Effective: April 25, 2026 Contact: hello@meetingrecovery.com

Summary

Meeting Recovery is a local-first macOS app. Your calendar, meeting history, and recovery sessions live on your Mac in a SwiftData database. We don't run a server that holds your data. We have no user accounts. We don't record meetings, capture audio, or transmit calendar contents anywhere.

If you opt in to anonymous usage telemetry — off by default — the app sends typed event counts to TelemetryDeck. No titles, no notes, no personal content.

What stays on your Mac

Everything by default:

• Watched calendar identifiers and the qualified meetings derived from them
• Recovery sessions you started, completed, snoozed, or skipped
• Follow-up notes you captured
• Context bookmarks (the app you came from when a recovery started)
• Settings — modes, rules, Auto-Reserve configuration, focus-after-recovery preference, scheduled cadence
• Diagnostics ring buffer (recent app events, used for in-app troubleshooting)

You can see exactly what's stored under Privacy → Current data footprint, export it as a JSON support package, or delete everything with one click.

Permissions

Each macOS permission is requested only when a feature you choose needs it. None are required to install or open the app.

Calendar. Read access is used to identify candidate meetings on calendars you explicitly enable. Write access is used only when you opt in to Auto-Reserve and pick a target calendar — the app writes short focus blocks to that single calendar and never to others.

Notifications. Local notifications for recovery prompts, the optional weekly digest, and reminder lead-times. No remote push.

Reminders. Used only when you save a follow-up to Apple Reminders via the one-click handoff in the recovery completion flow.

Microphone. Activity-detection only. The app checks whether the microphone is in use to suppress prompts during ad-hoc calls and to mark a calendar meeting as ended early. Audio is never recorded, sampled, or transmitted. Requested only when you enable "Detect calls and sharing" or microphone-based early-end detection.

Camera. Activity-detection only. The app checks whether the camera is in use to suppress prompts during ad-hoc calls. Video is never captured. Requested only when you enable "Detect calls and sharing".

Accessibility. Optional, and never requested on first launch. Used only to enrich context bookmarks with the active window's title so the app can name the workspace it returns you to.

Optional anonymous telemetry

A toggle under Privacy → Anonymous usage telemetry is off by default. When you turn it on, the app sends typed event counts to TelemetryDeck, an anonymous, GDPR-aware analytics provider that doesn't use IDFA, doesn't store IP addresses, and doesn't link signals to user identity.

Events sent — full list, each carries only counts or enum values:

• app.first_launch — once, ever, on first run
• onboarding.started, onboarding.step_completed, onboarding.completed
• recovery.started, recovery.completed, recovery.skipped — with a typed source enum (automatic, manualQuickReset, hotkey, intent, menuBar, sample, preview, scheduledCadence)
• menu_bar.opened, hotkey.triggered, intent.invoked
• digest.scheduled, digest.opened
• recovery.gate_blockage — typed reason for why a prompt was suppressed
• auto_reserve.placed, auto_reserve.honored, auto_reserve.moved, auto_reserve.deleted, auto_reserve.write_failed, auto_reserve.suppressed, auto_reserve.cancelled

No event carries meeting titles, notes, calendar identifiers, app names, window titles, or any user-typed text.

You can review the live snapshot of what your device has captured under Privacy → Anonymous usage telemetry → Current snapshot. Turning the toggle off stops further sends; aggregated counts already received by TelemetryDeck cannot be retrieved or deleted on a per-device basis because TelemetryDeck does not retain device-level identifiers.

Website analytics (meetingrecovery.com)

The marketing website at meetingrecovery.com uses Vercel Web Analytics to count anonymous page views. Vercel Web Analytics does not set cookies, does not use IDFA / fingerprinting / cross-site identifiers, and does not retain IP addresses beyond the transient request. We see aggregate page-view counts and high-level browser / country breakdowns; we do not see individual visitors. The website analytics surface is independent of the macOS app — the in-app TelemetryDeck toggle does not control it, and turning the in-app toggle off has no effect on whether the website counts your visit. Vercel's privacy terms apply to that data: https://vercel.com/legal/privacy-policy.

Data we do not collect

• Account credentials, email addresses, phone numbers
• Meeting recordings, audio, or video of any kind
• Calendar event titles, descriptions, attendee lists, or organiser identities — these stay in EventKit on your device
• Browsing history or app usage outside Meeting Recovery's own surfaces
• Location, contacts, photos, health data
• Advertising or marketing identifiers; no IDFA

Sharing

We don't sell your data. We don't share your data with third parties. The only outbound network connection the app makes is the optional, opt-in TelemetryDeck endpoint described above; everything else stays on device.

Retention

Local history is kept until you delete it. The retention compaction window in app settings controls automatic pruning of old records (default 90 days). Telemetry events kept by TelemetryDeck — when opted in — are aggregated and retained per their privacy policy at https://telemetrydeck.com/privacy.

Children

Rated 4+. The app is designed for adults whose work involves meetings. We do not knowingly direct the app at children under 13 and we do not collect data that would identify children.

Changes to this policy

If this policy changes, the change is dated at the top of this page. Material changes are also called out in the app's "What's New" release notes. Continued use after a change means you accept the updated policy.

Contact

hello@meetingrecovery.com