Privacy Policy
Last updated: 13 June 2026
This policy explains exactly what data Get Context collects, what we do with it, and what control you have. It is written for humans, not lawyers. If anything is unclear, write to support.
1. Who we are
Get Context ("the Service") is operated by Aleksandr Khomich (the "Operator") as an individual. Contact: hello@context.select.
2. Data we collect
2.1 Account data (when you connect Get Context)
- Zoom account ID, email, name — provided by Zoom OAuth so the Service knows which user authorized it.
- Zoom OAuth access & refresh tokens — stored encrypted, used only to fetch meeting metadata (join URL, password) when a webhook arrives.
- Google Calendar access tokens (if you connect Calendar) — used only to read upcoming meetings so the bot can join on time.
- Telegram chat ID (if you opt in) — used to send you "notes are ready" notifications.
2.2 Meeting data (during the meeting)
- Audio stream — the meeting's audio is received in real time over Zoom RTMS (Real-Time Media Streams). No bot joins the meeting as a participant; Zoom streams the audio directly to our backend after you authorize the app, and Zoom displays its native attribution badge to all participants.
- Participant names and join/leave timestamps — provided by Zoom.
- Meeting topic, ID, and start time — provided by Zoom webhook.
2.3 Generated data (after the meeting)
- Transcript — produced by Groq Whisper Large v3 from the audio.
- Summary, action items, decisions — produced by Anthropic Claude Haiku from the transcript.
3. What we do not collect
- We do not collect video.
- We do not collect screen share content (recording configured for audio only).
- We do not access your Zoom account beyond what OAuth scopes explicitly allow (see §6).
- We do not access your other Google data — only Calendar events you explicitly grant.
- We do not collect device fingerprints, cookies for tracking, or analytics.
4. Where data lives and for how long
| Data | Location | Retention |
| Meeting audio | Streamed to the Hetzner sidecar (Germany), written to a temporary working file during the meeting and compressed for transcription. A compressed copy is backed up to Cloudflare R2 (EU) so a meeting is not lost if processing crashes mid-way. | Working files are deleted as soon as the transcript is committed; the R2 backup auto-expires on a 7-day lifecycle (worst case, audio is gone within 7 days) |
| Transcript & summary | Your own GitHub repo | Until you delete it |
| OAuth tokens | Cloudflare KV (encrypted, EU) | Until you revoke access |
| Zoom webhook payloads | Cloudflare KV (EU) | 30 days |
5. Third parties (sub-processors)
- Cloudflare (Workers, KV, R2) — Worker runtime, OAuth token storage, webhook payload deduplication, and a short-term encrypted backup of meeting audio in R2 (EU, 7-day lifecycle) for crash recovery. Data resides in EU. Cloudflare privacy.
- Groq — speech-to-text transcription. Audio is sent to Groq for processing. Groq's policy explicitly forbids training on customer data. Groq privacy.
- Anthropic — Claude API generates the summary. Anthropic does not train on API inputs by default. Anthropic privacy.
- Hetzner (Germany) — VPS that runs the bot infrastructure. Hetzner privacy.
- GitHub — your own repo where notes are stored. You control access.
- Telegram — only if you opt in for notifications. We send you a chat message; nothing more.
6. Zoom OAuth scopes
The Service requests the minimum scopes required to function:
user:read:user — read your name and email so we can identify your account.
user:read:zak — fetch a short-lived Zoom Access Key (legacy fallback for the few corner cases not covered by RTMS). The ZAK is used immediately and not stored.
meeting:read:meeting — read meeting metadata when a meeting starts.
meeting:read:meeting_audio — receive the meeting's audio stream over Zoom RTMS.
rtms:read:rtms_started — be notified by Zoom when an RTMS stream becomes available.
rtms:read:rtms_stopped — be notified by Zoom when an RTMS stream ends.
The Service does not request scopes for creating, modifying, or deleting meetings, nor for reading other users' data.
7. Your rights (GDPR, CCPA)
- Access: request a copy of all data we hold about you.
- Deletion: request deletion of all data. We comply within 30 days.
- Export: your meeting notes are already in your own GitHub repo as plain Markdown — fully exportable.
- Revoke access: uninstall Get Context from Zoom Marketplace. Tokens are deleted within 24 hours.
To exercise any of these rights, write to hello@context.select.
8. Security
- All data in transit uses TLS 1.2 or higher.
- OAuth tokens are encrypted at rest in Cloudflare KV.
- Webhook authenticity is verified via HMAC-SHA256.
- Working audio files are deleted as soon as the transcript is committed; the encrypted R2 backup auto-expires within 7 days.
- The Operator is the only person with administrative access to the infrastructure.
9. Children
The Service is not intended for users under 16. We do not knowingly collect data from minors. If you believe a minor has used the Service, contact us and we will delete their data.
10. Changes to this policy
If this policy changes materially, we will notify connected users via Telegram and email at least 30 days before the change takes effect. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For privacy questions, data access requests, or deletion requests, contact hello@context.select. We respond within 5 business days.