Parivox

1

Introduction

Asparagus Works, Inc. (doing business as "Parivox," "we," "us," or "our") operates the Parivox video conferencing platform at parivox.net and rooms.parivox.net (collectively, the "Service"). This Privacy Policy describes how we collect, use, and share personal information when you access or use the Service during our closed beta program.

This policy is a simplified disclosure appropriate for a limited, invite-only beta. We will publish a comprehensive privacy policy before any general-availability release.

2

Who This Policy Covers

The Service supports several classes of users:

Visitors: Unauthenticated visitors who browse parivox.net.
Users: Authenticated individuals who sign in via Google, host meeting rooms, manage avatars, and invite guests.
Guests: Unauthenticated individuals who join a meeting room at the invitation of a host.
Developers: Authenticated individuals with all user privileges who can also create embeddable widgets and submit agents to the agent marketplace.
Admins: Authenticated individuals with all developer privileges who can also manage the agent marketplace and closed-beta user roster.

3

Information We Collect

3.1 Account and Identity Data

When you sign in with Google, we receive and store your name, email address, and profile picture URL. We assign you a role (user, developer, or admin) based on an internal access-control list. If you sign in but are not yet authorized, we store your email address and the date you requested waiting-list access.

3.2 Meeting and Room Data

When you create or schedule a meeting, we store room metadata including the room title, description, start and end times, guest email addresses, selected agents, and host identity. For ad hoc rooms, we generate a short-lived handoff token containing room and host identifiers.

3.3 Transcript and Speech Data

Meetings may include real-time transcription. Transcript text, speaker names, and timestamps are visible to participants during the meeting and may be downloaded locally. For scheduled rooms, transcript data may be retained server-side and accessible to the room host.

3.4 Audio, Video, and Device Data

The Service transmits live audio and video through LiveKit's real-time infrastructure. We do not record or store raw audio or video on our servers. Your browser may locally store your preferred microphone, camera, and video-background settings.

3.5 Files Shared in Meetings

Participants may upload files during a meeting. Uploaded files are stored temporarily in Amazon S3 and are generally deleted when the meeting ends, except for retained transcript artifacts associated with scheduled rooms.

3.6 AI Agent Interaction Data

When AI agents are active in a meeting, participant speech may be processed by third-party speech-to-text, language-model, text-to-speech, and avatar providers. The specific providers used depend on agent configuration and may include Deepgram, OpenAI, Anthropic, Google, ElevenLabs, Cartesia, Simli, and Tavus. We do not control these providers' data-handling practices, and their respective privacy policies apply to any data they process.

3.7 Widget and Embedded Session Data

Developers may create embeddable widgets that allow third-party websites to launch meeting sessions. When a visitor uses an embedded widget, we collect the visitor's display name, the referring website origin, and any contextual parameters passed by the embedding site. We store aggregate session analytics (session count, average duration, handoff rate) with a 90-day retention period.

3.8 Human Escalation Data

If a meeting includes a human-escalation request, we temporarily store the handoff reason, summary, contact information, and a join link. This data is retained for approximately 2 hours and may be transmitted to the escalation contact via SMS (Twilio) or email (Amazon SES).

3.9 Cookies and Local Storage

We do not use advertising cookies or third-party tracking technologies.

Authentication cookies: Session, CSRF, and callback cookies set by our authentication system on the .parivox.net domain. These are strictly necessary for the Service to function.
Convenience cookie: A "parivox-has-account" cookie that adjusts the landing page call-to-action for returning users.
Local storage: UX preferences such as default room names, display names, device selections, and dismissed help dialogs. An early-access password may also be stored locally.

3.10 User-Uploaded Images

Authenticated users may upload a profile image and a video background image. Original images are stored in a private S3 bucket; optimized versions are stored on our CDN and may be accessible by URL.

3.11 Developer Credentials

Developers and admins may store custom LiveKit and third-party provider API credentials in their account settings. These secrets are encrypted at rest using AES-256-GCM before being written to our database. The Service never displays full credentials in the user interface.

4

How We Use Information

We use the information described above for the following purposes:

To authenticate you and manage access to the closed beta.
To create, manage, and operate meeting rooms and scheduled sessions.
To facilitate real-time communication, transcription, and AI agent interactions.
To deliver guest invitation emails and human-escalation notifications.
To maintain and improve the Service during the beta period.
To enforce our terms of service and protect the security of the Service.

5

We share personal information only in the following circumstances:

Infrastructure providers: We use Amazon Web Services (S3, DynamoDB, SES, CloudFront, Elastic Beanstalk) to host and operate the Service. AWS processes data on our behalf as a service provider.
LiveKit: Real-time audio, video, and participant identity data are processed through LiveKit's infrastructure.
AI and media providers: When AI agents or transcription services are active, meeting audio and text may be sent to providers such as Deepgram, OpenAI, Anthropic, Google, ElevenLabs, Cartesia, Simli, and Tavus, depending on agent configuration.
Communication providers: Amazon SES delivers invitation and notification emails. Twilio delivers SMS notifications for human-escalation requests.
Google: We use Google OAuth for authentication. Google receives standard OAuth protocol data when you sign in.

We do not sell personal information. We do not share personal information with advertisers.

6

Data Retention

We retain data as follows:

Account settings: Retained for the duration of the beta unless you request deletion.
Meeting room records: Automatically deleted approximately 90 days after the meeting end date.
Meeting files: Deleted when the meeting ends, except retained transcript artifacts.
Retained transcripts: Stored for the lifetime of the associated room record (up to 90 days) and accessible only to the room host.
Human-escalation records: Deleted approximately 2 hours after creation.
Widget analytics: Deleted approximately 90 days after the session.
Application logs: Retained for 14 days.

7

Data Security

We implement reasonable security measures including encryption in transit (TLS 1.2+), server-side encryption at rest for stored files and databases, AES-256-GCM encryption for stored provider credentials, signed and time-limited tokens for meeting access and file transfers, and role-based access controls. No system is completely secure, and we cannot guarantee the absolute security of your information.

8

How We Protect LiveKit SDK Keys

If you choose to store your own LiveKit Cloud configuration in account settings, we submit those values through authenticated account-settings requests and validate the format before saving them.

After a LiveKit API secret is saved, the Service does not send the full secret back to the browser. The settings interface may show a reduced preview of the saved LiveKit URL or API key so you can identify which configuration is on file, but it does not reveal the full credential values.

Stored provider credentials, including LiveKit credentials, are encrypted before being written to persistent storage and are protected in transit using TLS. We describe these measures at a high level here and intentionally do not publish operational details that would make targeted abuse easier.

9

Your Choices

Account deletion: Contact us at support@parivox.net to request deletion of your account and associated data.
Transcript control: Hosts can stop the transcript service during a meeting and can delete scheduled rooms (which also deletes retained transcripts).
Local storage: You can clear browser local storage and cookies at any time through your browser settings.
Camera and microphone: You control browser permissions for camera and microphone access.

10

Children

The Service is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it.

11

Changes to This Policy

We may update this policy from time to time. We will notify closed-beta participants of material changes by email. A comprehensive privacy policy will be published before the Service becomes generally available.

12

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Parivox, Inc.

support@parivox.net