Garba
CustomersPricing
EnglishSvenska
Legal

Effective 29 April 2026 · Version 1.0

1. Introduction

This AI Policy explains how Garba AI AB ("Garba", "we", "us", or "our") uses artificial intelligence ("AI") within its services, including meeting transcription and summarisation, deal intelligence, email intelligence, coaching insights, sentiment analysis, and other automated revenue execution outputs. The purpose of this policy is to provide transparency about how AI is integrated into our platform and to set out the safeguards we apply to customer data.

Garba AI AB is a Swedish company registered under organisation number 559516-6348, with its registered office at Anckargripsgatan 3, 211 19 Malmö, Sweden.

2. Scope of AI Usage

Garba uses AI to help revenue teams capture, understand, and act on customer interactions. AI capabilities currently include:

  • Automated transcription — converting meeting audio and video into speaker-attributed text in 100+ languages.
  • Meeting summarisation — generating concise summaries, action items, and structured extracts from each meeting.
  • Deal intelligence — extracting signals against sales methodologies including MEDDPICC, SPICED, and BANT, with risk indicators and next-best-action recommendations.
  • Email intelligence — analysing inbound and outbound email content and metadata to surface deal context, stakeholder mapping, and engagement signals.
  • Coaching insights and scorecards — applying configurable scorecards (MEDDPICC, SPICED, BANT, custom playbooks) to evaluate meetings and surface coaching moments.
  • Sentiment and tonal analysis — analysing communication style and engagement for coaching purposes.
  • CRM automation — populating CRM fields (HubSpot, Salesforce, Pipedrive) with structured outputs derived from meetings and emails.
  • AI-generated content — drafting follow-up emails, business cases, proposals, and similar artifacts in the user's voice and brand.
  • Cross-meeting intelligence and search — aggregating signals across calls, emails, and CRM to answer revenue-wide questions (e.g. competitive intelligence, win/loss patterns).
  • MCP server — exposing meeting and account data to authorised third-party AI assistants via the Model Context Protocol, under customer-controlled access.

3. Data Sources for AI Processing

Garba's AI features process data that may include:

  • Audio and/or video recordings of meetings hosted on Zoom, Microsoft Teams, and Google Meet.
  • Transcripts generated from meeting audio.
  • Meeting metadata (date, time, duration, participants, agenda).
  • Calendar data used to schedule recordings and route notifications.
  • Email content and metadata (where the customer has connected their mailbox to Garba).
  • CRM data synchronised through customer-authorised integrations.
  • Notes, comments, scorecard inputs, and other content provided by users within the platform.
  • Authentication data needed to operate the service securely.

4. Human Involvement

Garba's AI features are designed to assist users, not to replace human judgment.

  • All AI outputs — including transcripts, summaries, scorecards, deal-stage suggestions, CRM updates, and drafted emails — are intended as recommendations or assistive content.
  • Users are responsible for reviewing AI-generated content before relying on it for decisions, before sending external communication, and before treating CRM updates as the source of truth.
  • Where AI outputs feed back into customer systems (such as CRM field updates), customers control which fields are eligible for AI-driven changes and can require human confirmation.

5. AI Models and Providers

Garba uses a combination of large language models, transcription models, and supporting AI services. All AI processing is performed within the EU/EEA on dedicated regions operated by established cloud providers.

5.1 EU data residency

  • Application data and AI processing are hosted on Microsoft Azure (Gävle, Sweden).
  • Transcription is performed by Deepgram and Gladia on EU infrastructure.
  • Large language model inference is performed via Anthropic (Claude) on AWS Bedrock EU cross-region inference (Frankfurt and other EU regions), Azure OpenAI in Sweden, and Google Cloud Vertex AI in Belgium.
  • No personal data is transferred to third countries under GDPR Chapter V as part of AI processing. Where any subprocessor is established outside the EU/EEA, processing occurs on EU-hosted infrastructure under Standard Contractual Clauses and the EU-U.S. Data Privacy Framework where applicable.

5.2 No training on customer data

Garba does not use customer data to train, retrain, or fine-tune any public, shared, or external AI models. AI providers acting as subprocessors are contractually prohibited from using customer prompts, transcripts, emails, or any other Garba customer data for model training. Prompts and outputs are processed transiently for the purpose of generating the requested response and are not retained by the AI providers beyond what is required to deliver the service.

5.3 Subprocessors

All AI subprocessors are subject to written Data Processing Agreements and to the prior-notice and right-to-object mechanisms set out in Garba's Data Processing Agreement (DPA). A current list of subprocessors involved in AI processing is available on request by contacting privacy@garba.ai.

5.4 AI Act classification and roles

Garba classifies the Service under Regulation (EU) 2024/1689 (the "AI Act") as a limited-risk AI system. The Service does not perform any of the practices prohibited under Article 5 of the AI Act and is not listed in Annex III as a high-risk system.

  • Garba's role: Garba acts as the Provider of the Service within the meaning of Article 3(3) of the AI Act, and as a Downstream Provider within the meaning of Article 3(68) in respect of its integration of third-party general-purpose AI (GPAI) models. Garba is not the Provider of the underlying GPAI models, which remain the responsibility of the relevant model providers.
  • Customer's role: The customer acts as the Deployer when using the Service in the course of its professional activities. The customer is responsible for assessing whether its own use of the Service results in a different classification (for example, where the Service is integrated into a high-risk product or system) and for complying with any obligations resulting from such use.

Garba will notify customers without undue delay of any change to the Service that materially affects this classification. Further detail on AI Act compliance is set out in Garba's AI & Regulatory Compliance Addendum, available on request.

6. Accuracy and Limitations

AI outputs may contain errors, omissions, or misinterpretations. Models can mishear speech, mislabel speakers, misclassify deal signals, or produce text that is plausible but inaccurate.

  • Customers should validate critical information — including action items, commitments, scorecard outcomes, and CRM updates — before acting on AI-generated content.
  • AI features are provided on an "as is" basis. Garba does not guarantee 100% accuracy of any AI output.
  • Where customers configure Garba to take automated actions (for example, syncing fields back to CRM or sending drafted emails), the customer is responsible for setting appropriate review thresholds.
  • All AI-generated outputs of the Service (including transcripts, summaries, and analyses) are clearly identified as AI-generated within the user interface, in accordance with Article 50 of the AI Act.

7. Data Retention for AI Features

Retention of AI-related data follows the schedule set out in Garba's DPA. Customers can configure retention within the limits below and can delete data earlier at any time.

  • Audio recordings: customer-configured (default 90 days, with the option to extend). Deleted no later than three (3) months after termination of the customer's account.
  • Transcripts: customer-configured (default 12 months). Deleted no later than three (3) months after termination.
  • Email content and metadata: customer-configured (default 12 months). Deleted no later than three (3) months after termination.
  • AI-derived outputs (summaries, scorecards, deal intelligence, drafted content): stored with the associated meeting, email, or deal record and follow the retention period of the source data.
  • Meeting and account metadata: retained during the term of the agreement and deleted no later than three (3) months after termination.
  • Backups: expire in accordance with the applicable backup rotation schedule (between seven (7) days and three (3) years depending on the type of backup).

8. Customer Responsibilities

When using Garba's AI features, the customer (acting as Controller) must:

  • Obtain all necessary consents and establish the appropriate legal basis for recording, transcription, and email analysis under applicable law.
  • Inform meeting participants that AI will be used to process meeting content. Garba supports this by sending automated reminder notifications before meetings, with an opt-out mechanism.
  • Configure user permissions, retention settings, and CRM/email integrations in line with the customer's own data protection obligations.
  • Use AI outputs appropriately and ethically, including by reviewing recommendations before acting on them and avoiding decisions about individuals taken solely on the basis of automated processing.

9. Security and Compliance

All AI processing is performed in accordance with Garba's Privacy Policy, Data Processing Agreement, and Information Security Management System (ISMS).

  • Data is encrypted in transit (TLS) and at rest.
  • Access to customer data is governed by role-based access control with the principle of least privilege, and all access is logged.
  • AI processing occurs exclusively on EU-hosted infrastructure, supporting GDPR and Schrems II compliance.
  • Personally identifiable information is masked in operational logs.
  • Garba operates a documented incident response process and commits to notifying affected customers of qualifying personal data breaches within 48 hours.

10. Automated Decision-Making

Garba's AI features do not produce decisions that have legal or similarly significant effects on individuals within the meaning of Article 22 GDPR. AI outputs are intended as inputs to human decisions made by the customer's revenue team. Customers configuring automation that meaningfully affects individuals (for example, performance evaluations of their own employees based on Garba scorecards) remain responsible for ensuring meaningful human review and for fulfilling any applicable transparency and rights obligations.

11. Changes to This Policy

We may update this AI Policy from time to time to reflect technological, legal, or operational changes. Material updates will be published on garba.ai/trust and communicated to customers in line with the notice provisions of the applicable agreement. Continued use of the services after publication constitutes acceptance of the updated policy.

12. Contact Information

For questions about this AI Policy or Garba's AI features:

Email: support@garba.ai
Postal: Garba AI AB, Anckargripsgatan 3, 211 19 Malmö, Sweden