Privacy Policy
Last updated: April 2026
ManyMeet is a webinar workflow tool that connects Zoom Meetings with Brevo for automated registration, email sequences, and attendee tracking.
1. Who we are
This service is operated by blue media labs GmbH
Am Isenbrink 2a, 30926 Seelze, Germany
Email: marco@bluemedialabs.com
2. What data we collect
2.1 Account data
When you create a ManyMeet account, we collect:
- Your email address
- Your name
- Technical metadata (submission timestamp)
2.2 Data collected via Zoom
When you connect your Zoom account to ManyMeet, we access:
- Your Zoom profile: name and email address of the authorizing Zoom user
- Meeting data: meeting topic, schedule, duration, and settings for meetings created or managed through ManyMeet
- Registrant data: name, email, and join URL for attendees who register for your meetings
- Webhook event data: meeting lifecycle events (started, ended, participant joined/left, registration cancelled) used for attendee tracking and no-show detection
- Cloud recording data: when cloud recordings are available for your meetings, ManyMeet downloads and stores the video, audio, transcript, and chat log files. Recordings are used for analytical purposes (transcript review, attendance analysis) and are only accessible to the host and their team members who were present in the meeting. Recordings are not shared with third parties.
We do not access:
- Your contacts, calendar, or other Zoom data beyond what is listed above
2.3 Data collected via Brevo
When you connect your Brevo account, we use your API key to:
- Add webinar registrants to your contact lists
- Send transactional emails (confirmations, reminders) on your behalf
- Fire marketing automation events for your workflows
3. How we use your data
All data is used exclusively to provide the ManyMeet service:
- Creating and managing Zoom meetings on your behalf
- Registering attendees and tracking attendance
- Sending email sequences via your Brevo account
- Providing you with webinar analytics and reports within ManyMeet
We do not:
- Sell your data or your attendees' data to third parties
- Use your data for advertising or marketing purposes
- Share data with parties other than Zoom and Brevo as described below
4. Data sharing and sub-processors
ManyMeet shares data only with the services you explicitly connect:
| Sub-processor | Location | Purpose | Data shared |
|---|---|---|---|
| Zoom Video Communications, Inc. | USA | Meeting creation, registration, webhooks | Meeting details, registrant name and email |
| Brevo (Sendinblue SAS) | France / USA | Email delivery, marketing automation | Registrant name, email, webinar event data |
| Google Cloud Platform (Google LLC) | EU (Frankfurt) | Application hosting and database | All application data (encrypted at rest) |
| Google Sheets (Google LLC) | USA | Optional registration data export (host-configured) | Registrant name, email, registration timestamp |
| Google Analytics 4 (Google LLC) | USA | Marketing website traffic measurement (getmanymeet.com only) | Pseudonymous device/usage data, IP address (truncated), referrer, page views — only when consent is given |
If we add or change sub-processors, we will update this list and notify active account holders via email. A Data Processing Agreement (DPA) is available upon request at marco@bluemedialabs.com.
5. International data transfers
ManyMeet application data is stored in the EU (Google Cloud, Frankfurt). However, data is transferred to the USA when you use Zoom or Brevo integrations, as these services operate US-based infrastructure.
These transfers are protected by:
- The EU-US Data Privacy Framework (where the sub-processor is certified)
- Standard Contractual Clauses (SCCs) incorporated into our agreements with sub-processors
6. Data storage and security
- Application data is stored in a PostgreSQL database hosted on Google Cloud Platform in the EU (europe-west3, Frankfurt).
- OAuth tokens (Zoom access and refresh tokens) are stored in the database.
- All data is encrypted in transit (TLS 1.2+) and at rest (Google Cloud default encryption, AES-256).
- Access to production systems is restricted to authorized personnel using SSH key authentication.
- Application logs do not contain OAuth tokens or API secrets.
7. Security incidents
In the event of a data breach that affects your personal data, we will:
- Notify the relevant supervisory authority within 72 hours as required by GDPR Art. 33.
- Notify affected users without undue delay via the email address on file.
- Describe the nature of the breach, the data affected, and the measures taken or proposed to address it.
8. Deauthorization and data deletion
- You can disconnect your Zoom account at any time from your ManyMeet host settings. This immediately deletes your stored OAuth tokens.
- If you remove ManyMeet from your Zoom account (via Zoom's app management), we receive a deauthorization webhook and automatically delete all stored Zoom tokens and associated Zoom data.
- You can delete your account directly from the host settings page in ManyMeet. This immediately removes your hosts, webinars, and all associated data.
- Alternatively, you can request deletion by emailing marco@bluemedialabs.com. We will process deletion requests within 30 days.
9. Legal basis (GDPR)
We process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing your account data and integration credentials to provide the ManyMeet service.
- Legitimate interest (Art. 6(1)(f) GDPR): Processing registrant data on behalf of the host for webinar management. The host is the data controller for their registrants; ManyMeet acts as data processor.
- Consent (Art. 6(1)(a) GDPR): When you explicitly authorize ManyMeet to access your Zoom account via OAuth.
10. Cookies and tracking
10.1 ManyMeet application
The ManyMeet application uses a session cookie to keep you logged in. No tracking cookies or third-party analytics are used inside the application.
10.2 Marketing website (getmanymeet.com)
Our marketing website uses the following cookies and technologies:
- Necessary — A small entry in your browser's local storage (
silktideCookieChoice_*) records your cookie choices so the banner does not reappear on every visit. This is required for the consent mechanism to work and is set without consent on the basis of ePrivacy Art. 5(3). - Analytics — With your consent, we use Google Analytics 4 (provider: Google LLC, USA) to understand how visitors find and use our marketing site. GA4 sets cookies (
_ga,_ga_*) and processes pseudonymous data including a device identifier, truncated IP address, referrer, and pages visited. Data is processed in the USA under the EU-US Data Privacy Framework and Standard Contractual Clauses. The legal basis is your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). - Advertising — Reserved for future advertising and conversion-tracking tools (e.g. LinkedIn Insight Tag, Google Ads). No such tools are currently active.
10.3 Consent management
We use the Silktide Consent Manager (silktide.com), a self-hosted, open-source consent banner, to obtain and record your cookie choices. The banner script is loaded directly from our own server; no data is sent to Silktide. Your choices are stored locally in your browser.
We use Google Consent Mode v2 to ensure that analytics and advertising tags do not store identifying cookies until you grant consent. Until you accept, GA4 sends cookieless pings only.
10.4 Withdrawing consent
You can change or withdraw your cookie consent at any time by clicking the small cookie icon in the bottom-left corner of any page on getmanymeet.com.
11. Your rights
Under the GDPR you have the right to:
- Access your data
- Rectification or deletion
- Restriction or objection to processing
- Request data portability
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
To exercise any of these rights, contact: marco@bluemedialabs.com
12. Data retention
We retain your data for the duration of your active ManyMeet account. When you delete your account or request deletion, all associated data is removed within 30 days.
13. Changes to this policy
We may update this privacy policy from time to time. Material changes will be communicated via the email address associated with your account.