Privacy Policy

CallRecap ("we," "our," or "us") provides post-call AI summaries and CRM integration for Zoom Contact Center. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By using CallRecap, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our service.

We collect and process the following types of information:

Zoom Account Information: When you sign in via Zoom OAuth, we receive your name, email address, Zoom account ID, and Contact Center user role. This is used to authenticate your identity and establish your organization.

Contact Center Engagement Data: We receive engagement metadata (call duration, timestamps, agent participants, queue information) and call transcripts via Zoom webhooks and APIs. Transcripts are processed by our AI to generate summaries and are not stored after processing.

AI-Generated Summaries: Call transcripts are sent to a third-party AI provider via secure API for processing. The resulting structured summaries (call reason, key points, outcome, action items, sentiment, and category) are stored in our database.

CRM Integration Data: If you connect a CRM, we store OAuth tokens or API credentials to push summaries to your CRM. We access only the CRM data necessary for contact matching (such as email addresses or phone numbers).

Billing Information: Subscription billing is handled by a third-party payment processor. We store your customer ID and subscription status but never store payment card details directly.

Usage Analytics: We collect anonymized usage data and error reports through third-party analytics and monitoring services to help us improve the product.

We use the information we collect to:

• Authenticate your identity and manage your account
• Process call transcripts and generate AI-powered summaries
• Push summaries to your connected CRM systems
• Manage subscription billing and enforce usage limits
• Provide agent performance analytics and reporting
• Monitor and improve service reliability and performance
• Communicate important service updates or changes to your account

CallRecap relies on third-party service providers to operate. These providers have their own privacy policies governing how they handle data. The categories of third-party services we use include:

• AI processing: Call transcripts are sent to a third-party AI provider via secure API to generate summaries.
• Payment processing: Subscription billing and payments are handled by a third-party payment processor. We never store your payment card details.
• Cloud infrastructure: We use third-party providers for application hosting, database storage, and background job processing.
• CRM integrations: When you connect a CRM, your summary data is shared with that CRM provider as directed by you.
• Analytics and monitoring: We use third-party services for anonymized product analytics and error monitoring to improve reliability.

Your data is stored in a secure database with encryption at rest and in transit. All communication between your browser and our servers uses HTTPS/TLS encryption. OAuth tokens and API credentials are stored securely in our database.

We implement organizational and technical measures to protect your data, including multi-tenant data isolation (all queries are scoped to your organization), role-based access controls, and secure webhook verification (HMAC-SHA256) for all incoming data.

Active Accounts: We retain your data for as long as your account is active. Engagement data, summaries, and CRM sync logs are stored indefinitely while your organization exists.

Account Deletion: When an administrator requests account deletion, there is a 30-day grace period during which the deletion can be cancelled. After 30 days, all organization data is permanently deleted, including user records, engagements, summaries, CRM connections, and billing records.

Zoom Deauthorization: If you uninstall CallRecap from the Zoom Marketplace, we immediately delete your Zoom OAuth tokens. Your organization data is preserved in case you choose to reinstall.

You have the following rights regarding your data:

• Data Export: You can export all your organization's data (summaries, agent records, categories, and CRM sync history) as a JSON file from Settings > Account at any time.
• Account Deletion: Administrators can request complete account deletion from Settings > Account. All data is permanently removed after a 30-day grace period.
• Zoom Deauthorization: You can revoke CallRecap's access to your Zoom account at any time through the Zoom Marketplace.
• CRM Disconnection: You can disconnect any CRM integration at any time from Settings > Integrations. This revokes our access to your CRM data.

CallRecap complies with Zoom's Marketplace requirements, including:

• Handling deauthorization notifications and promptly revoking access tokens
• Complying with Zoom's Data Compliance API for data deletion requests
• Using only the Zoom API scopes necessary for our service to function
• Verifying all webhook payloads via HMAC-SHA256 signature verification

CallRecap is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

Our services are hosted in the United States. If you access CallRecap from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our service, you consent to such transfer and processing.

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Continued use of CallRecap after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@mail.callrecap.io or visit our Contact page.

See also our Terms of Service for the terms governing your use of CallRecap.