← Back to Trust Center

Security & Privacy Overview

MinuteSmith

Last updated: May 9, 2026 · Operator: JES Ventures LLC · Service: minutesmith.com

This document is the procurement-grade condensed reference for MinuteSmith’s architecture, AI handling, security controls, and current limitations. It exists to be forwarded to a board attorney, IT director, or security reviewer who needs a single artifact for their files.

1. What MinuteSmith is

AI-assisted meeting-minutes service for HOA, condo, and nonprofit boards. Operators upload or record meetings, the service transcribes and generates draft minutes, supports a structured review-and-approve workflow, and stores the approved record alongside related documents and action items. Hosted on Railway. Data and authentication run on Supabase (managed Postgres + object storage). AI providers are Anthropic (Claude) and OpenAI (Whisper transcription, text-embedding-3-small for retrieval).

2. Ask AI architecture

Ask AI is a retrieval-augmented generation pipeline. It does not query a general AI with the user’s question alone — it searches the user’s own meeting history first, then asks Claude to synthesize an answer using only that context.

Ask AI architecture

Every Ask AI query follows the same path. Two boundary layers — the database-level board filter (step 2) and the limited-context payload (step 4) — sit between your data and the AI vendor.

  1. 1

    User asks a question

    Sent over HTTPS to MinuteSmith.

  2. 2

    Board access enforced

    SQL filter inside the database — not just app code — restricts retrieval to your boards.

  3. 3

    Relevant excerpts retrieved

    Vector search across pre-computed embeddings of your meeting history.

  4. 4

    Limited context to AI vendor

    Question + relevant excerpts only — never your entire archive.

  5. 5

    Answer generated

    Anthropic Claude synthesizes a response. Citations included.

  6. 6

    User reviews cited answer

    Each part of the answer links back to its source meeting.

What leaves MinuteSmith: the question text (steps 1, 4) and the retrieved excerpts (step 4) — sent to Anthropic and OpenAI under commercial API terms (no model training; up to 30-day vendor retention). What stays: the rest of your archive, including any meetings the retrieval step did not select.

3. What leaves MinuteSmith

SurfaceVendorSent
Audio transcriptionOpenAI WhisperAudio file (one-shot at upload)
Minute generationAnthropic (Claude)Transcript + raw notes (one-shot per meeting)
Embedding indexingOpenAIMeeting text chunks (one-shot per meeting)
Ask AI questionOpenAIQuestion text only (per query)
Ask AI answer generationAnthropic (Claude)Question + relevant excerpts (per query)
Email deliveryResendRecipient address + email body
SMS notifications (opt-in)TwilioRecipient phone + message body
Payment processingStripeCard data (Stripe-handled; never stored by us)

4. AI vendor data handling

Both Anthropic and OpenAI provide commercial API agreements under which submitted data is not used to train their models. Both vendors retain submitted data for up to 30 days for trust-and-safety review. MinuteSmith is notcurrently on either vendor’s zero-data-retention enterprise plan. References:

5. Board-scoped retrieval

Cross-board isolation is enforced at two layers. Application layer:server-side route handlers fetch the requesting user’s board memberships and pass only those board IDs to the search function. Database layer: the match_meeting_chunksdatabase function is SECURITY DEFINER and contains a SQL-level board_id = ANY(board_ids) filter. Even if application code passed wrong board IDs, the database would refuse. Postgres Row-Level Security policies are enabled on every customer-data table.

6. Security controls

  • HTTPS/TLS for all browser ↔ server traffic; HSTS preload-eligible.
  • Encryption at rest for database and object storage (provider-managed).
  • Per-board signed download URLs capped at one hour. No public file URLs anywhere.
  • Postgres RLS on every customer table; principle of least privilege for service-role access.
  • Cron jobs authenticate via shared secret and fail closed in production.
  • Audit logging for sensitive actions (document downloads, exports, member changes).
  • Strict Content Security Policy with a tighter Report-Only variant in observation mode.
  • Browser hardening: X-Frame-Options DENY, X-Content-Type-Options nosniff, COOP/CORP, Permissions-Policy.
  • Production logs do not contain prompt bodies, transcripts, signed URLs, or session tokens.
  • Optional prompt-redaction layer (off by default) that can strip emails, phone numbers, SSNs, and payment-card patterns from prompts before vendor calls.

7. Current limitations (honest)

  • The AI prompt-redaction layer is currently disabled by default (operator-toggle).
  • Transcript-level encryption migration is scaffolded but not yet operationally active.
  • Retention policies may be configured per board; the deletion executor is not running automatically in all environments. Operators should confirm their deployment’s retention behavior before relying on it.
  • AI-generated answers can be incorrect. Citations always link back to the source meetings; verify before relying on Ask AI for legal, financial, or compliance decisions.
  • MinuteSmith has not undergone a third-party penetration test.

8. What MinuteSmith does not claim

  • No SOC 2, ISO 27001, FedRAMP, or HIPAA certification. No HIPAA Business Associate Agreement.
  • No end-to-end encryption. AI processing requires server-side decryption.
  • No external penetration test on file.
  • No zero-data-retention enterprise SKU with AI vendors. The 30-day vendor trust-and-safety retention window applies.
  • No claim that AI cannot make mistakes. Hallucination is a real risk; we mitigate but do not eliminate it.
  • No claim that “nothing leaves MinuteSmith.” Vendor APIs (section 3) process specific data described above.

9. Contact

Security questions: [email protected] · Privacy questions: [email protected] · Vulnerability disclosure: [email protected]. For implementation questions or a procurement review, use the contact form at minutesmith.com/contact?topic=security.

This document does not supersede the Privacy Policy or Terms of Service; in case of conflict those documents control. Live versions: minutesmith.com/privacy, minutesmith.com/terms, minutesmith.com/trust-center.