Privacy Policy — Elsa Meeting Companion

Privacy Policy — Elsa Meeting Companion

Last updated: 17 June 2026

This Privacy Policy describes how Elsa Meeting Companion (the “Service”), operated by ELSA, Corp., accesses, uses, stores, and shares your data — with particular focus on data obtained from Google APIs and Zoom APIs. It supplements the ELSA Privacy Policy and ELSA Terms of Service; where this policy is silent, the ELSA Privacy Policy applies. This document is organized in two parts — A · Google and B · Zoom — followed by shared sections that apply to both providers.

A · Google

The sections below (A1–A5) describe how the Service handles data from Google APIs. If you connected the Service via Google (Calendar, Google Meet), this part applies to you.

A1. Google user data we access

When you connect a personal Google account, the Service requests the following read-only scopes. Every scope below is read-only; the Service does not write to your Google account.

Google OAuth scope Data accessed Why we need it
openid OIDC subject identifier Standard OpenID Connect sign-in
userinfo.email Your email address Identify the connected account
userinfo.profile Your display name Label you as a participant in your meetings
calendar.readonly Your calendar events and their Meet / Zoom join links Detect upcoming meetings so the Service can process them at the right time
meetings.space.readonly Google Meet space and active-conference metadata Resolve and join the correct active meeting
meetings.conference.media.audio.readonly Meeting audio stream Capture your speaking audio for personalized feedback

Business (Workspace) accounts. If your organization enables Meeting Companion via Google Workspace Domain-Wide Delegation (DWD), your Workspace admin authorizes an equivalent read-only scope set once for the whole domain. That set adds one additional read-only scope — admin.directory.user.readonly — used to look up each participant’s Workspace identity so speech is attributed to the right learner. No write scopes are requested under DWD.

A2. How we use Google data

Google user data is used only to provide the Service’s core feature: helping you improve your professional speaking. We detect your meetings, join them, and analyze the conversation to generate personalized feedback on your own communication — such as clarity, fluency, pacing, and word choice — which is surfaced only to you, the authenticated user. We do not use this data for any other purpose, and we do not build profiles of, or evaluate, other meeting participants.

A3. Limited Use (Google)

Elsa Meeting Companion’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, we do not sell Google user data, do not use or transfer it for serving advertisements, and do not allow humans to read it except as permitted by that policy (with your consent, for security purposes, to comply with applicable law, or where the data has been aggregated and anonymized).

A4. AI / model training (Google data)

We do not use Google user data — including your calendar, Meet metadata, or meeting audio — to develop, train, or improve generalized or standalone AI/ML models.

A5. Revoking Google access

You may disconnect your Google account at any time from within the Service. You can also revoke the Service’s access directly from your Google Account permissions page. Deletion of associated recordings, transcripts, and analysis follows the shared Storage, retention & deletion section below.

B · Zoom

The sections below (B1–B5) describe how the Service handles data from Zoom APIs. If you connected the Service via Zoom — either individually, or because your organization’s admin installed ELSA on your Zoom workspace — this part applies to you.

B1. Zoom user data we access

Zoom is integrated through two separate Marketplace apps: a user-managed app (individual OAuth) and an admin-managed app (workspace-level install by your Zoom account admin). The scopes each app requests are listed below. Most are read-only; the few write scopes are explicitly marked and used only to operate the bot-join or in-meeting-controls features described in section B2.

User-managed app (individual OAuth)

If you connect Zoom yourself from within the Service, the following ten scopes are requested. Nine are read-only; one is a limited write scope.

Zoom OAuth scope Type Why we need it
meeting:read:meeting Read Look up a specific meeting by ID
meeting:read:list_meetings Read Enumerate your past meetings
meeting:read:list_upcoming_meetings Read Detect upcoming meetings the Service should process
meeting:read:list_past_participants Read Identify participants so your speech can be separated from others’
meeting:read:join_token:local_recording Read Obtain a short-lived join token when a bot must capture audio (cloud recording unavailable)
meeting:update:meeting Write Attach the Meeting Companion bot to your meeting and update its passcode when required by the bot-join flow. Used only for bot-lifecycle mutations — never to change unrelated meeting fields
user:read:user Read Identify your account (Zoom name, email, account ID)
cloud_recording:read:list_user_recordings Read Find your cloud recordings for meetings the Service is processing
cloud_recording:read:list_recording_files Read Locate the audio file within each recording
cloud_recording:read:recording Read Download the meeting audio for analysis

Admin-managed app (workspace install)

If your organization’s Zoom admin installs the Service on the Zoom workspace, eleven admin-suffixed scopes are authorized once on behalf of the whole workspace. In this mode you do not see an individual Zoom OAuth consent screen. Ten are read-only; one is a limited write scope.

Zoom OAuth scope Type Why we need it
meeting:read:meeting:admin Read Look up a specific meeting by ID on the workspace
meeting:read:list_meetings:admin Read Enumerate past meetings across the workspace
meeting:read:list_upcoming_meetings:admin Read Detect upcoming meetings the Service should process
meeting:read:list_past_participants:admin Read Identify participants for speaker separation
meeting:read:local_recording_token:admin Read Obtain a short-lived join token for bot-based capture when needed
meeting:update:in_meeting_controls:admin Write Start cloud recording on a workspace meeting when the Service must capture audio and no cloud recording is already in progress. Scope is limited to in-meeting controls; it cannot change scheduling or membership
user:read:user:admin Read Look up a specific workspace user
user:read:list_users:admin Read Enumerate workspace members so they can be matched to ELSA learners
cloud_recording:read:list_user_recordings:admin Read Find cloud recordings for meetings across the workspace
cloud_recording:read:list_recording_files:admin Read Locate the audio file within each recording
cloud_recording:read:recording:admin Read Download the meeting audio for analysis

Real-time transcription (RTMS) is not delivered under the admin-managed app. If your organization needs live in-call analysis, individual learners still complete the user-managed OAuth flow on top of the workspace install.

B2. How we use Zoom data

Zoom user data is used only to provide the Service’s core feature: detecting your meetings, capturing your meeting audio (via cloud recording or, when requested, a bot join), and generating personalized speaking feedback that is surfaced only to you. We do not build profiles of, or evaluate, other meeting participants using Zoom data.

B3. Zoom Marketplace policy compliance

The Service’s use and transfer of information received from Zoom APIs adheres to Zoom’s Privacy Statement and Marketplace developer policies. We do not sell Zoom user data, do not use or transfer it for advertising, and do not allow humans to read it except as permitted by those policies (with your consent, for security purposes, to comply with applicable law, or where the data has been aggregated and anonymized).

B4. AI / model training (Zoom data)

We do not use Zoom user data — including your meeting list, participant information, cloud recordings, or transcripts — to develop, train, or improve generalized or standalone AI/ML models.

B5. Revoking Zoom access

You may disconnect your Zoom account at any time from within the Service. You can also uninstall the ELSA app directly from the Zoom Marketplace » Installed Apps page. Under an admin-managed workspace install, individual users may also request an organization-level disconnect through their admin. Deletion of associated recordings, transcripts, and analysis follows the shared Storage, retention & deletion section below.

6. Storage, retention & deletion

Meeting recordings, transcripts, and analysis — whether obtained via Google or Zoom — are stored on our hosting infrastructure and are accessible only to you and authorized members of your organization. We retain this data for as long as your account is active or as needed to provide the Service. You may request deletion of your data at any time by contacting privacy@elsanow.io.

7. Sharing

We do not sell your data and do not share it for advertising or retargeting. We share data only with sub-processors that help us operate the Service (e.g. cloud hosting and transcription), under contractual confidentiality obligations, and where required by law.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict its processing. To exercise these rights, contact privacy@elsanow.io. See the ELSA Privacy Policy for the full description of your rights.

9. Contact

Questions about this policy or your data can be sent to privacy@elsanow.io.