fbpx

Security

CaptureMyMeeting, Inc.

Document Last Updated: September 8th, 2023

Introduction

The purpose of this document is to outline how we at CaptureMyMeeting, Inc. handle security as part of our technical stack and as a company. We are committed to keeping your data and information secure. 

This document applies to the content we process on behalf of our customers as a part of our business offerings. For a description of how and why we collect Personal information, please see our privacy policy: CaptureMyMeeting Privacy Policy

Description of Our Service

CaptureMyMeeting is a cloud-based, AI-driven meeting productivity web application that keeps track of and analyzes users’ meeting recording content so that they can more easily find, review, share, and act on the collected knowledge from their meetings. The application processes meeting recordings post-meeting, providing users with a meeting content search tool, automated meeting notes, speaker-labeled transcripts, time-based sentiment analysis, and content sharing capabilities.

To use the application, users must upload their meeting recordings to the application, or automatically import their recordings using one of our integrations (Zoom or Webex). CaptureMyMeeting will then automatically transcribe, index, summarize, and analyze the contents of the recording to provide the services mentioned above.

For information regarding our service offerings, visit https://capturemymeeting.com/.

Application Functional and Security Reviews

  1. Zoom App Marketplace Review Process:

    DISCLAIMER: Zoom is NOT liable or responsible for the security or functionality of the CaptureMyMeeting app.

    The CaptureMyMeeting application passed a functional test and security audit carried out by Zoom and was therefore accepted to be listed on Zoom App Marketplace. See the criteria for the review process here and here, and Zoom’s recommended Security Best Practices here. Zoom uses these guidelines, including OWASP Top 10, as a basis for evaluating and reviewing the security posture of the apps submitted to Zoom Marketplace. Applications on Zoom Marketplace are reviewed for technical design and security and data compliance periodically. 
  2. Webex App Hub Review Process:

    DISCLAIMER: Webex by Cisco is NOT liable or responsible for the security or functionality of the CaptureMyMeeting app.

    The CaptureMyMeeting application passed a functional test carried out by Webex by Cisco. CaptureMyMeeting was therefore accepted to be listed on Webex App Hub

Data Collected to Provide Our Service

We collect and store the data below to provide our service.

  • Meeting data: Recording files, recording file metadata
  • Personal data: User first name, last name, email address, company name
  • Zoom data (For users who integrate Zoom): Zoom access tokens and refresh tokens, Zoom identifiers and metadata for meeting resources (meetings, recordings, participants), Zoom recording files
  • Webex data (For users who integrate Webex): Webex access tokens and refresh tokens, Webex identifiers and metadata for meeting resources (meetings, recordings, participants), Webex recording files
  • User activity data: E.g., timestamp of last login, timestamp of an access to a meeting’s notes, etc.

Security of Your Data

All components of the CaptureMyMeeting proprietary application, hosted on https://www.capturemymtg.com, run entirely on virtual machine instances within Amazon Web Services (AWS) cloud. AWS infrastructure offers security controls to protect data and communications across the network, which we employ (see below).

User authentication into CaptureMyMeeting is done via username and password and JWT tokens. User passwords are stored in our application’s database in hashed and encrypted format.

Your meeting recordings are imported into our system either through you manually uploading them to the app, or through our app downloading your recording from Zoom and/or Webex, if you have authorized CaptureMyMeeting to access your data on those meeting application platforms. All imports of your recordings into our application happen through encrypted channels (HTTPS / TLS 1.2) using short-lived (temporary) upload/download access tokens. Once your recordings are imported into our system, they and any content our app generates from them (summaries, action items, sentiment analysis) are stored and encrypted at rest.

Third-Party Services and Security Controls

To provide our service, we make use of a number of third-party services, including OpenAI, SendGrid, and services hosted on AWS and Microsoft Azure. These third-party services incorporate industry-leading standards for their security. Our app connects to these third-party services using encrypted channels (HTTPS / TLS 1.2) and secured API keys, along with cloud identity access management where appropriate. 

The third-party services we use are listed below, along with which data we process through the services and links to their security and privacy policies.

  • Amazon Web Services (Security Policy, Privacy Policy): We use these services hosted/provided by AWS to store and process meeting recording data to provide our service.
  • Microsoft Azure (Security Policy, Privacy Policy): We use services hosted on Azure to process meeting recording data to provide our service.
  • SendGrid (Security Policy, Privacy Policy): We use this service to deliver app notification emails and marketing emails to our users. To do this, we send users’ first names, last names, email addresses, and meeting attributes to the service.

Access Controls

To provide our service, our internal software will access data for processing purposes. To secure this access, specific cloud access policies are utilized to grant the needed access to the appropriate internal cloud servers via identity access management and cloud security roles/permissions. 

We use temporary, signed urls to provide access to meeting recording files and processed meeting content to users who own them and to our software. These urls are HTTPS urls and have pre-determined, short-lived expiration times.

A few key members of our Development Admin team have access to our Amazon Web Services (AWS) cloud account to manage our services. Access to our AWS account is secured using username and password and multi-factor authentication. Access keys are kept secured and generated with limited permissions. Development Admin members will access the account only to run administrative jobs or troubleshoot. They will not access or view any sensitive user data (such as meeting data), unless they have explicit permission from the user to do so.

Geolocation of Data

Your meeting recording data will be transferred to and stored in data centers that are located in the United States.

Use of AI

We use AI to process and analyze your meeting recordings. We do not use any of your meeting content or data to train any of our AI models.

See our Terms & Conditions for a description of the limitations of an AI system and what to be cautious of.

Changes to this Document

We may update this Security Overview document from time to time. You are advised to review this document periodically for any changes.