Privacy Policy

Data On The Spot Inc. · Last updated: July 3, 2026 · Contact: jp@dataonthespot.com

RollCall Live ("the app") is a real-time attendance dashboard for Zoom meetings, operated by Data On The Spot Inc. ("we", "us"). This policy describes what data the app handles, why, for how long, and your choices.

What we collect

DataSourcePurposeRetention
Meeting participant display names, email addresses (when Zoom provides them), and join/leave timestampsZoom webhook events and, optionally, the Zoom Dashboard APIShowing the live roll-call board and keeping an attendance audit trailLive board: 12 hours. Attendance log and frozen roll snapshots: 30 days.
Roster information (names, emails, roles, and any columns the administrator includes)Uploaded by your organization's administratorClassifying participants (Voter / Observer / Guest) and breakdownsUntil replaced or cleared by the administrator, or until uninstall
Zoom account identifier and OAuth tokensZoom, during installationRouting your data to your isolated board and reading your live meeting dataUntil uninstall
Board access codes and settings (e.g. quorum target)Generated at install / set by the administratorProtecting access to your boardUntil uninstall

What we do NOT collect

The app never accesses meeting audio, video, recordings, chat messages, transcripts, or shared screen content. It does not join meetings on its own behalf. It contains no advertising, no analytics trackers, and no third-party marketing scripts.

How data is used

Exclusively to provide the roll-call service to the Zoom account that installed the app. We do not sell data, share it with advertisers, or use it for any purpose other than operating the service. Each installed account's data is stored in an isolated namespace; no other account can access it.

Data deletion

Uninstalling the app from your Zoom account deletes all of your data immediately and automatically — boards, rosters, attendance logs, snapshots, settings, and tokens. Live data also expires automatically (12 hours) and audit data after 30 days. You may also request deletion at any time by emailing jp@dataonthespot.com — see our data deletion page for details.

Service providers

We use Vercel Inc. (application hosting) and Convex (database and backend functions) to operate the service. If your administrator explicitly uses the optional "watch a meeting" feature, Recall.ai provides the meeting bot for that meeting. These providers process data solely on our behalf.

Security

All traffic is encrypted in transit (TLS). Webhook events are cryptographically verified before processing. Board access requires per-account codes, with rate limiting against guessing. Access to production systems is limited to Data On The Spot Inc. personnel.

Your rights

Depending on your jurisdiction (including under Canada's PIPEDA and, where applicable, the EU/UK GDPR), you may have rights to access, correct, or delete personal information. Requests can be sent to jp@dataonthespot.com. If you are a meeting participant rather than the administrator, note that your organization's administrator controls the roster and board; we act as a service provider to them.

Changes

We will post any material changes to this policy on this page and update the date above.

Contact

Questions? jp@dataonthespot.com.