Skip to main content

Privacy notice

Who we are

Minute is provided by the Incubator for Artificial Intelligence (i.AI), part of the Government Digital Service in the Department for Science, Innovation and Technology (DSIT).

Minute is hosted by DSIT and made available to civil servants across government departments as a service. DSIT is the data controller for Minute.

What Minute does

Minute is a tool for civil servants. You upload an audio recording of a meeting, Minute transcribes it and produces a structured summary in a chosen meeting-minutes format. You can then review, edit and download the transcript and the minutes.

What personal data we collect

The personal data we collect when you use Minute includes:

  • your name, work email address and the government department or organisation you work for, when you sign in to the service
  • your name and email address if you send us feedback or take part in user research
  • records of the audio files you upload, the transcripts and minutes that are produced, and the actions you take in the service, linked to your account

Personal data within the recordings you upload

When you upload an audio recording of a meeting, the recording is likely to contain personal data about the people in the meeting. This includes:

  • their voices
  • anything they say, including their names, opinions, and any other personal information they share during the meeting
  • in some cases, the voices and information of people who are not civil servants - for example, suppliers, contractors, external advisers or other meeting participants

These people are data subjects under UK data protection law. DSIT processes this personal data only for the purpose of producing a transcript and meeting minutes for you, and only for as long as the retention policy set by your organisation requires.

Why we need your personal data

We collect your personal data to:

  • give you access to Minute and authenticate you
  • provide the transcription and minute-generation service you have asked us to perform
  • contact you about the recordings you have uploaded
  • respond to feedback you send us, if you have asked us to
  • carry out user research, with your consent, to improve Minute
  • monitor and improve the service, including measuring usage and identifying issues

Why our use of your personal data is lawful

The legal basis for processing all personal data - both data about you and personal data within the audio recordings you upload - is that it is necessary:

  • to perform a task in the public interest
  • in the exercise of our functions as a government department

How Minute uses AI

Minute uses two kinds of AI to process your recordings:

  • Automatic speech-to-text, to convert the audio into a written transcript
  • Large language models, to turn the transcript into structured meeting minutes in a chosen format

Minute does not make automated decisions about individuals that produce legal or similarly significant effects. The minutes Minute produces are reviewed by you before they are saved or shared.

Audio recordings, transcripts, and minutes are not used to train any AI models.

Third parties who process data for us

We use the following processors to deliver Minute:

  • Microsoft (Azure Speech-to-Text) - to perform speech-to-text transcription of audio you upload
  • ElevenLabs Speech-to-text
  • Google (Gemini API via Google Cloud `[CONFIRM: Vertex AI / region]`) - to generate structured meeting minutes from transcripts

Hosting provider: AWS UK region

Each of these is bound by a contract that requires them to keep your data secure and to process it only on our instructions.

Information for people whose voices are in recordings uploaded to Minute

If you are not a Minute user but your voice has been recorded in a meeting that a civil servant has uploaded to Minute, your personal data is being processed by DSIT as described in this notice.

The civil servant who organised the meeting is responsible for telling you that the meeting was recorded and that the recording will be processed by Minute, including by AI services. You should expect to be told this at the start of the meeting, or beforehand.

You have the same data protection rights as any other data subject. See "Your data protection rights" below, or contact the DSIT data protection team using the details at the end of this notice.

Sensitivity and acceptable use

Minute is approved for processing information classified up to OFFICIAL-SENSITIVE.

You must not upload to Minute:

  • recordings classified above OFFICIAL-SENSITIVE
  • recordings of meetings whose primary purpose is to discuss special category data (such as health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, or data concerning a person's sex life or sexual orientation) or criminal offence data, unless you have a documented lawful basis under Articles 9 or 10 UK GDPR and your department has agreed to this use

How long we keep your personal data

Retention of audio recordings, transcripts and minutes is configurable. Your organisation sets a retention policy when it onboards Minute, and you can configure your own retention within the limits your organisation has set. When the retention period expires, recordings, transcripts and minutes are deleted automatically.

Other data we hold is kept as follows:

  • account data - for as long as your account is active, and for 12 months after it is deactivated
  • feedback and user research data - for as long as needed for the purposes of research and improvement of the service.
  • service usage logs - for 12 months.

How we use your personal data

The personal data we collect may be shared with other government departments, agencies and public bodies where necessary - for example, where another department needs information to perform its functions. It may also be shared with our technology suppliers as described above.

We will share your personal data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.

We will not:

  • sell or rent your personal data to third parties
  • share your personal data with third parties for marketing purposes
  • use your personal data, your recordings, transcripts or minutes to train AI models

Where your personal data is processed and stored

We design, build and run our systems to make sure that your personal data is as safe as possible at all stages, both while it is processed and when it is stored.

All personal data is stored in the United Kingdom or the European Economic Area (EEA).

How we protect your personal data and keep it secure

We are committed to doing all that we can to keep your personal data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your personal data - for example, we protect your personal data using varying levels of encryption, both in transit and at rest.

Access to recordings, transcripts and minutes is restricted to you and to others within your organisation that you have explicitly shared them with.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure. Minute is subject to security assessment and follows the Secure by Design approach.

Children's privacy protection

Minute is a tool for civil servants and is not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain personal data about anyone under the age of 13. If a recording you upload happens to contain the voice of a child - for example, in the background of a meeting recorded from home - we process that data only for the purpose of producing the transcript and minutes, and only for as long as your retention policy allows.

Your data protection rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, contact the DSIT data protection team using the details below.

Contact us or make a complaint

DSIT Data Protection Officer

data.protection@dsit.gov.uk

Department for Science, Innovation and Technology
100 Parliament Street
London
SW1A 2BQ

You can also make a complaint to the independent regulator, the Information Commissioner's Office (ICO), at https://ico.org.uk/make-a-complaint/.

Keeping our privacy notice up to date

We may change this privacy notice. Any changes will apply to you and your personal data immediately. You should regularly review this notice.

This notice was last updated on 17/06/2026