RoomScore icon RoomScore

Privacy Policy for RoomScore

Effective Date: January 1, 2026

Last Updated: 2026-02-06

Developer: Resonant Labs LLC, Pittsburgh, PA

Contact: privacy@roomscore.tech

1. Introduction

RoomScore is a meeting room readiness platform for facilities managers and AV professionals. We build trust by being explicit about the data we collect and how we protect it.

2. Information We Collect

RoomScore requires an iPhone or iPad with a LiDAR sensor (iPhone 12 Pro and later, iPad Pro 2020 and later).

2.1 Measurement Data (Automatic)

When you complete a room scan, we collect:

  • Acoustic measurements: RT60 (reverberation time), noise floor (dBFS), C50 clarity
  • Room geometry: Volume (m3), surface area (m2), window-to-wall ratio
  • Equipment selections: Video system brand/model, microphone placement, screen count
  • Scan metadata: Timestamp, device model, app version
  • Device calibration metadata: Device model identifier used to apply noise calibration offsets (for example: "iPhone16,1" -> -1.0 dB adjustment)
  • Environmental context (optional, non-scored):
    • Barometric pressure readings (HVAC detection)
    • Device vibration/accelerometer (building stability)
    • Wi-Fi connectivity and latency (network context)
    • Ambient light levels (from photos)
    • Sound classification (Apple SoundAnalysis categories for noise source identification)
  • User feedback (optional): Post-scan quality ratings to validate scoring accuracy

Note: These sensors run silently during measurement but are NOT used in scoring. When present, they are stored with your account and may be included in AI analysis for context. They may also be included in the anonymized research dataset for benchmarking context.

2.2 Room Photo Data

RoomScore requires three room photos (front view, back view, ceiling) with an optional fourth for equipment close-ups.

  • Photos are scanned on-device for people and sensitive text before upload
  • Photos with detected people or text are automatically rejected
  • Photos are analyzed by AI for equipment placement and visual context (see Section 5.1)
  • Photos are stored locally on your device for up to 7 days to enable re-analysis, then automatically deleted
  • Photos uploaded for AI analysis are deleted from cloud storage after processing completes; Anthropic may retain request data for up to 7 days per their policy

2.3 Acoustic Impulse Response Audio

We may upload short clap impulse response clips to validate measurement accuracy.

  • On-device speech screening runs before any audio upload using Apple's SoundAnalysis framework
  • Speech detection threshold: >30% confidence triggers automatic rejection
  • If speech is detected, the audio file is permanently discarded and never uploaded
  • Only impulse responses without detected speech are uploaded
  • Uploaded audio is stored with your account for quality validation and deleted if you delete your account

2.4 Zoom Call Test Audio Streaming

During optional Zoom call quality tests, RoomScore may stream live meeting audio to our processing endpoint (roomscore.app/zoom/raw) so we can analyze spatial coverage and call quality in real time. This audio is processed transiently for quality metrics and not stored on our servers after processing completes.

  • The live stream is used only for test analysis and is not retained after processing
  • No speech transcripts are created or stored
  • RoomScore does not use this audio for advertising or unrelated profiling

2.5 Account Information

  • Email address (if using email sign-in)
  • Apple ID or Google account identifier (if using SSO)
  • Room names, site/building/floor labels, and optional room notes you enter

2.6 Zoom Rooms Integration Data (Optional)

If you connect your Zoom account to import your Zoom Rooms inventory, RoomScore accesses:

  • Room information: Zoom Room names, IDs, and status
  • Location hierarchy: Sites, buildings, and floors configured in your Zoom account
  • Equipment details: Cameras, microphones, speakers, and other devices associated with each room
  • Account verification: Your Zoom account email to confirm the connected account

Token Storage:

  • OAuth access and refresh tokens are stored exclusively in iOS Keychain (hardware-encrypted via Secure Enclave)
  • Tokens are never transmitted to or stored on RoomScore servers
  • Our Cloud Function proxies the initial token exchange only and does not retain tokens

Imported Data:

  • Room names, locations, and device information are cached locally on your device
  • This data syncs to your RoomScore account (Firestore) for portfolio organization
  • During Zoom-based tests, Zoom may display room names configured in your Zoom account to meeting participants and host notifications (for example, join emails)
  • Disconnecting Zoom removes all imported data from your account

2.7 Device and Usage Analytics

  • App opens, screen views, feature usage
  • Error logs and crash reports (via Firebase Crashlytics)
  • Device model, iOS version, app version

What We Do NOT Collect in Research Data:

  • Room names, building addresses, or GPS coordinates in research datasets
  • We do not retain speech or conversations; live audio is processed transiently during call tests and not stored
  • Raw room models or floor plans in the research dataset

3. Data Contribution Model

RoomScore is a research-driven product. Using the app contributes anonymized room measurements to a shared dataset that improves benchmarks for everyone. There are no privacy tiers. The protections above are built-in by default.

Room names and location fields (site, building, floor) are stored only in your account data so you can organize your portfolio. They are not included in the research collection.

3.5 Research vs. Account Data

RoomScore maintains TWO separate datasets:

Your Account Data (private, deletable):

  • Room names, locations, notes
  • Raw measurement history
  • Room context metrics (Wi-Fi connectivity and latency, lighting, vibration, barometer, sound classification)
  • Photos and audio files
  • Analysis results

Research Dataset (anonymized, persistent):

  • Measurements and room metrics (RT60, noise, volume, surface area, window ratio, room shape)
  • Equipment metadata (video system, microphones, screen count)
  • Spatial coverage zones aggregated to coarse grid cells (no walking paths or exact positions)
  • Optional derived room features/materials based on photos (if provided)
  • Contributor ID (hashed, not reversible to your account)
  • No room names, GPS, or identifiers

When you delete your account, we delete ALL account data within 30 days. We also delete research records linked to your contributor ID; aggregated statistics may persist without identifying you.

3.6 Research Dataset Contribution and Deletion

When you scan a room, we contribute anonymized measurements to the research dataset that powers community benchmarks and calibration.

Included:

  • Acoustic measurements (RT60, noise, C50, diagnostics)
  • Geometry summaries (volume, surface area, glass coverage)
  • Equipment categories (brand, mic type, screen count)
  • Spatial coverage zones aggregated to coarse grid cells
  • Environmental context (Wi-Fi, light, barometer, vibration, noise classification) when captured
  • Optional AI-derived features from photos (if provided)

Excluded:

  • Room names, building/site/floor labels, room notes
  • GPS coordinates or addresses
  • Account identifiers
  • Photos (deleted after analysis)

Deleting a scan from your portfolio removes it from your account view, but the aggregated measurements remain in the research dataset to preserve benchmark integrity. Deleting your account removes all research records linked to your contributor ID.

We store a one-way hashed contributor ID derived from your account ID. It is used only to remove your research data when you delete your account.

4. How We Use Your Data

4.1 Primary Uses

  • Deliver your results: Calculate scores, run simulations, generate reports
  • Benchmark context: Compare your rooms to similar spaces
  • AI analysis: Provide equipment recommendations and budget scenarios using measurements, equipment selections, optional photos, room notes, and optional environment signals
  • Sync across devices: If you sign in, your audits sync via Firebase

4.2 Research and Improvement

  • Validate measurement accuracy against reference tools
  • Improve device calibration models
  • Build aggregated benchmarks for equipment and room types

5. Data Sharing and Third Parties

5.1 Service Providers

We use these third parties to operate RoomScore:

  • Firebase (Google LLC): Cloud hosting, authentication, database
  • Firebase Crashlytics (Google LLC): Crash reporting and diagnostics. Collects crash logs including device model, OS version, and stack traces to help us identify and fix bugs. No personal data or room information is included in crash reports.
  • Firebase Remote Config (Google LLC): Feature flags and parameter tuning
  • Anthropic: AI analysis. Data may include measurements, equipment selections, room notes, optional photos, and optional environment signals. Anthropic processes this data as a service provider under its commercial terms; API data is not used to train models. Anthropic may retain request data for a limited period (currently up to 7 days) for abuse monitoring and service operations. See Anthropic's Privacy Policy and Commercial Terms.
  • Zoom Video Communications: RoomScore offers two optional Zoom integrations:
    • Zoom Rooms Integration: Connect your Zoom admin account via OAuth to import your Zoom Rooms inventory, view room locations and equipment, and control rooms during tests. OAuth tokens are stored locally in iOS Keychain and never sent to RoomScore servers. Imported room data syncs to your account. You can disconnect anytime in Settings, which deletes tokens and imported data. See our Zoom Integration Guide for details.
    • Zoom Meeting SDK: Create test meetings and measure audio quality during spatial coverage tests. During these tests, RoomScore may stream live meeting audio to our processing endpoint to analyze spatial coverage and call quality. The Zoom SDK requires certain device permissions (calendar, contacts, photo library) even if not actively used by RoomScore.
    Zoom may collect meeting quality metrics and device information during test calls. Zoom may also display room names configured in your Zoom account to meeting hosts and participants, including Zoom-generated notifications. See Zoom's Privacy Policy.
  • Apple: App distribution

All providers are bound by confidentiality agreements.

5.2 What We Do NOT Do

  • We never sell your data to advertisers or data brokers
  • We do not send room names, site/building/floor fields, or account identifiers to unrelated third parties. If you enable Zoom features, Zoom may display room names as part of meeting operations described above. If you include identifying details in room notes or photos, those may be processed for AI analysis.
  • We never use your data for unrelated marketing

6. Data Retention

  • Account data: Retained while your account is active
  • Deleted accounts: Removed within 30 days (Firestore and Storage)
  • Research dataset: Anonymized measurements may be retained for longitudinal benchmarks, even if you delete individual scans
  • AI processing logs: Retained by Anthropic for a limited period (currently up to 7 days) per their policy

To delete your account: Settings → Account → Delete Account.

7. Security Measures

  • Encryption in transit: TLS 1.3 for all cloud communication
  • Encryption at rest: Google Cloud default encryption for Firestore and Storage
  • Access controls: Firebase Security Rules limit data access to account owners

If you discover a vulnerability, email security@roomscore.tech.

8. Your Rights

  • View your data: All room audits visible in the Portfolio tab
  • Export your data: PDF export available per room; full data export via privacy@roomscore.tech
  • Delete data: Individual rooms or entire account (Settings → Delete Account). Deleting a room removes it from your account, while account deletion removes contributed research data.
  • Disconnect integrations: Revoke Zoom access anytime (Settings → Zoom Rooms → Disconnect). This deletes OAuth tokens and all imported Zoom data from your account. You can also revoke access from Zoom App Marketplace → Manage → Installed Apps.

9. International Users

RoomScore is operated from the United States. If you are located in the European Economic Area, United Kingdom, or California, you may have additional rights regarding your personal data, including the right to access, correct, delete, or port your data. To exercise these rights, contact privacy@roomscore.tech. We will respond within 30 days.

10. Enterprise Local-Only Mode

Organizations requiring local-only or air-gapped deployment can contact enterprise@roomscore.tech for an enterprise license.

11. Updates

We may update this policy periodically. Material changes will be posted on this page.