generate customer-facing outputs for another customer.

Rithmo is not designed to avoid AI. Rithmo is designed to make AI use controlled, minimized, explainable, customer-scoped, and auditable.

2. Purpose and Scope

This whitepaper explains how Rithmo protects customer data across its product architecture, meeting data lifecycle, AI processing model, vendor integrations, retention practices, and security controls.

It is intended for customer security, privacy, legal, procurement, and IT teams evaluating Rithmo for business use.

This document covers:

  • customer data categories processed by Rithmo;
  • live meeting and post-meeting processing boundaries;
  • transcript, agenda, document, calendar, and derived meeting data handling;
  • AI and external provider processing;
  • tenant isolation and cross-customer contamination prevention;
  • customer controls and administrative governance;
  • access control, encryption, logging, retention, and deletion; and
  • subprocessor and external service transparency.

This whitepaper should be read together with Rithmo’s Privacy Policy, customer agreement, Data Processing Addendum, and subprocessor disclosures.

3. Rithmo’s Security and Privacy Design Principles

Rithmo’s product is built around the following design principles.

3.1 Meeting Data Is Sensitive by Default

Rithmo treats meeting audio, transcripts, transcript segments, agenda content, uploaded documents, generated summaries, decisions, action items, recommendations, and behavioral analytics as sensitive customer data.

Meeting content is not treated as generic usage telemetry. It is customer business content and is protected accordingly.

3.2 AI Is Governed by Product Boundaries

Rithmo may use AI providers to support transcription, summarization, action item extraction, meeting assistance, recommendations, embeddings, text-to-speech, and other AI-enabled features. These providers are used through defined product pathways, not unmanaged employee workflows or ad hoc data movement.

3.3 Customer Data Remains Customer-Scoped

Rithmo is designed so that customer-specific meeting content, behavioral analytics, recommendations, memory, prompts, embeddings, and retrieval context remain scoped to the relevant customer, workspace, team, meeting, or authorized user context.

3.4 Sensitive Content Is Minimized Before External AI Processing

Rithmo’s AI processing model is designed to send only the minimum data required for a given task. When transcript or document content is needed for an AI feature, Rithmo uses bounded context, redaction, pseudonymization, identifier separation, and local rehydration controls to reduce unnecessary exposure.

3.5 AI Outputs Do Not Bypass Policy and Execution Controls

Rithmo separates AI-assisted decisioning from product execution. AI-generated insights, recommendations, and live meeting intents are routed through policy, validation, permission, and execution controls before becoming customer-facing actions.

4. Customer Data Categories

Rithmo processes different categories of customer data, each with different sensitivity and handling requirements.

Data categoryExamplesHandling posture
Account dataname, email address, organization, role, account settingsUsed for account management, authentication, support, and administration.
Meeting metadatameeting title, meeting time, duration, attendees, agenda items, organizer, meeting identifiersCustomer-scoped and minimized when used for AI or vendor processing.
Meeting contentaudio, transcript text, transcript segments, chat where enabled, uploaded documents, attachmentsTreated as high-sensitivity customer content and processed only for enabled features.
Transcript datautterance text, speaker labels, timestamps, segment references, speaking activityTreated as high-sensitivity content; external AI use is bounded and controlled.
Calendar dataevent title, time, attendees, organizer, location, recurrence, connected calendar metadataProcessed only for authorized calendar and meeting-context features.
Derived meeting outputssummaries, recaps, decisions, action items, follow-ups, scorecards, recommendationsProtected as customer content because they are generated from customer meetings.
Behavioral intelligencecustomer-scoped profiles, signatures, longitudinal patterns, recommendation historyInternal and customer-scoped unless explicitly surfaced through approved product features.
Integration credentialsOAuth tokens, API credentials, sync state, connection metadataProtected with credential safeguards and limited access.
System telemetrytask type, provider, model, latency, token count, errors, uptime, security eventsUsed for operations, reliability, security, auditability, and billing where applicable; designed to avoid raw customer content.

5. Product Architecture Overview

Rithmo provides two primary customer-facing experiences:

  • an in-meeting experience for live meeting support; and
  • a web dashboard for meeting preparation, review, analytics, settings, and follow-up workflows.

Behind these experiences, Rithmo uses a central application layer to coordinate meeting operations, transcript processing, agenda workflows, recommendations, integrations, analytics, and customer-facing updates.

The key architectural principle is controlled data flow. Rithmo’s product behavior is routed through defined application, policy, runtime, integration, storage, worker, and provider pathways. This reduces the risk of inconsistent data handling or uncontrolled automation.

6. Live Meeting Runtime Controls

Rithmo’s live meeting runtime is designed to keep customer-facing meeting behavior controlled and auditable.

A live meeting may involve inbound events from the meeting platform, meeting bot, transcript provider, user actions, agenda state, policy signals, and integrations. Rithmo normalizes those events, updates canonical meeting state through controlled paths, evaluates applicable policy and governance rules, and routes customer-facing actions through defined execution mechanisms.

This structure helps ensure that live meeting behavior does not arise from arbitrary model outputs or unmanaged automation. AI may assist the meeting experience, but customer-facing actions remain governed by Rithmo’s runtime, policy, validation, and execution boundaries.

7. Post-Meeting Analytics and Learning Controls

Rithmo separates post-meeting analytics and learning from live meeting execution.

After a meeting ends, Rithmo may process transcript and meeting data to support summaries, decisions, action items, scorecards, recommendations, analytics, and customer-scoped learning.

The post-meeting layer is designed to:

  • process transcript data after meeting completion and finalization;
  • compute deterministic meeting, transcript, and participation signals;
  • aggregate customer-scoped meeting behavior over time;
  • generate insights and recommendations for future meeting improvement;
  • support internal evaluation and product quality workflows; and
  • prevent non-canonical analytics outputs from silently becoming live meeting behavior.

This separation allows Rithmo to learn from customer meetings while preserving clear boundaries between post-meeting analysis and live customer-facing execution.

8. Canonical Product Boundaries

Rithmo distinguishes between canonical product truth and supplemental AI-assisted analysis.

Product areaControl boundary
Live meeting stateMaintained through Rithmo’s controlled runtime state path.
Live actionsRouted through policy, validation, and execution controls.
Meeting outputsGenerated and surfaced through approved product workflows.
Scorecards and analyticsProduced through defined analytics and reporting pathways.
Behavioral intelligenceCustomer-scoped and used through approved insight, recommendation, or decision pathways.

This boundary prevents Rithmo from creating competing sources of truth for the same customer-facing meeting outcome.

9. AI Processing Model

Rithmo uses AI and model-based services to support product capabilities such as:

  • meeting transcription;
  • summarization and recap generation;
  • decision and action item extraction;
  • agenda assistance;
  • live meeting facilitation;
  • document intelligence;
  • semantic similarity and embeddings;
  • recommendation generation;
  • behavioral classification;
  • meeting health scoring;
  • text-to-speech; and
  • evaluation and quality workflows.

AI processing is governed by the following controls.

9.1 Registered Product Purpose

Each external AI processing pathway is tied to a defined product purpose, such as summarization, facilitation, transcription, extraction, recommendation, embedding, or text-to-speech.

9.2 Minimum Necessary Data

Rithmo sends only the information needed for the specific feature. For example, a task that requires a short transcript window should not receive a full meeting transcript.

9.3 No General-Purpose Model Training

Rithmo does not use customer meeting content to train general-purpose AI models and requires external AI providers not to train their models on customer meeting content unless the customer expressly authorizes that use.

9.4 Contractual Vendor Controls

External AI, transcription, speech, infrastructure, and workflow providers are governed through contractual and technical controls appropriate to the type of service and data involved.

9.5 Content-Free Operational Logging

Rithmo’s AI usage logging is designed to capture operational metadata such as provider, model, task type, latency, success/failure state, and token usage where applicable, without storing raw prompts, raw transcripts, raw documents, or full model responses in routine operational logs.

10. Transcript and Identifier Protection

Some of Rithmo’s core capabilities require processing transcript content. Rithmo’s security model does not depend on pretending transcript data is never used. Instead, Rithmo governs transcript use carefully.

When transcript content is processed for AI-enabled features, Rithmo applies the following controls:

ControlDescription
Bounded transcript windowsAI tasks use the minimum transcript excerpt or segment window needed for the feature.
Identifier minimizationDirect identifiers such as user IDs, participant IDs, email addresses, organization IDs, and meeting IDs are excluded from AI payloads unless required for the task.
Speaker pseudonymizationSpeaker names and participant references may be replaced with neutral aliases such as SPEAKER_1 and SPEAKER_2.
Local rehydrationRithmo maps pseudonymous AI outputs back to internal records inside Rithmo after output validation.
Sensitive-content scrubbingEmails, phone numbers, direct identifiers, customer names, project names, and other sensitive elements are redacted or aliased where feasible.
Evidence referencesRithmo prefers local evidence references and segment references over repeatedly sending raw transcript text.
Sensitive meeting modesMeetings involving legal, HR, finance, security, executive, customer, or regulated topics may be subject to stricter processing rules.

These controls allow Rithmo to preserve core product capabilities while reducing unnecessary exposure of identifiable or sensitive meeting content.

11. Document and Attachment Protection

Documents and attachments often contain highly sensitive business information. Rithmo treats uploaded or linked documents as high-sensitivity customer content.

Where document intelligence features are enabled, Rithmo may process document content to generate meeting preparation briefs, agenda context, document coverage analysis, participant-specific views, or other meeting-related outputs.

Document processing is governed by:

  • explicit feature enablement;
  • access controls tied to customer and meeting permissions;
  • encryption for stored sensitive document artifacts where supported;
  • external AI processing only where needed for the enabled feature;
  • minimization and redaction before external AI processing where feasible;
  • retention controls aligned to customer configuration; and
  • audit logging that avoids raw document content in routine logs.

Enterprise customers may restrict document intelligence, require approved providers, or use stricter processing configurations based on their security requirements.

12. Tenant Isolation and Cross-Customer Contamination Prevention

Rithmo is designed as a customer-scoped platform. One customer’s meeting content is not used to generate customer-facing outputs for another customer.

This principle applies to:

  • prompts;
  • summaries;
  • recommendations;
  • meeting memory;
  • embeddings and retrieval context;
  • caches;
  • behavioral learning records;
  • profile and signature records;
  • analytics; and
  • customer-facing output generation.

Rithmo’s tenant isolation model is designed around customer-scoped storage, permission-checked retrieval, scoped prompt context, scoped caches, scoped embeddings, and customer-specific learning boundaries.

13. Customer Controls and Administrative Governance

Rithmo is designed to give customers control over how meeting data and AI features are used.

Depending on the customer’s plan and enabled features, administrators may control:

  • whether Rithmo is enabled for particular meetings, teams, or workspaces;
  • whether transcription is enabled;
  • whether AI-generated summaries, decisions, action items, recommendations, and live facilitation are enabled;
  • whether document intelligence is enabled;
  • which integrations are connected;
  • which users and roles may access meeting outputs;
  • retention settings for transcripts, outputs, analytics, documents, and logs;
  • stricter handling for sensitive meeting categories; and
  • whether customer content may be used for optional product-improvement programs.

Customer administrators are responsible for configuring Rithmo in accordance with their organization’s internal policies, participant notice requirements, and applicable law.

14. External Services and Subprocessors

Rithmo uses third-party providers to operate the service and provide customer-enabled features. Provider usage depends on the customer’s configuration and the features enabled.

Provider categoryRoleExample data categories
Meeting platform providersIn-meeting experience, meeting lifecycle, OAuth, moderation supportmeeting metadata, participant metadata, meeting state
Meeting bot providersBot join, transcript ingestion, bot lifecycle eventsmeeting join information, bot identifiers, speaker labels, transcript events
Speech-to-text providersAudio transcriptionaudio, transcript hypotheses, finalized transcript text
Text-to-speech providersGenerated speech outputgenerated Rithmo speech text, generated audio
AI model providersSummarization, extraction, classification, facilitation, recommendationsfeature-specific prompts, bounded transcript excerpts, agenda context, derived meeting data
Embedding providersSemantic matching and retrievaltext inputs or derived context used for matching
Calendar providersCalendar sync and meeting contextOAuth tokens, event metadata, attendees, organizer, times
Messaging and email providersNotifications and workflow deliveryrecipient metadata, message content, delivery metadata
Hosting, storage, database, cache, and queue providersService operation and persistenceapplication data, object payloads, operational metadata
Monitoring and security providersReliability, performance, and security monitoringsystem telemetry, security events, error metadata

Rithmo maintains subprocessor disclosures that identify providers, processing purposes, and data categories applicable to the Rithmo service.

15. Access Control and Privileged Access

Rithmo uses a layered access model.

15.1 Standard Users and Meeting Participants

Standard users and meeting participants may access only the meetings, outputs, and workflows authorized by the customer’s configuration and their role.

15.2 Customer Administrators

Customer administrators may have broader visibility within their own organization, including settings, integrations, reporting, analytics, retention controls, and meeting history, depending on the customer’s configuration.

15.3 Rithmo Operational Access

Rithmo operational access to customer content is restricted to authorized personnel with a legitimate business, support, security, or legal need. Operational access is governed by least privilege, access controls, and auditability.

Customers should not assume that all Rithmo personnel have broad default access to sensitive meeting data.

16. Encryption and Secret Handling

Rithmo uses technical safeguards to protect customer data in transit, at rest, and during integration workflows.

16.1 Encryption in Transit

Rithmo uses HTTPS/TLS-based communications for user-facing application traffic and external provider connections.

16.2 Encryption at Rest

Rithmo uses storage-layer encryption for databases, object storage, backups, and infrastructure services where applicable, and application-layer encryption for selected high-sensitivity data classes.

16.3 Application-Layer Encryption

Application-layer encryption may be used for high-sensitivity data such as:

  • calendar integration tokens;
  • meeting-platform OAuth tokens;
  • internal agenda content;
  • document artifacts;
  • uploaded meeting attachments;
  • generated document briefs; and
  • other high-sensitivity content.

16.4 Credential and Token Protection

OAuth tokens, session secrets, API keys, and integration credentials are protected through encryption, hashing, limited access, and secure storage practices appropriate to the credential type.

17. Logging, Auditability, and Replay

Rithmo uses structured logging and audit-oriented architecture to support reliability, security, troubleshooting, customer diligence, and incident response.

Operational logs are designed to capture information such as:

  • request identifiers;
  • customer, organization, team, or meeting scope;
  • task type;
  • provider and model information;
  • latency;
  • token count where applicable;
  • success or failure state;
  • fallback usage;
  • feature flag state;
  • redaction status where applicable;
  • retention mode where available; and
  • policy or guardrail outcome.

Rithmo does not store raw transcripts, raw documents, full prompts, or full model responses in routine operational logs. Any elevated debugging or support workflow involving sensitive content is access-controlled, time-limited, and governed by support, security, and customer-authorization controls.

18. Retention and Deletion

Rithmo’s retention model distinguishes between raw meeting content and longer-lived customer value.

Data typeRetention posture
Raw audio and transcript contentRetained only as long as needed for enabled features, transcript-derived processing, customer workflows, legal obligations, security, and customer-configured retention.
Transcript objectsRetained for limited periods aligned to transcript-derived processing and customer configuration.
Meeting summaries and outputsRetained according to customer settings, meeting history features, contractual terms, and account lifecycle.
Derived analytics and scorecardsRetained as needed to support reporting, trend analysis, and product continuity.
Customer-scoped learning recordsRetained as needed to preserve customer-specific meeting intelligence and recommendations.
Integration credentialsRetained only as needed for the connected integration.
Logs and audit recordsRetained for security, reliability, debugging, compliance, and audit purposes for limited periods.
BackupsDeleted according to backup rotation and legal retention practices.

Upon customer termination or verified deletion request, Rithmo deletes or returns customer data according to the applicable customer agreement, legal obligations, product capabilities, and backup deletion cycles.

19. Security Monitoring and Incident Response

Rithmo’s security model supports a structured incident response lifecycle:

  1. Detect and triage suspected security events.
  2. Investigate using audit trails, logs, provider telemetry, and system metadata.
  3. Contain affected systems, credentials, integrations, or workflows.
  4. Remediate the issue and validate corrective action.
  5. Communicate with affected customers where required by contract, law, or incident severity.
  6. Improve controls based on lessons learned.

Incident notification timelines and contractual commitments are governed by the applicable customer agreement or Data Processing Addendum.

20. Customer Diligence Materials

Rithmo supports enterprise diligence through a set of customer-facing security and privacy materials, which may include:

  • Privacy Policy;
  • Data Processing Addendum;
  • subprocessor list;
  • AI processing summary;
  • retention summary;
  • security architecture overview;
  • incident response summary;
  • access control and privileged access summary;
  • encryption and key management overview;
  • vendor data protection commitments;
  • data residency and hosting information where applicable; and
  • security assessment materials where available.

These materials are intended to help customers evaluate Rithmo’s data protection posture without relying on broad marketing claims.

21. Conclusion

Rithmo helps organizations use AI to improve meeting governance while preserving control over sensitive meeting data.

The platform’s security and privacy posture is based on:

  • controlled live meeting runtime paths;
  • separation between live execution and post-meeting learning;
  • customer-scoped analytics and recommendations;
  • AI processing through defined provider pathways;
  • transcript and document minimization;
  • no general-purpose AI training on customer meeting content;
  • tenant isolation;
  • customer controls;
  • retention and deletion practices; and
  • auditability.

Rithmo’s goal is to make AI-assisted meeting governance practical for enterprise customers by ensuring that AI use is transparent, purpose-limited, contractually governed, minimized, and customer-scoped.

Appendix A: AI Feature Processing Summary

FeatureData usedExternal provider involvementPrimary protection
Meeting transcriptionaudio, speaker labels, transcript eventsmeeting bot and speech providerscustomer enablement, provider controls, retention limits
Summaries and recapsbounded transcript context, agenda context, meeting metadataAI provider where enabledminimization, no-training terms, customer controls
Decisions and action itemstranscript excerpts and evidence referencesAI provider where enabledspeaker pseudonymization, local rehydration, bounded context
Live facilitationrolling transcript window, agenda state, policy signalsAI provider where enabledbounded context, guardrails, identifier minimization
Agenda assistantuser-provided agenda text and meeting metadataAI provider where enabledminimization and customer controls
Document intelligenceuploaded documents, extracted text, generated briefsAI provider where enabledexplicit enablement, access controls, retention controls
Embeddings and semantic similaritytext inputs or derived contextembedding provider where enabledtenant-scoped retrieval and content minimization
Text-to-speechgenerated Rithmo speech textTTS provider where enabledgenerated-text controls and speech sanitization
Recommendationsprofiles, signatures, semantic summaries, configuration keysAI provider where enabledcustomer-scoped data and no cross-customer pooling
Outcome evaluationapplied configuration, attribution, outcomesAI provider where enabledstructured metrics preferred over raw narrative content

Appendix B: Subprocessor Category Summary

Provider categoryPurposeExample data categories
Meeting platformIn-meeting application, meeting lifecycle, OAuth, moderation supportmeeting metadata, participant metadata, meeting state
Meeting bot providerBot lifecycle and transcript ingestionmeeting join data, bot identifiers, speaker labels, transcript events
Speech providerSpeech-to-text and text-to-speechaudio, transcript text, generated speech text/audio
AI model providerInference, embeddings, facilitation, summaries, extraction, recommendationsfeature inputs, bounded transcript excerpts, generated outputs
Calendar providerCalendar sync and meeting contextOAuth tokens, event metadata, attendees, organizer, times
Messaging/email providerNotifications and workflow deliveryrecipient metadata, message content, delivery metadata
Object storage providerTranscript objects, attachments, generated artifactsobject keys and stored payloads
Hosting/database/cache/queue providersApplication operationapplication data and operational metadata
Monitoring/security providersReliability and security monitoringsystem telemetry, error metadata, security events

Need the Full Security Package?

Request the DPA, subprocessor list, AI processing summary, and security architecture overview for your procurement review.

Request Documentation