Privacy Policy
Last updated: February 2026
ManyMeet is a webinar workflow tool that connects Zoom Meetings with Brevo for automated registration, email sequences, and attendee tracking.
1. Who we are
This service is operated by blue media labs GmbH
Am Isenbrink 2a, 30926 Seelze, Germany
Email: marco@bluemedialabs.com
2. What data we collect
2.1 Account data
When you create a ManyMeet account, we collect:
- Your email address
- Your name
- Technical metadata (submission timestamp, IP address)
2.2 Data collected via Zoom
When you connect your Zoom account to ManyMeet, we access:
- Your Zoom profile: name and email address of the authorizing Zoom user
- Meeting data: meeting topic, schedule, duration, and settings for meetings created or managed through ManyMeet
- Registrant data: name, email, and join URL for attendees who register for your meetings
- Webhook event data: meeting lifecycle events (started, ended, participant joined/left, registration cancelled) used for attendee tracking and no-show detection
We do not access:
- Meeting recordings, audio, or video content
- Chat messages or chat history
- Your contacts, calendar, or other Zoom data beyond what is listed above
2.3 Data collected via Brevo
When you connect your Brevo account, we use your API key to:
- Add webinar registrants to your contact lists
- Send transactional emails (confirmations, reminders) on your behalf
- Fire marketing automation events for your workflows
3. How we use your data
All data is used exclusively to provide the ManyMeet service:
- Creating and managing Zoom meetings on your behalf
- Registering attendees and tracking attendance
- Sending email sequences via your Brevo account
- Providing you with webinar analytics and reports within ManyMeet
We do not:
- Sell your data or your attendees' data to third parties
- Use your data for advertising or marketing purposes
- Share data with parties other than Zoom and Brevo as described below
4. Data sharing and sub-processors
ManyMeet shares data only with the services you explicitly connect:
| Sub-processor | Location | Purpose | Data shared |
|---|---|---|---|
| Zoom Video Communications, Inc. | USA | Meeting creation, registration, webhooks | Meeting details, registrant name and email |
| Brevo (Sendinblue SAS) | France / USA | Email delivery, marketing automation | Registrant name, email, webinar event data |
| Google Cloud Platform (Google LLC) | EU (Frankfurt) | Application hosting and database | All application data (encrypted at rest) |
If we add or change sub-processors, we will update this list and notify active account holders via email. A Data Processing Agreement (DPA) is available upon request at marco@bluemedialabs.com.
5. International data transfers
ManyMeet application data is stored in the EU (Google Cloud, Frankfurt). However, data is transferred to the USA when you use Zoom or Brevo integrations, as these services operate US-based infrastructure.
These transfers are protected by:
- The EU-US Data Privacy Framework (where the sub-processor is certified)
- Standard Contractual Clauses (SCCs) incorporated into our agreements with sub-processors
6. Data storage and security
- Application data is stored in a PostgreSQL database hosted on Google Cloud Platform in the EU (europe-west3, Frankfurt).
- OAuth tokens (Zoom access and refresh tokens) are stored in the database.
- All data is encrypted in transit (TLS 1.2+) and at rest (Google Cloud default encryption, AES-256).
- Access to production systems is restricted to authorized personnel using SSH key authentication.
- Application logs do not contain OAuth tokens or API secrets.
7. Security incidents
In the event of a data breach that affects your personal data, we will:
- Notify the relevant supervisory authority within 72 hours as required by GDPR Art. 33.
- Notify affected users without undue delay via the email address on file.
- Describe the nature of the breach, the data affected, and the measures taken or proposed to address it.
8. Deauthorization and data deletion
- You can disconnect your Zoom account at any time from your ManyMeet host settings. This immediately deletes your stored OAuth tokens.
- If you remove ManyMeet from your Zoom account (via Zoom's app management), we receive a deauthorization webhook and automatically delete all stored Zoom tokens and associated Zoom data.
- You can request full deletion of your account and all associated data by emailing marco@bluemedialabs.com. We will process deletion requests within 30 days.
9. Legal basis (GDPR)
We process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing your account data and integration credentials to provide the ManyMeet service.
- Legitimate interest (Art. 6(1)(f) GDPR): Processing registrant data on behalf of the host for webinar management. The host is the data controller for their registrants; ManyMeet acts as data processor.
- Consent (Art. 6(1)(a) GDPR): When you explicitly authorize ManyMeet to access your Zoom account via OAuth.
10. Cookies and tracking
We use a session cookie to keep you logged in. We do not set tracking cookies or use third-party analytics.
11. Your rights
Under the GDPR you have the right to:
- Access your data
- Rectification or deletion
- Restriction or objection to processing
- Request data portability
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
To exercise any of these rights, contact: marco@bluemedialabs.com
12. Data retention
We retain your data for the duration of your active ManyMeet account. When you delete your account or request deletion, all associated data is removed within 30 days.
13. Changes to this policy
We may update this privacy policy from time to time. Material changes will be communicated via the email address associated with your account.