Privacy Policy

Last updated: September 25, 2025

---

Contact: info@gooslibot.com

This policy explains what data our application Gooslee Bot receives from Google and Zoom, how we use it, how long we retain it, and how you can delete it. It applies to the website gooslibot.com and the bot @GoosleeBot.

Important!

• We do not sell or share your personal data with third parties.
• We do not use this data to generate any commercial revenue.
• We do not process this data to later sell any derivative results to third parties.
• We do not use this data to send you marketing newsletters.

1) What Google data is requested (Data Access)

We request only the minimum Google OAuth permissions needed to authorize with Google APIs and to create meetings via the Google Meet API. The exact scopes are shown on Google's consent screen. In short:

• openid — required for basic authentication with Google.
• ./auth/userinfo.email — used only to identify your account; we do not use your email for mailings.
• ./auth/userinfo.profile — used to fetch your display name to personalize links and messages.
• ./auth/meetings.space.created — used solely to create Google Meet meetings on your behalf and obtain the meeting URL.
• OAuth technical metadata: we receive and store access/refresh tokens, expiry, and OAuth client identifiers.

We do NOT request call contents, audio/video streams, in-meeting chat, files, etc.

1) What Zoom data is requested (Data Access)

We request only the minimum Zoom OAuth permissions needed to authorize with Zoom APIs and to create meetings via the Zoom API. The exact scopes are shown on Zoom's consent screen. In short:

• meeting:write:meeting — used solely to create Zoom meetings on your behalf and obtain the meeting URL.
• OAuth technical metadata: we receive and store access/refresh tokens, expiry, and OAuth client identifiers.

We do NOT request call contents, audio/video streams, in-meeting chat, files, etc.

2) How we use the data (Data Use)

1. Create conferences (obtain/generate a join URL).
2. Security & diagnostics (valid OAuth sessions, abuse prevention).

3) Retention (Data Retention)

• OAuth tokens — stored encrypted (KMS/Secrets Manager) until revoked/expired or your connection is removed.
• Meeting metadata — ID, join URL, time — the minimum necessary so you can share the meeting URL with your counterpart. Typical retention: up to 3 days after the meeting ends, then deletion (unless required by law/settings).
• Technical logs (never call contents) — retained for up to 30 days for security and troubleshooting.

4) Deletion & control (Deletion & Control)

• Revoke Google OAuth access: Google Account → Security → Third-party access → Gooslee Bot → "Remove access".
• Revoke Zoom OAuth access: see Zoom Help Center "How to revoke app permissions" — Zoom instructions.
• Request data deletion: email info@gooslibot.com with subject "Data Deletion Request". We will delete related metadata and tokens (if not already purged) and confirm completion unless legally required to retain.

5) Security

All data in transit uses TLS 1.2+. Access follows the least-privilege principle. Tokens and secrets are encrypted at rest. We do not store call contents.

6) Children

The service is not intended for children under 13 and does not knowingly collect their data.

7) Changes

We may update this policy. Material changes will be posted on the site. Continued use constitutes acceptance of the updates.