Get Context

Privacy Policy

Last updated: 29 April 2026

This policy explains exactly what data Get Context collects, what we do with it, and what control you have. It is written for humans, not lawyers. If anything is unclear, write to support.

1. Who we are

Get Context ("the Service") is operated by Aleksandr Khomich (the "Operator") as an individual. Contact: hello@context.select.

2. Data we collect

2.1 Account data (when you connect Get Context)

• Zoom account ID, email, name — provided by Zoom OAuth so the Service knows which user authorized it.
• Zoom OAuth access & refresh tokens — stored encrypted, used only to fetch meeting metadata (join URL, password) when a webhook arrives.
• Google Calendar access tokens (if you connect Calendar) — used only to read upcoming meetings so the bot can join on time.
• Telegram chat ID (if you opt in) — used to send you "notes are ready" notifications.

2.2 Meeting data (during the meeting)

• Audio recording — captured by the bot during the meeting via Zoom Meeting SDK.
• Participant names and join/leave timestamps — provided by Zoom.
• Meeting topic, ID, and start time — provided by Zoom webhook.

2.3 Generated data (after the meeting)

• Transcript — produced by Groq Whisper Large v3 from the audio.
• Summary, action items, decisions — produced by Anthropic Claude Haiku from the transcript.

3. What we do not collect

• We do not collect video.
• We do not collect screen share content (recording configured for audio only).
• We do not access your Zoom account beyond what OAuth scopes explicitly allow (see §6).
• We do not access your other Google data — only Calendar events you explicitly grant.
• We do not collect device fingerprints, cookies for tracking, or analytics.

4. Where data lives and for how long

Data	Location	Retention
Audio recording	Cloudflare R2 (EU)	Deleted within 24 hours after transcription
Transcript & summary	Your own GitHub repo	Until you delete it
OAuth tokens	Cloudflare KV (encrypted, EU)	Until you revoke access
Zoom webhook payloads	Cloudflare KV (EU)	30 days

5. Third parties (sub-processors)

• Cloudflare (Workers, R2, KV) — hosting and storage of audio + tokens. Data resides in EU. Cloudflare privacy.
• Groq — speech-to-text transcription. Audio is sent to Groq for processing. Groq's policy explicitly forbids training on customer data. Groq privacy.
• Anthropic — Claude API generates the summary. Anthropic does not train on API inputs by default. Anthropic privacy.
• Hetzner (Germany) — VPS that runs the bot infrastructure. Hetzner privacy.
• GitHub — your own repo where notes are stored. You control access.
• Telegram — only if you opt in for notifications. We send you a chat message; nothing more.

6. Zoom OAuth scopes

The Service requests the minimum scopes required to function:

• meeting:read:meeting — read meeting metadata (join URL, password) when a meeting starts.
• user:read:user — read your name and email so we can identify your account.
• user:read:zak — fetch a short-lived Zoom Access Key per meeting so the bot can join meetings you are invited to (per Zoom's March 2, 2026 authorization policy). The ZAK is used immediately and not stored.

The Service does not request scopes for creating, modifying, or deleting meetings, nor for reading other users' data.

7. Your rights (GDPR, CCPA)

• Access: request a copy of all data we hold about you.
• Deletion: request deletion of all data. We comply within 30 days.
• Export: your meeting notes are already in your own GitHub repo as plain Markdown — fully exportable.
• Revoke access: uninstall Get Context from Zoom Marketplace. Tokens are deleted within 24 hours.

To exercise any of these rights, write to hello@context.select.

8. Security

• All data in transit uses TLS 1.2 or higher.
• OAuth tokens are encrypted at rest in Cloudflare KV.
• Webhook authenticity is verified via HMAC-SHA256.
• Audio recordings are deleted within 24 hours of transcription.
• The Operator is the only person with administrative access to the infrastructure.

9. Children

The Service is not intended for users under 16. We do not knowingly collect data from minors. If you believe a minor has used the Service, contact us and we will delete their data.

10. Changes to this policy

If this policy changes materially, we will notify connected users via Telegram and email at least 30 days before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy questions, data access requests, or deletion requests, contact hello@context.select. We respond within 5 business days.