I’m creating an APP for the marketplace, the scopes the application are the following:
- View your meetings (meeting:read)
- View your recordings (recording:read)
Looking the documentation about the data compliance and the deauthorization, I noticed the following:
Looking this information, I ended up with some questions:
My application only have rights to read meetings and recordings, by saying this, to be specific, we only store the tokens, which are already encoded, we do not store any sensitive user information, so, this normative is going to be mandatory for us in order to have the application approval?
Why do I need to retain information not related to my app purposes ?
Also, talking about the data Security and Compliance:
- How is going to be tested the information encrypted or hashed inside the database ?