Privacy & Security
What Data Triad Tool Uses
| Data | Purpose | Where It’s Stored |
|---|---|---|
| Participant display names | Language detection, room assignment | Your browser session only — never sent to Triad Tool servers |
| Meeting ID | Session tracking for the free tier timer | Your browser’s localStorage only |
| App settings (languages, actions, etc.) | Preserve your configuration across sessions | Your browser’s localStorage and IndexedDB — never uploaded |
| Subscription status | Determine feature access | Stripe (encrypted, industry-standard) |
What Triad Tool Does NOT Collect
- No participant video or audio content
- No meeting recordings or transcripts
- No Zoom login credentials or passwords
- No browsing history or activity outside the Triad Tool app
- No participant contact information
Local Processing
All participant management — language detection, room assignment, status monitoring — is computed locally in your browser. Participant names and assignment data:
- Are never sent to Triad Tool’s servers
- Are never stored in any database
- Are cleared when you close the browser tab or the meeting ends
Breakout Image Storage (Titlecard)
If you upload a custom background image for the break titlecard:
- The image is stored locally in your browser’s IndexedDB — on your device only
- It is never uploaded to Triad Tool’s servers
- When using new-window titlecard mode, the image is briefly transferred to an in-memory API endpoint on the server with a 1-minute expiry — it is not written to disk and cannot be retrieved after expiry
Authentication & OAuth
Triad Tool uses Zoom’s OAuth 2.0 authentication:
- You authorize Triad Tool’s permissions via Zoom’s official OAuth flow
- Triad Tool stores OAuth tokens on a secure server to maintain your session between meetings
- Tokens are stored using an encrypted session mechanism
- You can revoke Triad Tool’s OAuth access at any time via your Zoom account settings
Permissions Requested
Triad Tool requests only the Zoom API permissions it needs to function:
| Permission | Why It’s Needed |
|---|---|
| Meeting participant list | To load participants for breakout assignment |
| Breakout room control | To create rooms and assign participants |
| Participant spotlight/pin | For Actions tab spotlight controls |
| Chat message (to meeting) | For timer round messages and Send Chat action |
| Screen sharing | For the fullscreen timer display |
| Audio sharing | For timer bell sounds (optional) |
| Raised hand reactions | For Spotlight Raised Hand action |
Security Measures
- HTTPS everywhere — all communication is encrypted in transit
- OAuth 2.0 — no Zoom password is ever shared with Triad Tool
- Strict Content Security Policy (CSP) — prevents cross-site scripting and unauthorized resource loading
- OWASP-aligned security headers — X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and others
- Minimal permissions — Triad Tool only requests the Zoom API scopes it actually uses
GDPR
Because participant data is processed locally and never stored on Triad Tool’s servers:
- There is minimal GDPR impact from using Triad Tool
- No data subject access requests (DSAR) are needed for participant data
- Configuration data (settings) can be deleted by clearing your browser storage
Removing Your Data
To remove all Triad Tool data from your browser:
- Clear your browser’s localStorage and IndexedDB for the Triad Tool domain
- Or use your browser’s “Clear Site Data” feature
To revoke OAuth access:
- Go to zoom.us → Account Management → App Marketplace → OAuth Apps
- Find Triad Tool and click Revoke
Last updated on