← Back to firstcall

Privacy Policy

Last updated: June 8, 2026

1. Information We Collect

Account Information: When you sign up, we collect your name, email address, and Google account ID (via Google OAuth). We do not store your Google password.

Usage Data: We collect bot session metadata including meeting URLs, bot duration, timestamps, mode used, and billing costs. This is necessary for billing and service operation.

Payment Information: Credit purchases are processed by LemonSqueezy. We do not store credit card numbers. We receive transaction confirmations (amount, date) for crediting your account.

API Keys: API keys are stored as SHA-256 hashes. We cannot recover your raw API key after creation — it is shown once.

2. Meeting Data

Audio and Transcripts: Meeting audio and transcription data are processed in real-time and streamed directly to your application via WebSocket. FirstCall does not permanently store meeting audio or transcript content on our servers.

Screenshots: Screenshots taken during meetings are transmitted to your application in real-time and are not stored by FirstCall.

Participant Data: Participant names and join/leave events are forwarded to your application in real-time and are not stored beyond the active session.

Important: You, as the developer using our API, are the data controller for any meeting data your application collects and stores. FirstCall acts as a data processor — we transmit the data to you but do not retain it.

2.5 Zoom Integration Data

When you use FirstCall to join a Zoom meeting, our bot connects to the meeting via the Zoom Meeting SDK (Web). Through this integration, FirstCall receives only:

• The meeting ID, passcode, and join URL that you provide via our REST API
• The display name you specify for the bot
• The real-time audio stream of the meeting (processed in transit; not recorded or stored by FirstCall)
• Real-time transcription text (only when you enable transcription; transmitted to your application as events and not retained beyond active forwarding)
• Periodic screenshots (only when you enable screenshot capture; transmitted to your application as JPEG events and not retained)
• Participant join, leave, and active-speaker events
• Chat messages exchanged in the meeting (forwarded to your application in real time, not retained)
• Zoom SDK telemetry necessary for the session (connection state, error codes, session ID)

No meeting recording. FirstCall does not record meeting audio or video. Audio is processed in real time and streamed to your application; no audio or video file is stored on FirstCall's infrastructure. Transcription and screenshot capture are optional features that you enable explicitly via the API on a per-bot basis.

No OAuth scopes. FirstCall does NOT request or use Zoom OAuth scopes. We do not connect to your Zoom account, calendar, contacts, cloud recordings, or chat history. FirstCall operates with a single Meeting SDK credential issued to FirstCall by Zoom — it is not tied to any individual Zoom user.

How the bot joins. The bot joins as a visible meeting participant under the display name you specify. The meeting host may admit or remove the bot using standard Zoom participant controls. FirstCall does not bypass any Zoom access controls.

Participant notification. The FirstCall bot is a visible participant in the meeting. As infrastructure provider, FirstCall transmits meeting data to your application based on the configuration you set via our API. You, as the developer using FirstCall, are the data controller and are responsible for ensuring meeting participants are notified about the bot's presence, transcription, and screenshot capture, in accordance with applicable laws and Zoom's policies. FirstCall provides API-level controls (such as sending in-meeting chat messages) that you can use to deliver such notifications.

3. How We Use Your Information

• To provide and operate the Service
• To process billing and maintain your credit balance
• To send service-related communications (account alerts, billing receipts)
• To monitor and improve service performance and reliability
• To detect and prevent fraud or abuse

4. Data Storage and Security

• All customer data is stored or processed exclusively in AWS us-west-1 region (N. California, USA)
• All data in transit is encrypted via TLS/HTTPS
• API keys are hashed with SHA-256 before storage
• Webhook secrets are stored encrypted
• Bot session records are retained for 7 days, then automatically deleted
• Zoom-derived metadata (meeting IDs, passcodes, bot session records tied to Zoom meetings) follows the same 7-day retention as other bot session data
• Zoom OAuth tokens are NOT stored because FirstCall uses a static Meeting SDK credential and does not request user OAuth scopes
• Billing transaction history is retained for accounting purposes

5. Data Sharing

We do not sell your personal information. We may share data with:

• AWS: Infrastructure provider (data processing agreement in place)
• LemonSqueezy: Payment processing
• Zoom Video Communications, Inc.: When you direct FirstCall to join a Zoom meeting, our bot connects via the Zoom Meeting SDK. Meeting audio, participant data, and chat flow through Zoom's infrastructure as part of the meeting itself; this data is governed by Zoom's Privacy Statement and Zoom's Terms of Service. FirstCall does not transmit Zoom user data to Zoom — Zoom is the meeting host platform and the data originates within their systems.
• Law enforcement: When required by law or valid legal process

6. Your Rights

You have the right to:

• Access your personal data (available in your dashboard)
• Delete your account and associated data
• Export your billing and usage data
• Revoke API keys at any time

To exercise these rights, contact hi@firstcall.dev.

6.5 Uninstalling the Zoom Integration

FirstCall's Zoom integration does not require per-user installation or OAuth authorization on your Zoom account. Because no per-user Zoom-FirstCall connection is established, there is no per-user uninstall action you can take in the Zoom Marketplace.

If our Marketplace app appears in your Zoom installed-apps list at marketplace.zoom.us/user/installed, you may remove it at any time. Doing so does not affect any data on FirstCall's side because no per-user Zoom data is stored.

If you would like FirstCall to delete data associated with your FirstCall account (which is the actual location of any data tied to you), follow the account-deletion procedure in Section 6 above, or contact hi@firstcall.dev. We will respond and complete deletion within 30 days.

If Zoom sends FirstCall a deauthorization webhook for your account, we acknowledge and log the event for compliance audit purposes; no further action is required because no Zoom-bound user data exists on our side.

7. Cookies

The dashboard (app.firstcall.dev) uses essential cookies for authentication (session cookies via NextAuth.js). We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy. Changes will be posted here with an updated date. Continued use of the Service constitutes acceptance of changes.

10. Contact

Privacy questions? Contact us at hi@firstcall.dev.