Privacy Policy
Last updated: March 2026
Contents
- 1. Data Controller
- 2. Information We Collect
- 3. Audio Data Processing
- 4. Device Access & Consent
- 5. Meeting Metadata
- 6. Legal Basis for Processing
- 7. Third-Party API Disclosure
- 8. Data Retention
- 9. International Data Transfers
- 10. Data Security
- 11. Your Rights
- 12. GDPR Rights (EEA)
- 13. CCPA Rights (California)
- 14. Cookie Policy
- 15. No Sale of Data
- 16. No Surveillance
- 17. Children's Privacy
- 18. Zoom Integration
- 19. Analytics
- 20. Changes to This Policy
- 21. Contact Information
1. Data Controller Information
The data controller responsible for your personal data is:
C2HL (operating as MeetingSync AI)
Seoul, Republic of Korea
Email: privacy@meetingsync.ai
If you have any questions or concerns about how we handle your personal data, please contact our privacy team at privacy@meetingsync.ai. For data protection matters under GDPR, you may also contact us at the same address and your request will be handled by the appropriate data protection contact.
2. Information We Collect
When you use MeetingSync AI, we may collect the following categories of information:
- Audio streams — processed in real-time for speech recognition and translation (not stored; see Audio Data Processing below)
- Meeting metadata — session IDs, participant counts, language selections, and usage duration
- Account information — email address, display name, and Zoom user ID (provided during sign-in)
- Usage data — service health metrics, feature usage patterns, and error diagnostics (aggregated and anonymized)
3. Audio Data Processing
Audio from your Zoom meetings is processed in real-time for speech recognition and translation. We do not store audio recordings. Audio data is transcribed, translated, and immediately discarded from our processing pipeline. Only the resulting text transcripts and translations are retained for the session duration.
We never use your audio data to train AI models. Audio processing occurs through our sub-processor services (Azure Cognitive Services, Google Cloud) under data processing agreements that prohibit use of your data for model training.
4. Device Access & Consent
MeetingSync AI requires access to your microphone to capture audio for real-time translation. Microphone access is requested through Zoom's native permission system — you must explicitly grant permission before any audio is captured. You can revoke microphone access at any time through Zoom's app permissions settings.
No other device hardware (camera, screen, files) is accessed by MeetingSync AI. We never access your camera or screen content.
5. Meeting Metadata
We collect meeting identifiers (session IDs), participant counts, language pair selections, and usage duration to provide the service and generate billing records. This metadata does not include personally identifiable information such as participant names or email addresses. Metadata is retained for up to 90 days.
6. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR, Article 6), we process personal data on the following legal bases:
- Consent (Art. 6(1)(a)) — We rely on your consent for analytics and telemetry data collection. You may withdraw consent at any time via the in-app privacy settings without affecting the lawfulness of processing prior to withdrawal.
- Contractual necessity (Art. 6(1)(b)) — We process your account information and session data as necessary to provide the real-time translation service you have contracted for. Without this processing, we cannot deliver the service.
- Legitimate interests (Art. 6(1)(f)) — We process limited technical data for service security, fraud prevention, and abuse prevention. Our legitimate interests are balanced against your rights and do not override your fundamental privacy interests.
- Legal obligation (Art. 6(1)(c)) — We retain billing records for the minimum period required by applicable financial regulations.
7. Third-Party API Disclosure
MeetingSync AI uses the following third-party services as sub-processors for speech recognition and translation:
- Azure Cognitive Services (Microsoft) — speech-to-text processing. Privacy policy: privacy.microsoft.com
- Google Cloud Translation — text translation. Privacy policy: policies.google.com/privacy
- OpenAI — AI-powered translation and glossary processing. Privacy policy: openai.com/privacy
- DeepL — text translation. Privacy policy: deepl.com/privacy
Audio and text data are transmitted to these services solely for the purpose of providing real-time translation. Each sub-processor operates under its own privacy policy and data processing agreements with C2HL that comply with applicable data protection law.
8. Data Retention
Session transcripts and translations are retained for 7 days after session completion, after which they are automatically deleted. Billing records are retained for a minimum of 7 years in compliance with financial regulations.
Upon deauthorization (uninstalling MeetingSync AI from Zoom), all your data — including session records, account information, and billing history — is permanently deleted within 10 calendar days, as required by Zoom's Marketplace Developer Agreement.
9. International Data Transfers
MeetingSync AI is hosted on Microsoft Azure infrastructure primarily in US East 2 and Central US regions. Your data may also be processed in other regions where our sub-processors (Azure Cognitive Services, Google Cloud, OpenAI, DeepL) maintain servers, including regions within the European Union.
Where personal data is transferred outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including standard contractual clauses (SCCs) as approved by the European Commission, and data processing agreements that impose GDPR-equivalent protections on sub-processors.
10. Data Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher
- Data at rest is encrypted using AES-256 encryption provided by Microsoft Azure infrastructure
- API keys and secrets are stored in Azure Key Vault, never in client-side code
- Access to production systems is restricted to authorized personnel with multi-factor authentication (MFA)
- We conduct ongoing security monitoring and periodic security reviews
While no method of transmission or storage is 100% secure, we continuously monitor and improve our security practices. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law.
11. Your Rights
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right of correction — request that we correct any inaccurate personal data
- Right of deletion — request that we delete your personal data
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request your data in a structured, machine-readable format
To exercise any of these rights, contact us at privacy@meetingsync.ai. We will respond to your request within 30 days.
12. Your Rights Under GDPR (EEA Residents)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR, Articles 15–22):
You may request a copy of all personal data we hold about you, including the purposes and recipients of processing.
You may request correction of inaccurate or incomplete personal data without undue delay.
You may request deletion of your personal data ("right to be forgotten") where there is no compelling reason for its continued processing.
You may request that we restrict processing of your data in certain circumstances, for example while accuracy is contested.
You may receive your personal data in a structured, commonly-used, machine-readable format and transmit it to another controller.
You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
You have the right not to be subject to decisions based solely on automated processing that significantly affects you. We do not engage in automated decision-making with legal or similarly significant effects.
You have the right to lodge a complaint with your local data protection supervisory authority (DPA). In Korea: Personal Information Protection Commission (PIPC). In the EU: contact your national DPA.
To exercise GDPR rights, contact us at privacy@meetingsync.ai. We will respond within 30 days and may request identity verification.
13. Your Rights Under CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with the following rights:
- Right to Know — You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as the purposes for collection and the categories of third parties with whom we share it.
- Right to Delete — You have the right to request that we delete personal information we have collected about you, subject to certain exceptions (such as data needed to complete a transaction or comply with a legal obligation).
- Right to Opt-Out of Sale — We do not sell your personal information to third parties. You therefore have no need to opt-out. We will never sell your data without explicit notice and an opportunity to opt-out.
- Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights. You will receive the same quality of service regardless of whether you exercise these rights.
To exercise your CCPA rights, submit a request to privacy@meetingsync.ai with subject line “CCPA Privacy Request”. We will respond within 45 days.
15. No Sale of Personal Data
We do not sell, rent, or trade your personal data to third parties. Your data is used solely to provide and improve the MeetingSync AI translation service. We will never monetize your personal data or meeting content through advertising or data brokerage.
16. No Surveillance or Profiling
We do not build behavioral profiles based on Zoom users' activity for advertising or marketing purposes. We do not engage in surveillance of meeting content. Translation processing is performed solely to deliver real-time translations to session participants — not to analyze, categorize, or profile participants or meeting topics.
17. Children's Privacy
MeetingSync AI is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete that information promptly.
If you believe a child under 16 has provided us with personal data, please contact us at privacy@meetingsync.ai.
18. Zoom Integration & Deauthorization
This app operates within the Zoom platform. When you use MeetingSync AI in a Zoom meeting or webinar, Zoom's own privacy policy applies to the underlying meeting infrastructure. We only receive audio data you authorize through Zoom's permission system.
When you uninstall (deauthorize) MeetingSync AI from your Zoom account, we receive a deauthorization webhook from Zoom. Within 10 calendar days, we permanently delete all Customer Data associated with your account, including session records, transcripts, translations, and account information. We then send a data compliance notification back to Zoom confirming deletion is complete.
19. Analytics
We use Azure Application Insights for service health monitoring and aggregate usage analytics. Analytics collection is subject to your consent via our in-app consent banner. You may withdraw consent at any time in the privacy settings without affecting service functionality. No personally identifiable audio or transcript content is included in analytics data.
20. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you through the MeetingSync AI application and update the “Last updated” date at the top of this policy.
Your continued use of the service after such changes constitutes acceptance of the updated policy. If you do not agree with the updated policy, you should stop using the service and may request deletion of your data.
21. Contact Information
For privacy-related inquiries, requests to exercise your rights, or concerns about this policy, contact us at:
Privacy Team — MeetingSync AI (C2HL)
Email: privacy@meetingsync.ai
We are committed to resolving privacy concerns and will respond within 30 days. For GDPR matters, your request will be escalated to our data protection contact. For CCPA matters, please include “CCPA Privacy Request” in your subject line.
For legal inquiries: legal@meetingsync.ai | See also: Terms of Service