Privacy Policy — Elsa Meeting Companion
Last updated: 17 June 2026
This Privacy Policy describes how Elsa Meeting Companion (the “Service”), operated by ELSA, Corp., accesses, uses, stores, and shares your data — with particular focus on data obtained from Google APIs and Zoom APIs. It supplements the ELSA Privacy Policy and ELSA Terms of Service; where this policy is silent, the ELSA Privacy Policy applies. This document is organized in two parts — A · Google and B · Zoom — followed by shared sections that apply to both providers.
A · Google
The sections below (A1–A5) describe how the Service handles data from Google APIs. If you connected the Service via Google (Calendar, Google Meet), this part applies to you.
A1. Google user data we access
When you connect a personal Google account, the Service requests the following read-only scopes. Every scope below is read-only; the Service does not write to your Google account.
| Google OAuth scope | Data accessed | Why we need it |
|---|---|---|
openid |
OIDC subject identifier | Standard OpenID Connect sign-in |
userinfo.email |
Your email address | Identify the connected account |
userinfo.profile |
Your display name | Label you as a participant in your meetings |
calendar.readonly |
Your calendar events and their Meet / Zoom join links | Detect upcoming meetings so the Service can process them at the right time |
meetings.space.readonly |
Google Meet space and active-conference metadata | Resolve and join the correct active meeting |
meetings.conference.media.audio.readonly |
Meeting audio stream | Capture your speaking audio for personalized feedback |
Business (Workspace) accounts. If your organization enables Meeting
Companion via Google Workspace Domain-Wide Delegation (DWD), your Workspace admin
authorizes an equivalent read-only scope set once for the whole domain. That set adds one
additional read-only scope — admin.directory.user.readonly — used to look up
each participant’s Workspace identity so speech is attributed to the right learner.
No write scopes are requested under DWD.
A2. How we use Google data
Google user data is used only to provide the Service’s core feature: helping you improve your professional speaking. We detect your meetings, join them, and analyze the conversation to generate personalized feedback on your own communication — such as clarity, fluency, pacing, and word choice — which is surfaced only to you, the authenticated user. We do not use this data for any other purpose, and we do not build profiles of, or evaluate, other meeting participants.
A3. Limited Use (Google)
Elsa Meeting Companion’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, we do not sell Google user data, do not use or transfer it for serving advertisements, and do not allow humans to read it except as permitted by that policy (with your consent, for security purposes, to comply with applicable law, or where the data has been aggregated and anonymized).
A4. AI / model training (Google data)
We do not use Google user data — including your calendar, Meet metadata, or meeting audio — to develop, train, or improve generalized or standalone AI/ML models.
A5. Revoking Google access
You may disconnect your Google account at any time from within the Service. You can also revoke the Service’s access directly from your Google Account permissions page. Deletion of associated recordings, transcripts, and analysis follows the shared Storage, retention & deletion section below.
B · Zoom
The sections below (B1–B5) describe how the Service handles data from Zoom APIs. If you connected the Service via Zoom — either individually, or because your organization’s admin installed ELSA on your Zoom workspace — this part applies to you.
B1. Zoom user data we access
Zoom is integrated through two separate Marketplace apps: a user-managed app (individual OAuth) and an admin-managed app (workspace-level install by your Zoom account admin). The scopes each app requests are listed below. Most are read-only; the few write scopes are explicitly marked and used only to operate the bot-join or in-meeting-controls features described in section B2.
User-managed app (individual OAuth)
If you connect Zoom yourself from within the Service, the following ten scopes are requested. Nine are read-only; one is a limited write scope.
| Zoom OAuth scope | Type | Why we need it |
|---|---|---|
meeting:read:meeting |
Read | Look up a specific meeting by ID |
meeting:read:list_meetings |
Read | Enumerate your past meetings |
meeting:read:list_upcoming_meetings |
Read | Detect upcoming meetings the Service should process |
meeting:read:list_past_participants |
Read | Identify participants so your speech can be separated from others’ |
meeting:read:join_token:local_recording |
Read | Obtain a short-lived join token when a bot must capture audio (cloud recording unavailable) |
meeting:update:meeting |
Write | Attach the Meeting Companion bot to your meeting and update its passcode when required by the bot-join flow. Used only for bot-lifecycle mutations — never to change unrelated meeting fields |
user:read:user |
Read | Identify your account (Zoom name, email, account ID) |
cloud_recording:read:list_user_recordings |
Read | Find your cloud recordings for meetings the Service is processing |
cloud_recording:read:list_recording_files |
Read | Locate the audio file within each recording |
cloud_recording:read:recording |
Read | Download the meeting audio for analysis |
Admin-managed app (workspace install)
If your organization’s Zoom admin installs the Service on the Zoom workspace, eleven admin-suffixed scopes are authorized once on behalf of the whole workspace. In this mode you do not see an individual Zoom OAuth consent screen. Ten are read-only; one is a limited write scope.
| Zoom OAuth scope | Type | Why we need it |
|---|---|---|
meeting:read:meeting:admin |
Read | Look up a specific meeting by ID on the workspace |
meeting:read:list_meetings:admin |
Read | Enumerate past meetings across the workspace |
meeting:read:list_upcoming_meetings:admin |
Read | Detect upcoming meetings the Service should process |
meeting:read:list_past_participants:admin |
Read | Identify participants for speaker separation |
meeting:read:local_recording_token:admin |
Read | Obtain a short-lived join token for bot-based capture when needed |
meeting:update:in_meeting_controls:admin |
Write | Start cloud recording on a workspace meeting when the Service must capture audio and no cloud recording is already in progress. Scope is limited to in-meeting controls; it cannot change scheduling or membership |
user:read:user:admin |
Read | Look up a specific workspace user |
user:read:list_users:admin |
Read | Enumerate workspace members so they can be matched to ELSA learners |
cloud_recording:read:list_user_recordings:admin |
Read | Find cloud recordings for meetings across the workspace |
cloud_recording:read:list_recording_files:admin |
Read | Locate the audio file within each recording |
cloud_recording:read:recording:admin |
Read | Download the meeting audio for analysis |
Real-time transcription (RTMS) is not delivered under the admin-managed app. If your organization needs live in-call analysis, individual learners still complete the user-managed OAuth flow on top of the workspace install.
B2. How we use Zoom data
Zoom user data is used only to provide the Service’s core feature: detecting your meetings, capturing your meeting audio (via cloud recording or, when requested, a bot join), and generating personalized speaking feedback that is surfaced only to you. We do not build profiles of, or evaluate, other meeting participants using Zoom data.
B3. Zoom Marketplace policy compliance
The Service’s use and transfer of information received from Zoom APIs adheres to Zoom’s Privacy Statement and Marketplace developer policies. We do not sell Zoom user data, do not use or transfer it for advertising, and do not allow humans to read it except as permitted by those policies (with your consent, for security purposes, to comply with applicable law, or where the data has been aggregated and anonymized).
B4. AI / model training (Zoom data)
We do not use Zoom user data — including your meeting list, participant information, cloud recordings, or transcripts — to develop, train, or improve generalized or standalone AI/ML models.
B5. Revoking Zoom access
You may disconnect your Zoom account at any time from within the Service. You can also uninstall the ELSA app directly from the Zoom Marketplace » Installed Apps page. Under an admin-managed workspace install, individual users may also request an organization-level disconnect through their admin. Deletion of associated recordings, transcripts, and analysis follows the shared Storage, retention & deletion section below.
6. Storage, retention & deletion
Meeting recordings, transcripts, and analysis — whether obtained via Google or Zoom — are stored on our hosting infrastructure and are accessible only to you and authorized members of your organization. We retain this data for as long as your account is active or as needed to provide the Service. You may request deletion of your data at any time by contacting privacy@elsanow.io.
7. Sharing
We do not sell your data and do not share it for advertising or retargeting. We share data only with sub-processors that help us operate the Service (e.g. cloud hosting and transcription), under contractual confidentiality obligations, and where required by law.
8. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict its processing. To exercise these rights, contact privacy@elsanow.io. See the ELSA Privacy Policy for the full description of your rights.
9. Contact
Questions about this policy or your data can be sent to privacy@elsanow.io.
