# Meeting & Calendar Integrations DarcyIQ integrates with Google, Microsoft, and Zoom to provide automatic meeting recording, transcription, and calendar synchronization. This page details the permissions and scopes required by each provider, which is useful for IT administrators and security reviewers evaluating DarcyIQ. {% hint style="info" %} **Read-Only by Design**: DarcyIQ requests the minimum permissions necessary. Calendar access is **read-only** — DarcyIQ never creates, modifies, or deletes calendar events. {% endhint %} ## Overview | Provider | Purpose | Access Type | Admin Consent Required | | ------------------------------------- | -------------------------------- | ------------------------------------ | ------------------------ | | **Google (Gmail / Google Workspace)** | Calendar sync, user identity | OAuth 2.0 (Delegated) | No | | **Microsoft (Outlook / Office 365)** | Calendar sync, user identity | OAuth 2.0 (Delegated) | Organization-dependant | | **Zoom** | Meeting access, recording tokens | OAuth 2.0 (Server-to-Server or User) | Depends on scope variant | *** ## Google (Gmail / Google Workspace) DarcyIQ uses Google OAuth 2.0 to authenticate users and read their calendar events for automatic meeting detection. ### Required Scopes | Scope | Classification | Description | Why DarcyIQ Needs It | | ------------------------------- | -------------- | --------------------------------------------- | -------------------------------------------------------------------------------------- | | `auth/userinfo.email` | Non-sensitive | See your primary Google Account email address | Identify the user and match their DarcyIQ account | | `auth/calendar.events.readonly` | Sensitive | View events on all your calendars | Read upcoming meetings to detect Zoom, Teams, and Google Meet links for automatic join | ### Key Details * **No restricted scopes** are requested — DarcyIQ does not access highly sensitive data categories * The `calendar.events.readonly` scope is classified as **sensitive** by Google, meaning users see a consent screen explaining the access * DarcyIQ **cannot** create, edit, or delete calendar events — access is strictly read-only * Google Workspace admins can pre-approve the DarcyIQ application for their domain ### What DarcyIQ Reads from Your Calendar | Data | Used For | | ------------------ | -------------------------------------------------------------------- | | Event title | Display in the meetings list and apply join rules | | Start and end time | Schedule Darcy to join at the right time | | Attendee list | Apply filtering rules (internal vs external, host detection) | | Meeting links | Detect Zoom, Teams, or Google Meet URLs to join the correct platform | | Event status | Determine if the meeting is confirmed, tentative, or cancelled | DarcyIQ does **not** read event descriptions, attachments, private notes, or other calendar metadata beyond what is listed above. *** ## Microsoft (Outlook / Office 365) DarcyIQ uses Microsoft Graph API with delegated permissions to authenticate users and read their calendar. ### Configured Permissions | Permission | Type | Description | Admin Consent Required | Why DarcyIQ Needs It | | ---------------- | --------- | ------------------- | ---------------------- | ----------------------------------------------------------------- | | `Calendars.Read` | Delegated | Read user calendars | No | Read upcoming meetings to detect meeting links for automatic join | ### Other Granted Permissions These standard OAuth permissions are automatically included as part of the Microsoft sign-in flow: | Permission | Type | Description | Admin Consent Required | Why DarcyIQ Needs It | | ---------------- | --------- | --------------------------------------------------- | ---------------------- | ----------------------------------------------------------------------- | | `email` | Delegated | View users' email address | No | Identify the user and match their DarcyIQ account | | `offline_access` | Delegated | Maintain access to data you have given it access to | No | Keep the calendar connection active without requiring re-authentication | | `openid` | Delegated | Sign users in | No | Standard OpenID Connect authentication | ### Key Details * All permissions are **delegated** (act on behalf of the signed-in user), not application-level * **No admin consent** is required — users can connect their own calendars * DarcyIQ **cannot** create, edit, or delete calendar events — `Calendars.Read` is read-only * Azure AD / Entra ID admins can pre-approve the DarcyIQ application for their tenant or restrict access via conditional access policies * DarcyIQ reads the same calendar data as described in the Google section above (event title, time, attendees, meeting links, status) *** ## Zoom DarcyIQ integrates with Zoom to access meeting details and join meetings for recording and transcription. Zoom offers two scope variants depending on your account setup. ### User-Level Scopes Used when individual users connect their Zoom account: | Scope | Description | Why DarcyIQ Needs It | | ------------------------------------ | ----------------------------------------- | ----------------------------------------------------------- | | `meeting:read:meeting` | View a meeting | Read meeting details (topic, time, join URL) | | `meeting:read:local_recording_token` | View a meeting local recording join token | Obtain tokens to join meetings for recording | | `meeting:read:list_meetings` | View a user's meetings | List upcoming meetings for automatic join scheduling | | `user:read:user` | View a user | Identify the connected user | | `user:read:zak` | View a user's Zoom Access Key | Authenticate the bot to join meetings on behalf of the user | ### Admin-Level Scopes Used when a Zoom account admin connects on behalf of the organization: | Scope | Description | Why DarcyIQ Needs It | | ------------------------------------------ | ----------------------------------------- | ----------------------------------------------------- | | `meeting:read:meeting:admin` | View a meeting | Read meeting details across the organization | | `meeting:read:local_recording_token:admin` | View a meeting local recording join token | Obtain tokens to join meetings for recording | | `meeting:read:list_meetings:admin` | View a user's meetings | List meetings for users in the organization | | `user:read:user:admin` | View a user | Look up user details for meeting association | | `user:read:list_users:admin` | View users | List users in the Zoom account for multi-user support | ### Key Details * All Zoom scopes are **read-only** — DarcyIQ cannot create, modify, or delete meetings * The admin-level scopes enable organization-wide meeting access; the user-level scopes are limited to the individual's meetings * Your Zoom account admin can review and approve the DarcyIQ application from the Zoom Marketplace * DarcyIQ uses the Zoom Access Key (ZAK) solely to authenticate the meeting bot — no other actions are performed with this token *** ## Security & Privacy ### Data Handling | Aspect | Details | | ----------------------- | ----------------------------------------------------------------------------------------------------- | | **Authentication** | Industry-standard OAuth 2.0 with all three providers | | **Token Storage** | Access and refresh tokens are encrypted at rest | | **Minimal Permissions** | Only read-only scopes are requested — no write access to calendars or meetings | | **User Consent** | Each user must explicitly grant access via the provider's consent screen | | **Revocation** | Users can disconnect their calendar at any time from DarcyIQ settings, which revokes the OAuth tokens | ### Frequently Asked Questions **Can DarcyIQ modify my calendar?** No. All calendar permissions are read-only. DarcyIQ cannot create, edit, or delete events. **Does DarcyIQ access my email?** No. The `email` and `userinfo.email` scopes only read your email address for identification. DarcyIQ does not access your inbox, email content, or contacts. **Can my admin control access?** Yes. Google Workspace admins, Azure AD / Entra ID admins, and Zoom account admins can pre-approve, restrict, or revoke the DarcyIQ application for their organization. **What happens if I disconnect my calendar?** DarcyIQ immediately revokes the OAuth tokens and stops reading your calendar. Existing meeting recordings and transcriptions are not deleted. **Does DarcyIQ store my calendar data?** DarcyIQ reads calendar events to schedule meeting joins. Event metadata (title, time, attendees, meeting links) is cached temporarily for scheduling purposes and is not stored long-term. *** ## Related Documentation | Topic | Link | | -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | | Meeting recording and transcription features | [Meetings](https://docs.darcyiq.com/core-features/meeting-recording-and-transcription) | | Calendar settings and join rules | [Calendar Settings](https://docs.darcyiq.com/settings-and-configuration/user-configuration/calendar-settings) | | Platform integrations overview | [Platform Integrations](https://docs.darcyiq.com/integrations-and-configuration/integration-overview/enterprise) |