eduSeed Zoom Integration Security Policy

Effective date: July 12, 2026

This Security Policy describes the baseline security practices used for the eduSeed Zoom integration and the responsibilities associated with operating that integration and its supporting services.

1. Purpose

eduSeed is committed to protecting the confidentiality, integrity, and availability of data processed through the eduSeed Zoom integration, including instructor workflows, administrative data, OAuth connection data, transcript content, and generated draft summary data.

2. Scope

This policy applies to:

3. Security Principles

eduSeed follows these core principles:

4. Authentication and Access Control

5. Transport Security

6. Data Protection

7. Zoom Integration Security

The eduSeed Zoom integration uses the following controls:

Public webhook endpoints are protected by provider-specific signature verification rather than end-user session authentication.

8. Application Development Practices

eduSeed aims to follow secure development practices including:

9. Logging, Monitoring, and Vulnerability Management

10. Incident Response

If a suspected security incident occurs, eduSeed operators should:

11. Third-Party Services

eduSeed relies on third-party infrastructure and integrations, including Supabase, Zoom, and AI service providers used in workflow processing. These providers maintain their own security programs and contractual terms. eduSeed's security posture depends in part on the secure operation of those services.

12. Responsible Disclosure

Security concerns or suspected vulnerabilities should be reported to:

13. Policy Maintenance

This policy should be reviewed periodically and updated when there are material changes to eduSeed's architecture, integrations, or security practices.