Privacy Policy - World-Meeting

Version: 1.0

Effective date: 27 May 2026

This Privacy Policy explains how World-Meeting collects, uses, stores, protects and shares personal data processed in connection with the World-Meeting website, web application and services, accessible in particular from the domain world-meeting.app and any subdomains, hereinafter the "Site" or the "Service".

World-Meeting enables users to create, join and manage WebRTC audio/video meeting rooms with, depending on the settings selected, automated real-time translation, subtitles, translated voice, room messages, screen sharing, waiting room, organizer-based admission, speaking control and technical evidence related to payment, refunds, incidents or disputes.

This Privacy Policy is intended to cover, in a single document, privacy information, cookies and local storage, AI and translation-related processing, and the main categories of technical providers and subprocessors used by World-Meeting.

This Privacy Policy must be read together with the Terms of Use, the Terms of Sale, the Refund and Cancellation Policy, the Legal Notice and, where applicable for business customers, the Data Processing Addendum or "DPA".

The data controller is the operator of World-Meeting, hereinafter "World-Meeting", the "Publisher", "we", "us" or "our".

Controller identification:

• Legal name: M LOUE XAVIER
• Legal form: Entrepreneur individuel (EI)
• Share capital: not applicable to an individual entrepreneur
• Registered office: 3 Impasse Denis Papin, 44310 Saint-Philbert-de-Grand-Lieu, France
• Company registration number: SIREN 891 108 615
• VAT number: FR37891108615
• Privacy contact email: [email protected]
• General contact email: [email protected]
• Data Protection Officer: not appointed

Where World-Meeting processes data for its own purposes, including management of the Site, security, payment, billing, evidence, support, fraud prevention, Service improvement, dispute management and compliance with legal obligations, World-Meeting acts as data controller.

Where World-Meeting processes data relating to participants, employees, clients, students, partners, guests or other persons invited by a business Client solely to provide the ordered room according to the Client's instructions, World-Meeting may act as processor within the meaning of the GDPR. In that case, the Data Processing Addendum or DPA supplements this Privacy Policy.

This Privacy Policy may concern in particular:

• visitors of the Site;
• persons using the contact page;
• organizers;
• paying clients;
• participants invited to a room;
• users requesting admission to a room;
• persons contacting support;
• persons involved in a dispute, refund, report or payment dispute;
• authorized internal administrators;
• representatives, employees, contractors or agents of a business Client.

World-Meeting collects only the data necessary for the purposes described below, depending on the features used.

4.1 Site Visit Data

When a user visits the Site, we may process:

• IP address or minimized, truncated, hashed or masked version;
• connection date and time;
• pages viewed;
• referrer or navigation source;
• browser, operating system, device type, language, time zone and technical settings;
• security events, errors, server logs and anti-abuse measures;
• cookie or tracker choices;
• data necessary for SSR rendering, caching, security, load balancing and protection of the Site.

4.2 Contact and Support Data

When a user contacts World-Meeting or reports a problem, we may process:

• name or visible name;
• email address;
• organization or company, if provided;
• subject of the request;
• content of the message;
• files or screenshots voluntarily provided;
• date and time of the request;
• room or order concerned, if indicated;
• technical data useful for diagnosis;
• security and abuse-limitation data, including hashed or minimized IP evidence where configured.

4.3 Room Creation Data

When a room is created, we may process:

• unique technical room identifier;
• room mode, including conversation room or team room;
• selected duration;
• selected capacity;
• languages available in the room;
• room status;
• commercial status of the room;
• creation, opening, start, expiry, cancellation, refund or end dates;
• locked settings;
• pricing data and price version;
• technical invitation links;
• organizer code or organizer secret in protected, hashed or encrypted form where configured;
• events related to organizer controls.

4.4 Organizer Data

To identify and authorize the organizer in a room, we may process:

• technical participant identity;
• visible name;
• proof of possession of the organizer code;
• token or secret in hashed form;
• room access token stored server-side in hashed form;
• organizer actions, such as opening, locking, unlocking, approval, rejection, removal, ending the room, managing speaking rights, resetting the speaking queue, reporting or support actions;
• timestamps of such actions.

4.5 Pre-entry, Admission and Waiting Room Data

When a participant attempts to join a room, we may process:

• room identifier;
• selected visible name;
• spoken language preference;
• translation language preference;
• admission request status, such as pending, approved, denied or equivalent;
• timestamps for request, approval, rejection, entry, exit or expiry;
• technical participant identity;
• request or access token in hashed form;
• presence state and heartbeat;
• media permission or local readiness information necessary for the user experience;
• events indicating that a participant is waiting, accepted, rejected, has left, has expired or has been removed.

The invitation link does not provide automatic access to the room. Non-organizer participants may remain in the waiting room until approved by the organizer.

4.6 Audio, Video and Screen Sharing Data

The Service enables real-time audio/video communication.

Depending on the configuration, audio, video or screen sharing streams may transit through WebRTC infrastructure, including LiveKit or a compatible service. World-Meeting is not intended to permanently record raw audio, raw video or raw screen sharing content.

In its current architecture, the World-Meeting backend does not necessarily receive raw audio/video streams. However, technical providers necessary for media transmission may process streams in real time in order to provide the room.

The user remains responsible for what they activate, say, show or share.

4.7 Translation, Subtitle and Translated Voice Data

When translation features are used, we may process:

• source language;
• target language;
• technical identity of the speaker;
• translation preference of the listener;
• subtitle or translated voice request;
• translation session events;
• translation lease metadata;
• timestamps for creation, renewal, heartbeat, expiry or session error;
• partial or finalized subtitles where they must be displayed in the room;
• finalized translated transcripts or recaps necessary for the active room experience;
• technical metrics, latency, provider errors and minimized evidence of operation or failure.

Translation is automated. It may involve the temporary transmission of audio, text or metadata to an automated translation provider, including OpenAI, in order to provide the requested result.

World-Meeting does not treat translations as certified translations, official interpretations or evidentiary records.

4.8 Room Messages

If the user uses room messages, we may process:

• visible name of the author;
• technical identity of the author;
• text of the message;
• date and time;
• room identifier;
• synchronization or delivery events.

Room messages are separate from subtitles and audio translation. Unless a specific feature states otherwise, manually entered messages are not necessarily translated.

4.9 Speaking Control and Team Room Data

In a team room, we may process:

• technical identity of the current speaker;
• requests to speak;
• speaking queue;
• request cancellation;
• passing speaking rights;
• organizer intervention;
• microphone state according to role;
• related timestamps and events.

These data are necessary for the structured operation of the team room.

4.10 Payment and Billing Data

For paid rooms, payments are processed through Stripe Checkout.

World-Meeting may process or receive from Stripe:

• order identifier;
• Stripe Checkout Session identifier;
• PaymentIntent, Charge or Customer identifier where available;
• payment status;
• amount excluding tax;
• calculated taxes;
• total amount;
• currency;
• billing country;
• billing address or address summary;
• name or legal name;
• email address provided at checkout;
• VAT number or tax ID where provided;
• receipt or receipt URL where available;
• limited payment method information, such as brand, country, last four digits, 3D Secure result, CVC/AVS or risk signals where available;
• metadata necessary for reconciliation, billing, fraud prevention and dispute management.

World-Meeting does not store full card numbers. Card data are processed by Stripe in accordance with Stripe's own terms and policies.

4.11 Transactional Email Data

When a transactional email is sent, for example after payment to provide the start link, invitation link, organizer code, duration and start window, we may process:

• email address provided at Checkout;
• transactional content;
• sending date;
• delivery status;
• technical email identifiers;
• possible delivery, bounce or error events depending on the configured provider.

Email links must not contain raw secrets where the Service uses a separate organizer code.

4.12 Evidence, Dispute, Stripe Dispute and Security Data

In the event of a dispute, refund, chargeback, Stripe dispute, report, incident or suspected fraud, we may process:

• order and room identifiers;
• versions of the Terms of Use, Terms of Sale, Privacy Policy and accepted checkout texts;
• proof of acceptance of terms;
• proof of Stripe Checkout consent;
• timestamps for payment, opening, admission, participation, expiry or incident;
• room status and commercial status;
• sold settings;
• evidence of Service availability;
• minimized access data, such as masked IP, HMAC hash, country or technical information where available;
• encrypted raw IP where this mechanism is configured for restricted evidence in cases of fraud or dispute;
• technical events showing operation, degradation or failure;
• reports and support exchanges;
• proof of refund, rejection, cancellation or resolution.

Evidence exports intended for a dispute must exclude secrets, tokens, API keys, cookies, raw audio, raw video and full transcripts, except where a specific legal obligation or strictly justified necessity applies.

4.13 Technical Analytics and Observability Data

To maintain, secure and improve the Service, we may process technical events such as:

• server events;
• limited client events;
• latency;
• provider errors;
• WebRTC errors;
• summarized statistics;
• status of promised, requested, functional, degraded or failed capabilities;
• payment, funnel, commerce, usage, translation, issue and ops signals;
• aggregated metrics.

These data are used for observability, security, evidence of operation, Service improvement and malfunction detection.

World-Meeting must not store raw audio, raw video, OpenAI secrets, API keys or raw transcripts in technical analytics by default.

World-Meeting processes data for the following purposes and legal bases.

5.1 Provision of the Service

Purposes:

• create and manage a room;
• allow access to the pre-entry page;
• manage organizer-based admission;
• provide audio/video features;
• provide translation, subtitle and translated voice features;
• manage messages;
• manage organizer controls;
• manage speaking control;
• provide synchronization between participants;
• send room-related transactional emails.

Legal bases:

• performance of the contract with the Client or user;
• legitimate interests in providing a functional service;
• processing on the Client's instructions where World-Meeting acts as processor.

5.2 Payment, Billing and Tax

Purposes:

• create a Stripe Checkout session;
• process payment;
• calculate taxes;
• produce a receipt or invoice;
• retain accounting evidence;
• manage refunds;
• reconcile orders and payments.

Legal bases:

• performance of the contract;
• legal accounting and tax obligations;
• legitimate interest in securing payments.

5.3 Security, Abuse Prevention and Fraud Prevention

Purposes:

• secure the Site;
• protect rooms;
• prevent unauthorized access;
• detect abusive behavior;
• limit excessive requests;
• protect tokens and secrets;
• prevent the abusive multiplication of translation sessions;
• prevent payment fraud;
• manage security incidents.

Legal bases:

• legitimate interests of World-Meeting, Clients and users;
• legal obligation where applicable;
• performance of the contract.

5.4 Support, Contact and Incidents

Purposes:

• respond to requests;
• diagnose issues;
• process reports;
• improve Service quality;
• document an incident;
• communicate with the user.

Legal bases:

• performance of the contract or pre-contractual measures;
• legitimate interest in providing support;
• legal obligation where applicable.

5.5 Disputes, Refunds, Chargebacks and Evidence

Purposes:

• respond to claims;
• handle Stripe disputes;
• prove acceptance of terms;
• prove provision of the Service;
• manage refunds;
• defend World-Meeting's rights;
• prevent fraud;
• respond to authorities, banks, payment providers or advisors.

Legal bases:

• legitimate interest in establishing, exercising or defending legal claims;
• performance of the contract;
• legal obligation where applicable.

5.6 Service Improvement and Technical Analytics

Purposes:

• understand creation, payment and entry flows;
• measure reliability;
• detect errors;
• improve the experience;
• improve audio/video stability;
• evaluate translation performance;
• produce aggregated statistics.

Legal bases:

• legitimate interest in improving and maintaining the Service;
• consent where analytics or trackers require prior consent.

5.7 Cookies and Local Storage

Purposes:

• provide essential functions;
• remember preferences;
• secure access;
• retain cookie choices;
• measure audience or improve the Site where applicable;
• enable third-party services necessary for payment or requested features.

Legal bases:

• technical necessity for strictly necessary trackers;
• consent for non-essential trackers.

5.8 Marketing

World-Meeting may send marketing communications only where an appropriate legal basis exists, including consent, an existing business relationship or permitted B2B prospecting under applicable rules.

Marketing communications must include a simple unsubscribe mechanism.

Certain data are necessary to provide the Service. For example:

• without a room identifier, the room cannot be found;
• without a visible name, admission may be impossible;
• without language preferences, translation may be limited;
• without billing address or checkout email, payment or room recovery may be impossible;
• without technical data, security, diagnosis or evidence may be limited.

Where data are optional, the user may choose not to provide them, but certain features may then be unavailable or degraded.

World-Meeting may use cookies, local storage, session storage, pixels, technical identifiers, logs and similar technologies, together referred to as "Trackers".

7.1 Strictly Necessary Trackers

World-Meeting may use strictly necessary Trackers to operate the Site and the Service, including to:

• provide navigation;
• protect the Site;
• remember privacy choices;
• manage an admin or user session where applicable;
• temporarily store a recovery token after returning from Stripe;
• locally store a room access token during a session;
• locally store an organizer code or room information received by the user;
• enable pre-entry, waiting room or room access;
• remember language, interface or media preferences necessary for the expected experience;
• secure forms;
• limit abuse;
• enable load balancing;
• enable payment through Stripe Checkout;
• diagnose technical errors.

These Trackers are necessary to provide the Service requested by the user or to enable electronic communication. They do not require prior consent where applicable law allows it.

7.2 Examples of Technical Trackers

Depending on the configuration, World-Meeting may use in particular:

• local storage of the organizer code or a room pointer so the organizer can recover controls;
• session storage of the room access token to access protected room APIs during the session;
• temporary checkout recovery storage to recover the paid room after returning from Stripe;
• language preference storage;
• media device preference storage in the browser where possible;
• cookie or storage for cookie choices;
• technical security cookies or tokens;
• server security and diagnostic logs;
• HTTP-only admin cookie if an authorized administrator uses the admin area.

The exact names of Trackers may change depending on Service versions.

7.3 Stripe Payment Trackers

When a user pays for a room through Stripe Checkout, the user is redirected to a Stripe payment interface or uses Stripe elements.

Stripe may use its own cookies, trackers, security mechanisms, fraud prevention tools, authentication, payment, Link, 3D Secure, risk analysis or compliance technologies.

These trackers are subject to Stripe's policies. World-Meeting does not control all trackers placed on Stripe domains or interfaces.

Payment must not be circumvented. Card data are processed by Stripe and not by World-Meeting.

7.4 Media, WebRTC and Translation Trackers

The Service may use technologies necessary for real-time communication, including WebRTC, LiveKit or a compatible service.

These technologies may process technical information necessary for audio/video connection, such as connection state, network quality, device, browser, WebRTC statistics, latency, errors or session identifiers.

When automated translation is used, technical information may be processed to create or maintain a translation session.

These processing operations are necessary for the features requested by the user.

7.5 Analytics and Non-essential Trackers

World-Meeting may use technical measurements to understand reliability, errors, media quality, checkout success, creation flows, rooms, translation capabilities and incidents.

Where these measurements are strictly necessary for the operation, security or provision of the Service, they may be used without consent within the limits allowed by law.

Where World-Meeting uses non-exempt audience measurement trackers, advertising trackers, marketing pixels, social network trackers or cross-site measurement, these trackers will be activated only after prior consent where required by law.

World-Meeting does not place advertising cookies, retargeting pixels, social media trackers or similar non-essential trackers without prior consent where required.

7.6 Consent Management

Where consent is required, the user must be able to:

• receive clear information about the purposes;
• accept Trackers;
• reject non-essential Trackers;
• choose by purpose where relevant;
• withdraw consent at any time;
• easily access their preferences.

Acceptance of the Terms of Use or Terms of Sale does not constitute consent to non-essential cookies.

Continuing to browse or remaining silent must not be interpreted as consent to Trackers subject to consent.

7.7 Browser Settings

The user may configure their browser to block, delete or limit certain cookies and local storage.

However, blocking strictly necessary Trackers may prevent the normal operation of the Service, including room creation or recovery, return after Stripe payment, organizer code storage, waiting room admission, access to protected APIs, language preferences, security, audio/video connection or translation.

World-Meeting may offer automated translation, subtitles, translated voice and translation recap features.

These features may use artificial intelligence or automated translation technologies. They process the data necessary to provide the requested translation, including audio, source language, target language, transcript text or technical metadata.

World-Meeting does not use these features to make automated decisions producing legal effects concerning users or similarly significantly affecting them within the meaning of the GDPR.

Translations, subtitles and translated voice may contain errors, omissions, delays, mistranslations, approximations or quality variations. They must not be treated as certified translations, official interpretations, professional advice or the sole basis for a critical decision.

Users and Clients must not rely exclusively on World-Meeting translations for medical, legal, financial, security, emergency, immigration, regulatory compliance, critical contractual negotiation or other high-stakes decisions.

The organizer and the Client are responsible for informing participants where a room uses automated translation, subtitles, translated voice or translation recap features and for obtaining any consent or legal basis required under applicable law.

Data may be accessible, as needed, to the following categories of recipients:

• authorized personnel or contractors of World-Meeting;
• hosting and infrastructure providers;
• WebRTC and media providers, including LiveKit or a compatible service;
• automated translation providers, including OpenAI where translation is used;
• payment providers, including Stripe;
• transactional email providers, including SendGrid, Twilio or an equivalent service where configured;
• security, CDN, DNS, monitoring or logging providers;
• database, technical analytics or observability providers where configured;
• lawyers, accountants, insurers, auditors or advisors;
• banks, card networks, Stripe, payment providers and entities involved in disputes;
• administrative, judicial or regulatory authorities where required or permitted by law;
• the Client organizer or organization responsible for the room, to the extent necessary for the room, support, DPA or compliance with its obligations.

9.1 Main Provider Categories

World-Meeting may use the following main categories of providers:

Hosting, Infrastructure, VPS, Cloud, DNS, CDN and Network Security

• Provider: OVH SAS / OVHcloud for VPS and application hosting in Gravelines (GRA), France; Cloudflare for DNS, CDN, reverse proxy, tunnel and network security services.
• Role: hosting of the Site, API, databases, reverse proxy, storage, DNS, CDN, security and availability.
• Data concerned: visit data, logs, room data, technical data, events, support data and data necessary for operation.
• Main location: Gravelines (GRA), France for VPS and application hosting; Cloudflare uses a global edge network where its services are enabled.
• Transfer safeguards: OVH hosting is located in France for the declared production region; Cloudflare processing is governed by its applicable data processing terms and transfer mechanisms, including Standard Contractual Clauses or equivalent safeguards where required.

Stripe

• Provider: Stripe
• Role: payment, Stripe Checkout, tax calculation where configured, billing, fraud prevention, authentication, dispute management and refunds.
• Data concerned: transaction data, checkout email, name or legal name, billing address, country, tax ID, amount, currency, limited payment method data, Stripe identifiers, fraud and dispute signals.
• Main location: European Union, United States and other countries depending on Stripe services.
• Status: depending on the processing, Stripe may act as provider, processor, independent controller or joint controller.
• Transfer safeguards: Stripe contractual safeguards, applicable transfer mechanisms and Stripe policies.

LiveKit or Compatible WebRTC Service

• Provider: LiveKit or configured compatible service
• Role: WebRTC infrastructure, media room, audio, video, screen sharing, publication and subscription to media tracks.
• Data concerned: real-time media streams, room or participant identifiers, connection metadata, technical statistics, network quality and error logs.
• Main location: depending on provider region or configuration.
• Transfer safeguards: provider DPA, applicable transfer mechanisms and region settings where available.

OpenAI or Configured Automated Translation Provider

• Provider: OpenAI or configured automated translation provider
• Role: automated real-time translation, transcription, subtitles, translated voice or processing of translation sessions.
• Data concerned: audio necessary for translation, text or transcript, source and target languages, session metadata and technical information necessary for operation.
• Main location: depending on provider and configuration.
• Transfer safeguards: provider business/API terms, DPA and applicable transfer mechanisms.
• Note: translation features must not be used as certified translation or official interpretation.

Transactional Email Provider

• Provider: SendGrid, Twilio or configured email provider
• Role: sending transactional emails, including room-ready emails, start links, invitation links, organizer codes, duration and start window information.
• Data concerned: email address, transactional content, technical sending identifiers, delivery status, errors or bounces.
• Main location: depending on provider and configuration.
• Transfer safeguards: provider DPA and applicable transfer mechanisms.

Database, Cache, Technical Analytics and Observability

• Provider: self-hosted PostgreSQL, Redis and ClickHouse on the production VPS, unless a managed provider is configured later.
• Role: storage of rooms, participants, preferences, floor state, messages, subtitles, leases, orders, analytics events, evidence and technical logs.
• Data concerned: operational Service data, technical data, commercial data, minimized evidence, metrics and events.
• Main location: Gravelines (GRA), France.
• Transfer safeguards: hosted in France on the declared production VPS, with access control, minimization and encryption measures described in this Privacy Policy; if a managed provider or non-EU/EEA region is used later, the applicable transfer mechanism must be documented before use.

Professional Service Providers

• Providers: lawyers, accountants, auditors, insurers, banks, advisors, collection or defense providers.
• Role: accounting, tax, compliance, disputes, collection, insurance, audit and defense of rights.
• Data concerned: data strictly necessary for the relevant files, including orders, invoices, payments, evidence, disputes and support exchanges.
• Main location: depending on provider.
• Transfer safeguards: professional contracts, confidentiality obligations and professional secrecy where applicable.

9.2 Client's Own Providers

The Client may use its own tools or services in parallel with World-Meeting, including browser, operating system, recording tool, screenshot tool, email, calendar, proxy, VPN, corporate network or security solution.

These tools are not subprocessors of World-Meeting. The Client remains responsible for their compliance.

9.3 Changes to Providers

World-Meeting may add, replace or remove a provider in order to provide, secure, improve or maintain the Service.

Where the change concerns an important subprocessor for data processed on behalf of business Clients, World-Meeting may inform Clients by updating this Privacy Policy, by notice on the Site, by email or by any reasonable means.

The Client may object to a change on legitimate data protection grounds under the conditions set out in the DPA.

World-Meeting targets an international audience, including the European Union, the United States and Asia. Some providers or recipients may be located outside the European Union or the European Economic Area.

Where personal data are transferred to a country that does not benefit from an adequacy decision, World-Meeting implements appropriate safeguards where required, including Standard Contractual Clauses, the Data Privacy Framework where available and applicable, supplementary measures, encryption, pseudonymization, minimization or contractual commitments from providers.

The user may request reasonable information about applicable safeguards through the privacy contact address.

World-Meeting stores data for a limited period determined according to the purpose, nature of the data, room status, legal obligations, security needs and the existence of any dispute.

By way of indication:

• Site visit data and technical logs: short duration necessary for security, diagnosis and abuse prevention, unless an incident or dispute occurs.
• Cookie choices: limited duration allowing the user's choice to be retained, then renewal or deletion according to applicable regulations.
• Contact and support requests: duration necessary to process the request, then limited archiving for evidence and follow-up, unless a legitimate objection or contrary obligation applies.
• Free room data: stored during the life of the room, then deleted or purged according to the operational retention policy.
• Paid room operational data: stored during the life of the room, then archived, minimized or deleted according to the configured operational retention period, unless a dispute applies.
• Room messages: limited retention tied to the room and applicable operational retention; World-Meeting is not a permanent archiving service.
• Subtitles and translation recaps: temporary retention for display, synchronization, late joiners and the active room, then deletion or purging according to room rules, unless a dispute applies.
• Commercial data and paid orders: retained for the periods necessary for accounting, tax, audit, evidence and legal obligations, which may extend up to applicable legal retention periods.
• Stripe evidence, refund, fraud or dispute data: retained for the period necessary to handle the dispute, chargeback, audit, fraud or defense of rights.
• Raw technical analytics data: limited retention, which may be configured by default up to 365 days, unless copied or retained in connection with a dispute.
• Data under litigation hold: extended retention for as long as the dispute, investigation, chargeback, legal obligation or evidence need justifies it.
• Secrets, tokens and keys: not retained in clear text where the architecture allows; stored in hashed, encrypted or temporary form depending on the case.

Certain data may be anonymized or aggregated in order to produce statistics that no longer identify a person.

World-Meeting implements reasonable technical and organizational measures to protect data, including depending on configuration:

• TLS encryption in transit;
• hashed storage of access tokens, organizer secrets and admission tokens where possible;
• encryption of certain secrets or sensitive data where configured;
• limitation of translation secrets to short-lived temporary secrets;
• API keys kept server-side;
• admin access control;
• rate limiting;
• logging of critical events;
• separation of runtime and commercial statuses;
• blocking of pending, cancelled or refunded rooms;
• minimization of IP evidence in views and exports;
• deletion or masking of secrets in exports;
• limited retention;
• monitoring, supervision and vulnerability correction;
• restriction of data access to persons who need it.

No electronic transmission or storage can be guaranteed as absolutely secure. The user must protect their links, organizer codes, devices, browsers, email inboxes and networks.

World-Meeting is not designed to process sensitive data, including health data, biometric data for the purpose of unique identification, data relating to criminal offenses, highly sensitive financial data outside Stripe, children's data, protected secrets or information subject to specific regulated regimes.

Users must not transmit such data through the Service unless they have an appropriate legal basis, authorizations and a specific written agreement with World-Meeting where necessary.

If sensitive data are voluntarily communicated by a user in a room, message, report, screen share, audio stream or translation, the user or Client organizer remains responsible.

Depending on applicable regulations, including the GDPR for persons located in the European Union or concerned by processing subject to the GDPR, persons may have the following rights:

• right of access;
• right to rectification;
• right to erasure;
• right to restriction of processing;
• right to object;
• right to data portability;
• right to withdraw consent where processing is based on consent;
• right to define instructions regarding the fate of data after death where French law applies;
• right to lodge a complaint with a supervisory authority, including the CNIL in France.

To exercise these rights, the user may contact World-Meeting at the address indicated in this Privacy Policy.

World-Meeting may request reasonable information to verify the identity of the requester, locate the relevant data and avoid communicating data to an unauthorized person.

Where World-Meeting acts as processor for a business Client, World-Meeting may forward the request to the Client or request instructions, unless a direct legal obligation provides otherwise.

Certain rights may be limited where retention is necessary to comply with a legal obligation, establish or defend legal claims, prevent fraud, handle a dispute, protect the security of the Service or respect the rights of other persons.

Depending on the country or state of residence, including certain U.S. states or countries in Asia, persons may have additional rights, such as the right to know the categories of data collected, right to deletion, right to correction, right to opt out of certain sales or sharing of data, right to limit the use of sensitive data, right not to be discriminated against for exercising a right, or right to appeal.

World-Meeting does not sell personal data in the ordinary meaning of the term. If a local regulation broadly defines "sale" or "sharing", World-Meeting will handle applicable requests under the relevant law.

Persons concerned may contact World-Meeting to exercise their local rights. World-Meeting will respond to the extent required by applicable regulation.

World-Meeting is intended for professional or organizational use and is not intended for children.

Minors may use the Service only under the responsibility of a legal representative, institution, employer, educational supervisor or authorized organization, where permitted by applicable law.

If World-Meeting learns that a minor has provided data without appropriate authorization, World-Meeting may delete or restrict the relevant data where possible and appropriate.

World-Meeting may modify this Privacy Policy to reflect changes in the Service, law, providers, processing operations or security.

The applicable version is the version published on the Site at the time of use, unless otherwise stated in an order or specific agreement.

In the event of a substantial change, World-Meeting may inform users by any reasonable means.

For any question relating to this Privacy Policy or the exercise of rights:

• Privacy contact: [email protected]
• General contact: [email protected]
• Postal address: 3 Impasse Denis Papin, 44310 Saint-Philbert-de-Grand-Lieu, France

Persons located in the European Union may also lodge a complaint with their competent supervisory authority, including the CNIL in France.