1. Purpose and Scope

This policy outlines how Bear Claw® retains, manages, and deletes data
collected through our Zoom integration. We prioritize user control and
transparency while enabling our BC-Agent® historical query and insight
capabilities.

2. Types of Data We Collect and Retain

2.1 Meeting Data

• Zoom Meeting Transcripts: Full text transcripts from
  recorded meetings.
• Meeting Summaries: AI-generated summaries of meeting
  content.
• Meeting Metadata: Includes date, duration, participants,
  and meeting IDs.

2.2 Authentication Data

• OAuth Tokens: Encrypted Zoom authentication tokens.
• Refresh Tokens: Encrypted tokens used to maintain secure
  access.
• User Identifiers: Email addresses and Zoom user IDs.

3. Retention Periods

3.1 Default Retention Schedule

4. Data Deletion

4.1 User-Initiated Deletion

Users have complete control to delete:

• Individual meeting transcripts and summaries.
• Their entire account and all associated data.

Deletion Methods:

• Through the Bear Claw UI dashboard (Delete button per meeting).
• By contacting info@bearclaw.io with “Zoom Data Deletion Request” in the
  subject line.

4.2 Deletion Process

When data is deleted:

• Transcripts are permanently removed from AWS S3.
• Summaries are removed from MySQL immediately.
• Associated metadata is cleared from all systems.

5. Legal and Compliance Holds

5.1 Exceptions to Deletion

Data may be retained beyond stated periods if necessary for:

• Legal obligations or government requests.
• Resolution of disputes.
• Compliance with law enforcement investigations.
• Protection against fraud or abuse.

5.2 Notification

Users will be notified if their data is subject to a legal hold, when legally
permissible.

6. Data Storage and Security

6.1 Data Storage Location

All meeting data is securely stored in AWS data centers located in the United
States. Data may be replicated across regions for redundancy and high
availability.

6.2 Security Measures

• All data is encrypted in transit (TLS 1.2+) and at rest
  (AES-256).
• Access is restricted to authorized personnel under strict access
  control.
• Automated monitoring and periodic security audits ensure data integrity
  and compliance.

7. Third-Party Data Sharing

We do not share meeting data with third parties except as necessary to deliver
core functionality or comply with law.

Authorized Integrations:

• Zoom – API functionality and authentication.
• AWS – Infrastructure and secure data storage.
• Legal Requirements – When compelled by valid legal process.

8. User Rights and Requests

Users have the right to:

• Access: View all stored data related to their account.
• Rectification: Correct inaccurate or outdated information.
• Deletion: Remove their data, subject to legal exceptions.

Contact for Requests: info@bearclaw.io

9. BC-Agent® Considerations

Meeting transcripts are retained to enable BC-Agent® features that allow users
to:

• Query historical meeting content.
• Generate insights and summaries from past conversations.
• Track engagement and user interactions over time.
• Search across full meeting history for reference or analytics.

Users may selectively delete sensitive meetings while retaining others for
continued BC-Agent® functionality.

10. Updates to This Policy

We may update this policy periodically to reflect:

• Changes in legal or regulatory requirements.
• Introduction of new features or services.
• Feedback or requests from users.

All updates will be posted publicly with an updated “Last Updated” date.

11. Compliance and Governance

This policy complies with applicable U.S. federal and state privacy laws, and
where relevant, with GDPR and other international data protection frameworks.

12. Questions and Contact

For questions about this policy or your data, contact: info@bearclaw.io