Waroom Get Started

Last updated: May 27, 2026

Privacy Policy

Waroom, Inc. ("Waroom", "we", "us", or "our") operates the Waroom incident management platform. This policy explains what data we collect, why we collect it, and how we protect it.

1. Data We Collect

We collect information you provide directly and data generated by your use of the service:

  • Account data: name, email address, password hash, organization name.
  • Incident & on-call data: incident titles, descriptions, timelines, action items, and on-call schedules you create inside Waroom.
  • Integration credentials: OAuth tokens and encrypted configuration for third-party integrations (Slack, Microsoft Teams, PagerDuty, etc.). Credentials are encrypted at rest.
  • Usage data: pages visited, features used, timestamps, browser type, and IP address for security and analytics.
  • Communications: messages you send us via support channels.

2. How We Use Your Data

  • Provide and operate the Waroom service.
  • Send incident alerts and on-call notifications via your configured channels (email, SMS, Slack, Teams).
  • Improve product quality through aggregate, anonymised analytics.
  • Respond to support requests and enforce our Terms of Use.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

3. Data Storage & Security

Data is stored on AWS infrastructure in the us-east-1 region. We apply encryption at rest (AES-256) and in transit (TLS 1.2+). Integration secrets are encrypted with a per-environment key before being written to the database.

We use role-based access controls, audit logging, and least-privilege IAM policies to limit internal access to production data.

4. Third-Party Services

We share data with third parties only as necessary to deliver the service:

  • AWS: hosting, database, object storage, email delivery (SES), and message queuing (SQS).
  • Twilio: SMS and voice call delivery for on-call notifications.
  • Stripe: payment processing. Waroom never stores full card numbers.
  • Microsoft: Teams bot integration; governed by Microsoft's privacy policy.
  • Google: Google Meet video call creation when you connect your Google account. We request the OAuth scope https://www.googleapis.com/auth/meetings.space.created to create meeting spaces for incidents on your behalf. Use of Google user data is governed by Google's privacy policy and complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • Zoom: Zoom meeting creation when you connect your Zoom account. We request OAuth scopes needed to create meetings on your behalf. Use of Zoom data is governed by Zoom's privacy policy.
  • Slack Technologies: Slack integration; governed by Slack's privacy policy.

5. Google User Data & Limited Use

Waroom integrates with Google Workspace for video conferencing. When you connect your Google account, Waroom requests and processes Google user data in strict compliance with the Google API Services User Data Policy, including the Limited Use requirements.

Scopes we request

  • https://www.googleapis.com/auth/meetings.space.created: used to create Google Meet meeting spaces for incidents you declare in Waroom.
  • openid email profile: used to identify your Google account during the OAuth flow and store the connection at the organization level.

How we use Google user data

  • Create Google Meet spaces when an incident is declared, so responders have an immediate video bridge.
  • Store the OAuth refresh token (encrypted at rest with AES-256) so we can mint short-lived access tokens to call the Meet API on your behalf.
  • Display the meeting URL inside the relevant Waroom incident and forward it to your connected channels (Slack, Microsoft Teams).

What we do NOT do

  • We do not transfer Google user data to third parties except as needed to provide the user-facing Meet feature, comply with applicable law, or as part of a merger/acquisition where Google user data continues to be protected by this policy.
  • We do not use Google user data to serve advertisements.
  • We do not allow humans to read Google user data, except (a) with your explicit consent for specific data, (b) for security investigations or to comply with law, (c) where the data has been aggregated and anonymised for internal operations.
  • We do not use Google user data to develop, improve, or train generalised AI/ML models.

Revoking access

You can disconnect Waroom from your Google account at any time from https://myaccount.google.com/permissions or from the Integrations page inside Waroom. Revocation deletes the stored refresh token; previously created Meet links remain valid until they expire per Google's retention rules.

6. Cookies & Tracking

We use strictly necessary session cookies to keep you signed in. We do not use third-party advertising or tracking cookies.

7. Data Retention

We retain your data for as long as your account is active. On account deletion or organisation closure, personal data is purged within 30 days, except where retention is required by law or for billing record-keeping (up to 7 years for financial records).

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Data portability.

To exercise any of these rights, email privacy@waroom.co.

9. Children's Privacy

Waroom is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to This Policy

We may update this policy. Material changes will be communicated via email or an in-app notice at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

11. Contact

Questions or requests: privacy@waroom.co