MS
MinuteSmith
SecurityPrivacyHow Ask AI Works

Trust Center

Last updated: May 8, 2026 · Operator: JES Ventures LLC · Service: minutesmith.com

This document is the single procurement-grade reference for MinuteSmith. It exists for board presidents, governance attorneys, IT directors, and security reviewers who need to evaluate the product without reading every page on the website. It deliberately documents what is in place today and what is not.

1. How MinuteSmith Works

MinuteSmith is an AI-assisted meeting-minutes service for HOA, condo, and nonprofit boards. Operators upload or record meetings, the service transcribes them, generates draft minutes, supports a structured review-and-approve workflow, and stores the approved record alongside related documents and action items.

The service is operated by JES Ventures LLC, a US limited liability company. The application is hosted on Railway. Data and authentication run on Supabase (managed Postgres + object storage). AI providers are Anthropic(Claude API) and OpenAI (Whisper transcription, text-embedding-3-small for retrieval).

2. How Ask AI Works

Ask AI is a retrieval-augmented generation (RAG) feature. It does not query a general AI with the user's question alone — it searches the user's own meeting history first, then asks Claude to synthesize an answer using only that context.

Ask AI architecture

Every Ask AI query follows the same path. Two boundary layers — the database-level board filter (step 2) and the limited-context payload (step 4) — sit between your data and the AI vendor.

  1. 1

    User asks a question

    Sent over HTTPS to MinuteSmith.

  2. 2

    Board access enforced

    SQL filter inside the database — not just app code — restricts retrieval to your boards.

  3. 3

    Relevant excerpts retrieved

    Vector search across pre-computed embeddings of your meeting history.

  4. 4

    Limited context to AI vendor

    Question + relevant excerpts only — never your entire archive.

  5. 5

    Answer generated

    Anthropic Claude synthesizes a response. Citations included.

  6. 6

    User reviews cited answer

    Each part of the answer links back to its source meeting.

What leaves MinuteSmith: the question text (steps 1, 4) and the retrieved excerpts (step 4) — sent to Anthropic and OpenAI under commercial API terms (no model training; up to 30-day vendor retention). What stays: the rest of your archive, including any meetings the retrieval step did not select.

Detailed step-by-step explanation: /how-ask-ai-works.

3. What Leaves MinuteSmith

SurfaceVendorWhat is sent
Audio transcriptionOpenAI WhisperAudio file (one-shot at upload time)
Minute generationAnthropic (Claude)Transcript + raw notes (one-shot per meeting)
Embedding indexingOpenAIMeeting text chunks (one-shot per meeting)
Ask AI questionOpenAIQuestion text only (per query)
Ask AI answer generationAnthropic (Claude)Question + relevant excerpts (per query)
Email deliveryResendRecipient address + email body
SMS notifications (opt-in)TwilioRecipient phone + message body
Payment processingStripeCard data (handled by Stripe; never stored by us)

4. What Stays Inside MinuteSmith

  • Customer accounts, board configurations, member rosters, and billing state.
  • Approved minutes, raw transcripts, raw notes, agenda content, action items, and motions.
  • Meeting recordings and uploaded board documents (in encrypted-at-rest object storage with no public URLs).
  • Embeddings (numeric vectors) for retrieval. Stored in Postgres with the same board-scope rules.
  • Audit logs for sensitive actions (document downloads, exports, member changes).

5. Board-Scoped Retrieval and Isolation

Cross-board isolation is enforced at two layers:

  • Application layer: server-side route handlers fetch the requesting user's board memberships and pass only those board IDs to the search function.
  • Database layer: the match_meeting_chunks database function is SECURITY DEFINER and contains a SQL-level board_id = ANY(board_ids) filter. Even if application code passed wrong board IDs, the database would refuse.
  • Postgres Row-Level Security policies are enabled on every customer-data table.
  • No customer's content is used as system-prompt context for another customer's request.

6. AI Vendor Data Handling

Both Anthropic and OpenAI provide commercial API agreements under which submitted data is not used to train their models. Both vendors retain submitted data for up to 30 days for trust-and-safety review. MinuteSmith is not currently on either vendor's zero-data-retention enterprise plan.

7. Data Ownership

Customer board content (recordings, transcripts, minutes, action items, documents, embeddings derived from those) belongs to the customer. JES Ventures LLC processes this content to provide the service and does not use it to train any model, sell or rent it to third parties, or use it for marketing other products.

8. Privacy Protections

  • HTTPS / TLS for all browser ↔ server traffic.
  • Encryption at rest for database and object storage (provider-managed).
  • Per-board signed download URLs capped at one hour. No public file URLs anywhere.
  • Production logs do not contain prompt bodies, transcripts, signed URLs, or session tokens.
  • Optional prompt-redaction layer (off by default) that can strip emails, phone numbers, SSNs, payment-card patterns, and bank/routing identifiers from prompts before vendor calls.
  • Centralized member-name display policy. Boards may opt into a short-form display ("Dan W.") with surnames stored separately for legal/audit use only.

9. Security Controls

  • Authentication via Supabase Auth (email + password / magic link). Session invalidation on credential change.
  • Postgres Row-Level Security on every customer table.
  • Principle of least privilege for service-role access.
  • Cron jobs authenticate via shared secret and fail closed in production if misconfigured.
  • Audit logging for sensitive actions (document downloads, exports, member changes).
  • Strict Content Security Policy with a tighter Report-Only variant in observation mode.
  • HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, COOP/CORP, Permissions-Policy.

10. Current Limitations (honest)

  • The AI redaction layer is currently disabled by default (ENABLE_AI_REDACTION=false). Operators may enable it; we document this as-is.
  • Transcript-level encryption migration is scaffolded but not yet operationally active.
  • Retention policies may be configured per board; the deletion executor is not running automatically in all environments. Confirm operator configuration before relying on retention windows.
  • AI-generated answers can be incorrect. Citations always link back to the source meetings; verify before relying on Ask AI for legal, financial, or compliance decisions.
  • MinuteSmith has not undergone a third-party penetration test.

11. What MinuteSmith Does Not Claim

  • No SOC 2, ISO 27001, FedRAMP, or HIPAA certification. No HIPAA Business Associate Agreement.
  • No end-to-end encryption. AI processing requires server-side decryption.
  • No external penetration test on file.
  • No zero-data-retention enterprise SKU with AI vendors. The 30-day vendor trust-and-safety retention window applies.
  • No claim that AI cannot make mistakes. AI hallucination is a real risk; we mitigate but do not eliminate it.
  • No claim that "nothing leaves MinuteSmith." Vendor APIs (Anthropic, OpenAI, Resend, Twilio, Stripe) process specific data described in section 3.

12. FAQ

Will my board's data be used to train AI models?

No. Both Anthropic and OpenAI commercial API terms exclude API data from model training. Vendor 30-day trust-and-safety retention still applies.

Can other boards see our content via Ask AI?

No. Board isolation is enforced at the database level via a SQL filter inside the search function, in addition to application-layer checks.

Can MinuteSmith staff read our meeting content?

Operators with service-role database access can technically read customer content; we follow least-privilege practice and log sensitive actions. There is no end-to-end encryption — the service requires server-side access to content to function.

Where are recordings and documents stored?

In Supabase-managed object storage with encryption at rest. All download URLs are short-lived signed links (max one hour). No public URLs exist.

What happens if we delete our account?

Account data is soft-deleted for a recovery window, then permanently removed. Board content is retained until you delete it; retention windows may be configured per board.

Do you offer a HIPAA Business Associate Agreement?

No, not currently. MinuteSmith is not a HIPAA-covered service. If your board handles PHI, we recommend evaluating whether the product is appropriate for your use case.

Can we turn off Ask AI for our board?

Ask AI access is gated by subscription plan today. Per-board disable controls are on the roadmap; contact us if this is a procurement requirement.

Contact

Security questions: [email protected]
Privacy questions: [email protected]
Vulnerability disclosure: [email protected] (see /security for guidelines)

This document supersedes nothing in Terms of Service orPrivacy Policy; in case of conflict, those documents control.