Zoom Privacy Statement
Last updated: October 11, 2024
This Privacy Statement describes the personal data we collect and/or process (which may include collecting, organizing, structuring, storing, using, or disclosing) to provide products and services offered directly by Zoom Communications, Inc. (“Zoom”), including Zoom’s websites, its meetings, webinars, and messaging platform, related collaborative features, and Zoom App Marketplace (“Zoom products and services” or “products and services”). Zoom products and services covered in this Privacy Statement do not include products or services developed by Zoom that are covered under a separate privacy policy (including those listed here). California residents, please see our California Privacy Notice at Collection, and California & Other U.S. State Privacy Rights sections.
What Personal Data Do We Receive?
How Do We Share Personal Data?
Who Can See, Share, and Process My Personal Data When I Join Meetings and Use Other Zoom Products and Services?
European Data Protection Specific Information
California & Other U.S. States Notice at Collection
California & Other U.S. State Privacy Rights
Changes to This Privacy Statement
What Personal Data Do We Receive?
Personal data is any information from or about an identified or identifiable person, including information that Zoom can associate with an individual person. We may collect, or process on behalf of our customers, the following categories of personal data when you use or interact with Zoom products and services:
- Account Information: Information associated with an account that licenses Zoom products and services, which may include administrator name, contact information, account ID, billing and transaction information, and account plan information.
- Profile and Participant Information: Information associated with the Zoom profile of a user who uses Zoom products and services under a licensed account or that is provided by an unlicensed participant joining a meeting, which may include name, display name, picture, email address, phone number, job information, stated locale, user ID, or other information provided by the user and/or their account owner.
- Contact Information: Contact information added by accounts and/or their licensed end users to create contact lists on Zoom products and services, which may include contact information a user integrates from a third-party app, or provided by users to process referral invitations.
- Settings: Information associated with the preferences and settings on a Zoom account or user profile, which may include audio and video settings, recording file location, screen sharing settings, and other settings and configuration information.
- Registration Information: Information provided when registering for a Zoom meeting, webinar, Zoom Room, or recording, which may include name and contact information, responses to registration questions, and other registration information requested by the host.
- Device Information: Information about the computers, phones, and other devices used when interacting with Zoom products and services, which may include information about the speakers, microphone, camera, OS version, hard disk ID, PC name, MAC address, IP address (which may be used to infer general location at a city or country level), device attributes (like operating system version and battery level), WiFi information, and other device information (like Bluetooth signals).
- Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features: Content generated in meetings, webinars, or messages that are hosted on Zoom products and services (“Customer Content”), which may include audio, video, in-meeting messages, in-meeting and out-of-meeting whiteboards, chat messaging content, transcriptions, transcript edits and recommendations, responses to account owner / host-sponsored post-meeting or webinar feedback requests, responses to polls and Q&A, and files, as well as related context, such as invitation details, meeting or chat name, or meeting agenda. Customer Content may contain your voice and image, depending on the account owner’s settings, what you choose to share, your settings, and what you do on Zoom products and services. As referenced below, Zoom employees do not access or use Customer Content without the authorization of the hosting account owner, or as required for legal, safety, or security reasons.
- Usage Information Regarding Meetings, Webinars, Messaging, Collaborative Features and the Website: Information about how people and their devices interact with Zoom products and services, such as: when participants join and leave a meeting; whether participants sent messages and who they message with; performance data; mouse movements, clicks, keystrokes or actions (such as mute/unmute or video on/off), edits to transcript text, where authorized by the account owner and other inputs that help Zoom to understand feature usage, improve product design, and suggest features; which third-party apps are added to a meeting or other product or service and what information and actions the app is authorized to access and perform; use of third-party apps and the Zoom App Marketplace; features used (such as screen sharing, emojis, or filters); and other usage information and metrics. This also includes information about when and how people visit and interact with Zoom’s websites, including what pages are accessed, interaction with website features including Zoom’s website’s virtual chat feature, and whether or not the person signed up for a Zoom product or service.
- Limited Information from Zoom Email and Calendar Services: “Zoom Email” refers to Zoom’s native email service and emails sent from Zoom’s native email service. Zoom Email is designed to be end-to-end encrypted by Zoom by default for emails sent and received directly between active Zoom Email users. Support for end-to-end encryption requires Zoom Email users to have added a device to their Zoom Email account with the associated email address and to use a supported Zoom client. When an email is end-to-end encrypted, only the users, and, depending on their settings, account owners, or designated account administrators control the encryption key and therefore access to the email content, including body text, subject line, attachments and custom labels applied to messages by users in their inboxes. Emails sent to or received from non-Zoom Email users are encrypted after the email is sent or received from Zoom’s servers, if the Zoom Email user chooses to send them with encryption. In all cases, Zoom does have access to email metadata used for basic email delivery—specifically, email addresses in the from, to, cc, and bcc fields, time, mimeID, and the number and size of attachments. From use of Zoom’s native calendar service, Zoom receives information regarding meeting invitations, body text, sender and recipients, and other calendar information.
- Content from Third-Party Integrations: Account owners and/or their licensed end users can access emails, calendars, files and other information from third-party services through their Zoom client, if they choose to integrate them. This information is not end-to-end encrypted by Zoom, but Zoom employees do not access the contents of third-party-service email, calendar entries, files or other information, unless authorized to, or required for legal, safety, or security reasons. If account owners and/or their licensed end users integrate their third-party emails, calendars, files and/or other information with products and services offered or powered by Zoom. Zoom may collect or process Customer Content and email, calendar, files and other information, including content, headers, titles, and metadata, from such third-party services.
- Communications with Zoom: Information about, and contents of, your communications with Zoom, including relating to support questions, website virtual chats, your account, feedback provided by users to Zoom about Zoom’s products and services (which is owned by Zoom), and other inquiries.
- Information from Partners: Zoom obtains information about account owners and their users from third-party companies, such as market data enrichment services, including information about an account owner’s company size or industry, contact information, or activity of certain enterprise domains. Zoom may also obtain information from third-party advertising partners that deliver ads displayed on Zoom products and services, such as whether you clicked on an ad they showed you.
In certain jurisdictions, some of the personal data Zoom receives may be considered sensitive. Please see “California & Other U.S. State Privacy Rights” for more information.
How Do We Use Personal Data?
Zoom employees do not access or use Customer Content including meeting, webinar, messaging, or email content (specifically, audio, video, files, in-meeting whiteboards, messaging, or email contents), or any content generated or shared as part of other collaborative features (such as out-of-meeting whiteboards), unless authorized by the account owner hosting the Zoom product or service where the Customer Content was generated, or as required for legal, safety, or security reasons. Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content (such as poll results, whiteboard and reactions) to train Zoom’s or its third-party artificial intelligence models.
As discussed below, and where technically feasible, Zoom uses personal data to conduct the following activities:
- Provide Zoom Products and Services: To provide products and services to account owners, their licensed end users, and those they invite to join meetings and webinars hosted on their accounts, including to customize Zoom products and services and recommendations for accounts of their users. Zoom also uses personal data to determine what products and services may be available in your location, and uses personal data, including contact information, to route invitations, messages, or Zoom Emails to recipients when users send or receive invitations, messages, or Zoom Emails using Zoom products and services. This may also include using personal data for customer support, which may include accessing audio, video, files, messages, and other content or context, including information you provide through Zoom’s website’s virtual chat feature, at the direction of the account owner or their users. We also use personal data to manage our relationships and contracts with account owners and others, including billing, compliance with contractual obligations, facilitating payment to third-party developers in relation to purchases made through the Zoom App Marketplace, and related administration.
- Local Device Video Features: If you elect to enable certain video features, if available in your area, such as filters, studio effects, avatars, and gestures, information about your movements or the positioning of your face or hands may be processed on your device to apply the selected features. Such data does not leave your device, is not retained, cannot be used to identify you, and is only used to generate the selected effects.
- Enhanced Video Features: If your account owner or administrator and you elect to enable “automatic smart name tags,” and you provide the requisite consent and a reference photo, Zoom may analyze your facial geometry and features from the reference photo you submit and video from the Zoom Room to identify you and tag you by name in the Zoom Room during your meeting. Zoom will store and use your reference photo and data about your facial geometry and features for this purpose while your account owner or administrator and you have this feature enabled. You can disable the automatic smart name tags feature and delete this data any time in your Settings. Zoom will retain this data for this purpose until and unless you choose to delete this data or for up to three years after your last interaction with Zoom.
- Enhanced Audio Features: If you elect to enable enhanced audio features, such as personalized audio isolation or automatic smart speaker tags, and provide the requisite consent, Zoom may analyze your voice and create a voiceprint to enhance your audio quality (such as suppressing background noise) and/or to identify you by name. To do this, Zoom may generate your voiceprint from a recording of your voice (if you upload it for this purpose) and/or from meetings that you participate in. Zoom will store and use your voiceprint and reference audio recording for these purposes while you have features that use your voiceprint enabled. You can disable these features and delete this data any time in your Settings. Zoom will retain this data for this purpose until and unless you choose to disable these features and delete this data or for up to three years after your last interaction with Zoom.
- Intelligent Features: Zoom provides intelligent features and products to its customers, their licensed end users and guests, such as Zoom AI or other tools to recommend chat, email, or other content, including content from third-party integrations. These tools may use artificial intelligence, machine learning, or other technology to process Customer Content and context solely to provide the intelligent features.
- Product Research and Development: If authorized by any applicable settings, to develop, test, and improve Zoom products and services, and to troubleshoot products and services.
Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content (such as poll results, whiteboard and reactions) to train Zoom’s or its third-party artificial intelligence models. - Marketing and Promotions: If authorized by any applicable settings, to permit Zoom and/or its third party marketing partners to market, advertise, and promote Zoom products and services, including based on your product usage, information we receive from third-party partners, information you provide to process referral invitations, or if you visit our websites, information about how and when you visit, and your interactions with them. We may also use this information to provide advertisements to you relating to Zoom products and services or to engage third party partners to analyze your interactions on our website or app or to deliver advertising to you. Zoom does not use Customer Content for any marketing or promotions.
- Authentication, Integrity, Security, and Safety: To authenticate accounts and activity, detect, investigate, and prevent malicious conduct, fraudulent activity or unsafe experiences, address security threats, protect public safety, and secure Zoom products and services. Zoom uses advanced tools to automatically scan certain types of content such as virtual backgrounds, profile images, incoming emails to Zoom’s native email service from someone who is not a Zoom Email user, and files uploaded or exchanged through chat, for the purpose detecting and preventing violations of our terms or policies and illegal or other harmful activity.
- Communicate with You: We use personal data (including contact information, and information you provide through Zoom’s website’s virtual chat feature, including the content of the messages) to communicate with you about Zoom products and services, including product updates, your account, and changes to our policies and terms. We also use your information to respond to you when you contact us.
- Legal Reasons: To comply with applicable law or respond to valid legal process, including from law enforcement or government agencies, to investigate or participate in civil discovery, litigation, or other adversarial legal proceedings, protect you, us, and others from fraudulent, malicious, deceptive, abusive, or unlawful activities, and to enforce or investigate potential violations of our Terms of Service or policies.
How Do We Share Personal Data?
Zoom provides personal data to third parties only with consent or in one of the following circumstances (subject to your prior consent where required under applicable law):
- Resellers: If an account owner licensed or purchased Zoom products and services from a third-party reseller of Zoom products and services, the reseller may be able to access personal data and content for users, including meetings, webinars, and messages hosted by the account owner.
- Vendors: Zoom works with third-party service providers to provide, support, and improve Zoom products and services and technical infrastructure, and for business services such as payment processing, including in relation to purchases made through the Zoom App Marketplace. Zoom may also work with third-party service providers to provide advertisements and business analytics regarding Zoom products and services. These vendors can access personal data subject to contractual and technical requirements for protecting personal data and prohibiting them from using personal data for any purpose other than to provide services to Zoom or as required by law. Zoom may integrate third-party technology to provide advanced features, such as Apple’s TrueDepth technology, to process information on your device about your face or hand dimensions and gestures to provide video effects. This information is processed on your device, and such information is neither received nor stored by either the third party, or Zoom.
- For Legal Reasons: Zoom may share personal data as needed to: (1) comply with applicable law or respond to, investigate, or participate in valid legal process and proceedings, including from law enforcement or government agencies; (2) enforce or investigate potential violations of its Terms of Service or policies; (3) detect, prevent, or investigate potential fraud, abuse, or safety and security concerns, including threats to the public; (4) meet our corporate and social responsibility commitments; (5) protect our and our customers’ rights and property; and (6) resolve disputes and enforce agreements.
- Marketing, Advertising, and Analytics Partners: Zoom uses third-party marketing, advertising, and analytics providers: to provide statistics and analysis about how people are using Zoom products and services, including our website; and to provide advertising and marketing for Zoom products and services, including targeted advertising based on your use of our website. These third-party partners may receive information about your activities on Zoom’s website through third-party cookies placed on Zoom’s website. To opt out of our use of third-party cookies that share data with these partners, visit our cookie management tool, available in Cookies Settings. Where required by law, Zoom will first obtain your consent before engaging in the marketing or advertising activities described.
- Corporate Affiliates: Zoom shares personal information with corporate affiliates, such as Zoom Voice Communications, Inc., to provide integrated and consistent experiences across Zoom products and services (such as enabling an account owner or their user to integrate a Zoom Phone call into a meeting) and to detect, investigate, and prevent fraud, abuse, and threats to public safety.
- Change of Control: We may share personal data with actual or prospective acquirers, their representatives and other relevant participants in, or during negotiations of, any sale, merger, acquisition, restructuring, or change in control involving all or a portion of Zoom’s business or assets, including in connection with bankruptcy or similar proceedings.
- Third-Party Developers: If you purchase a third-party app or integration from the Zoom App Marketplace, Zoom may share information about the purchase with the third-party developer, to provide the app or integration.
Who Can See, Share, and Process My Personal Data When I Join Meetings and Use Other Zoom Products and Services?
When you send messages or join meetings and webinars or use other collaborative features on Zoom, other people and organizations, including third parties outside the meeting, webinar, message, or other collaborative features, may be able to see, share, and process content and information that you share:
- Account Owner: An account owner is the organization or individual that signs up for a Zoom account. Typically, an account owner designates one or more people (called an “administrator”) to manage their account and can grant privileges to users on the account. Depending on their license with Zoom, the account owner can authorize additional users on their account, and the account owner can create and/or access the profile information for all users on their account. The account owner and their users can invite others (including guests not on their account and unlicensed participants) to meetings or webinars hosted on their account. Zoom gives account owners controls and features that they can use to determine whether certain types of content, such as recordings or Zoom Team Chat messages, can be created or sent, and what third-party apps can be used, for meetings and webinars hosted on their account. Depending on their settings, account owners and the users they designate can access personal data for participants who join meetings and webinars on their account or send messages to users on their account. Account owners may also be able to determine what information Zoom and others can access and use. Specifically, account owners may have access to:
- Account Usage:
- Product Usage: Information about how users and their devices interact with their account, which may include who sent messages to their users in chat, email addresses, IP addresses, device information, and other information about who joined meetings or webinars on their account, whether their users viewed or downloaded a recording, how long participants participated in their meetings, the time a message was sent, information about integrations, and other usage information and feedback metrics.
- Participant List: Information about the participants in a Zoom meeting, webinar, or chat, which may include name, display name, email address, phone number, and participant or user ID.
- Registration Information: Information provided during registration for a webinar, meeting, Zoom Room, or recording hosted by the account.
- Zoom Team Chat and Out-of-Meeting Collaborations: If enabled on their account, account owners and those they authorize can see information about who sent and received Zoom Team Chat messages, including synced in-meeting messages (e.g., from a dedicated meeting group chat that is synced with Zoom Team Chat), to users on their account, along with information about the message (for example, date and time, and number of members or participants). Depending on their settings, account owners also can see sender and receiver information, and other messaging data, along with the content of messages sent to and from users on their account (including from in-meeting chat where dedicated meeting group chats are enabled), unless the account owner has enabled Advanced Chat Encryption. Depending on their settings, account owners and those they authorize may also see the content shared through collaborative features, including whiteboards, files, and images shared in Zoom Team Chat.
- In-Meeting/Webinar Messages: Depending on their settings, account owners can see sender and receiver information, along with the content of messages sent to and from users on their account, in the following circumstances:
- Messages sent to Everyone in a meeting that is recorded
- Messages sent to the meeting group chat in a meeting when a dedicated meeting group chat is enabled
- Messages sent to panelists in a webinar that is recorded
- Messages sent in dedicated meeting group chats in Team Chat
- Direct messages if the account owner has enabled archiving
- If a participant in a meeting is subject to archiving, their account owner will have access to messages sent to Everyone in the meeting, as well as direct messages sent to that participant. If a participant who is a member of a dedicated meeting group chat is subject to archiving, the member’s account owner will have access to the meeting group chat messages, as well as direct messages sent to that member. If a guest in a meeting with a dedicated meeting group chat is subject to archiving, the guest’s account owner will have access to messages sent to the meeting group chat, as well as direct messages sent to that guest.
- Recordings and Transcripts: Account owners can view and share the recordings and transcripts of meetings and webinars hosted on their account. Account owners may be able to view and share content generated by intelligent features that use the recording or transcript.
- Other Collaborative Feature Content (e.g., Zoom Email, Zoom Calendar, Zoom Docs, Clips, Whiteboard, Notes, Polls, Q&A, Feedback, ): Depending on their settings, account owners and designated account administrators can access content hosted on their account. For example, depending on their settings, account owners and designated account administrators can access email and calendar content sent to and from users on their Zoom Email or Zoom Calendar accounts, even if those Zoom Emails are encrypted. In addition, account owners can see information about who provided responses to their polls, Q&A, or post-meeting or webinar feedback requests, including name and contact information, together with the responses or feedback, unless responses are submitted anonymously.
- Account Usage:
- Meeting Hosts, Participants, and Invitees: Meeting hosts, participants, and invitees may be able to see your email, display name, profile picture, and presence status, including in Zoom meetings and in Zoom’s native calendar service. Meeting hosts, participants, and invitees can also see and (depending on the account owner’s settings) record, save, and share meeting content, audio transcripts, messages sent to Everyone, messages sent to meeting group chats (where enabled, and whether sent in Team Chat or in-meeting), or messages sent to them directly, and files, whiteboards or other information shared with them (including during a meeting, or through a dedicated meeting group chat). Meeting hosts may also share meeting assets to Zoom Team Chat, depending on their account owner’s settings. Meeting hosts may also be able to see responses to Q&A and polls generated during the meeting.
- Zoom Email, Calendar and Zoom Team Chat Recipients: Recipients of Zoom Emails and Zoom Calendar invites can see, save, and share your email and calendar content with others, including by sharing emails to Zoom Team Chat. If a recipient shares encrypted content with others, for example, by sharing an encrypted Zoom Email to Zoom Team Chat, or forwarding an encrypted Zoom Email to a third-party recipient without a Zoom Email account, the shared or forwarded content will not be end-to-end encrypted by Zoom. Recipients of Zoom Team Chats can see your messages, reactions, emojis, and related content, including content from Zoom Emails, Zoom Calendar, and emails from third-party services integrated in the Zoom client, that you or a third-party choose to share to Zoom Team Chat, and in-meeting messages that participants send that are synced with Zoom Team Chat through dedicated meeting group chats. Depending on the account owner’s settings, Zoom Team Chat recipients may record, save, or share your messages.
- Webinar Panelists and Attendees: Only panelists may be visible to attendees during a webinar, but attendees who agree to unmute can be heard by other attendees. If an attendee agrees to become a panelist during a webinar, they may be visible to other attendees, depending on settings. Panelists and attendees may be able to see the name of a participant who asks a question during a Q&A, along with their question, unless the participant submits the question anonymously.
- Intelligent Features: Users may be able to access, based on underlying permissions, customer content and context from meetings, webinars, messaging, and other collaborative features through their use of intelligent features.
- Livestreams: Meeting and webinar hosts can choose to livestream to a third-party site or service, which means anyone with access to the livestream will be able to see the meeting or webinar.
- Apps and Integrations:
- Account owners can choose to add Zoom-developed apps and third-party apps to their account and the Zoom products they use, including via use of the Zoom App Marketplace, and they can also control whether their users can add and use specific Zoom and third-party apps, including in meetings, webinars, and chats hosted on their account.
- Account owners can also choose to integrate other content from third-party services – such as third-party email communications, calendar entries, files and other information – with apps and services that they use.
- Depending on their settings, account owners’, users’ and guests’ personal data and content may be shared with apps and integrations, including Zoom-developed apps, approved by account owners, which may include all of the personal data categories listed above, such as account information, profile and contact information, registration information, participants list, settings, content, product usage, device information, or third-party emails that have been shared with the app.
- Other participants in the meeting may be able to see the app that you are using in a meeting, if the app is receiving content (including audio and video) from the meeting.
- Third-party developers may also integrate or embed Zoom meetings into their website or app experiences or build versions of Zoom that enable access to Zoom products from a third-party app.
- Personal information shared by account owners and users with third-party apps and integrations is collected and processed in accordance with the app developers’ terms and privacy policies, not Zoom’s.
Privacy Rights and Choices
Marketing Communications
If you don’t want to learn about products and services we or our partners offer, you can opt-out of marketing communications in the communication sent to you (for example, via email or SMS), or by emailing privacy@zoom.us. Not all of our communications are for marketing, and you’ll continue to receive messages related to your products and services, such as bills, transactional notices, or customer service. Zoom will not share any mobile data originating from you through a text messaging campaign except with your consent or as necessary to provide you communications about our services or services that you requested.
Data Rights
If you are in the European Economic Area (EEA), Switzerland, or the UK, or a resident of California or another U.S. state with an applicable privacy law, please refer to the respective dedicated sections below. Otherwise, at your request, and as required by applicable law, we will:
- Inform you of what personal data we have about you that is under our control;
- Amend or correct such personal data or any previous privacy preferences you selected, or direct you to
applicable tools; and/or - Delete such personal data or direct you to applicable tools.
In order to exercise any of your rights as to personal data controlled by Zoom, please click here. Where legally permitted, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others. As an account owner or a user under a licensed account, you may also take steps to affect your personal data by visiting your account and modifying your personal data directly.
Children
Zoom does not allow children under the age of 16 to sign up for a Zoom account.
For educational organizations that use Zoom products and services to provide educational services to children under 18, Zoom’s Children’s Educational Privacy Statement is available here.
How to Contact Us
To exercise your rights, please click here. If you have any privacy-related questions or comments related to this Privacy Statement, please send an email to privacy@zoom.us.
You can also contact us by writing to the following address:
Zoom Communications, Inc.
Attention: Data Protection Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113
Or to our representative in the EU or UK:
Lionheart Squared (Europe) Limited
Attn: Data Privacy
2 Pembroke House
Upper Pembroke Street 28-32
Dublin
DO2 EK84
Republic of lreland
email: zoom@LionheartSquared.eu
Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Fordingbridge
Hampshire
SP6 1QX
United Kingdom
Contact: zoom@LionheartSquared.co.uk
You can contact our Data Protection Officer by sending an email to privacy@zoom.us.
Retention
We retain personal data for as long as required to engage in the uses described in this Privacy Statement, unless a longer retention period is required by applicable law.
The criteria used to determine our retention periods include the following:
- The length of time we have an ongoing relationship with you and provide Zoom products and services to you (for example, for as long as you have an account with us or keep using our products);
- Whether account owners modify or their users delete information through their accounts;
- Whether we have a legal obligation to keep the data (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to the enforcement of our agreements, the resolution of disputes, and applicable statutes of limitations, litigation, or regulatory investigation).
European Data Protection Specific Information
Data Subjects Rights
If you are in the EEA, Switzerland, or the UK, your rights in relation to your personal data processed by us as a controller specifically include:
- Right of access and/or portability: You have the right to access any personal data that we hold about you and, in some circumstances, have that data provided to you so that you can provide or “port” that data to another provider;
- Right of erasure: In certain circumstances, you have the right to the erasure of personal data that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected);
- Right to object to processing: In certain circumstances, you have the right to request that we stop processing your personal data and/or stop sending you marketing communications;
- Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal data;
- Right to restrict processing: You have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
To exercise your rights, please click here. If you have any other questions about our use of your personal data, please send a request at the contact details specified in the How to Contact Us section of this Privacy Statement. Please note that we may request you to provide us with additional information in order to confirm your identity and ensure that you are entitled to access the relevant personal data.
You also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.
Legal Basis for Processing Personal Data
We only use your information in a lawful, transparent, and fair manner. Depending on the specific personal data concerned and the factual context, when Zoom processes personal data as a controller for individuals in regions such as the EEA, Switzerland, and the UK, we rely on the following legal bases as applicable in your jurisdiction:
- As necessary for our contract: When we enter into a contract directly with you, we process your personal data on the basis of our contract in order to prepare and enter into the contract, as well as to perform and manage our contract (i.e., providing Zoom products and services, features and services to account owners, their users, and those they invite to join meetings and webinars hosted on their accounts, and manage our relationship and contract, including billing, compliance with contractual obligations, and related administration). If we do not process your personal data for these purposes, we may not be able to provide you with all products and services;
- Consistent with specific revocable consents: We rely on your prior consent in order to utilize cookies to engage advertising and analytics partners to deliver tailored advertising and analysis of our website usage. You have the right to withdraw your consent at any time by visiting our cookie management tool, available Cookies Settings;
- As necessary to comply with our legal obligations: We process your personal data to comply with the legal obligations to which we are subject for the purposes of compliance with EEA laws, regulations, codes of practice, guidelines, or rules applicable to us, and for responses to requests from, and other communications with, competent EEA public, governmental, judicial, or other regulatory authorities. This includes detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity (“fraud and abuse detection”) and compliance with privacy laws;
- To protect your vital interests or those of others: We process certain personal data in order to protect vital interests for the purpose of detecting and preventing illicit activities that impact vital interests and public safety, including child sexual abuse material; and
- As necessary for our (or others’) legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data: We process your personal data based on such legitimate interests to (i) enter and perform the contract with the account owner and/or reseller providing you with the products and services (which includes billing, compliance with contractual obligations, and related administration and support); (ii) develop, test, and improve our products and services and troubleshoot products and services; (iii) ensure authentication, integrity, security, and safety of accounts, activity, and products and services, including detect and prevent malicious conduct and violations of our terms and policies, prevent or investigate bad or unsafe experiences, and address security threats; (iv) send marketing communications, advertising, and promotions related to the products and services; and (v) comply with non-EEA laws, regulations, codes of practice, guidelines, or rules applicable to us and respond to requests from, and other communications with, competent non-EEA public, governmental, judicial, or other regulatory authorities, as well as meet our corporate and social responsibility commitments, protect our rights and property and the ones of our customers, resolve disputes, and enforce agreements.
International Data Transfers
Zoom operates globally, which means personal data may be transferred, stored (for example, in a data center), and processed outside of the country or region where it was initially collected where Zoom or its service providers have customers or facilities – including in countries where meeting participants or account owners hosting meetings or webinars that you participate in or receiving messages that you send are based.
Therefore, by using Zoom products and services or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the United States where we are established, as well as in other countries outside of the EEA, Switzerland, and the UK. Such countries may have data protection rules that are different and less protective than those of your country.
We protect your personal data in accordance with this Privacy Statement wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws. Where personal data of users in the EEA, Switzerland, or the UK is being transferred to a recipient located in a country outside the EEA, Switzerland, or the UK which has not been recognized as having an adequate level of data protection, we ensure that the transfer is governed by the European Commission’s standard contractual clauses. Please contact us if you would like further information in that respect.
Zoom complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Zoom has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zoom has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Zoom commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Zoom at: privacy@zoom.us..
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Zoom commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
Zoom Communications, Inc., Zoom Voice Communications, Inc., and Solvvy, Inc., are adhering to the DPF Principles. The Federal Trade Commission has jurisdiction over Zoom’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
If third-party agents process personal data on our behalf in a manner inconsistent with the DPF Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. If you have a question or complaint related to our compliance with the DPF Principles, please contact us as indicated at the bottom of this privacy statement.
Under limited circumstances and after other available dispute resolution mechanisms have been exhausted, binding arbitration is available to address certain residual complaints under the DPF not resolved by other means.
California & Other U.S. States Notice at Collection
Categories of Personal Information Zoom Receives: Zoom may collect, or process on behalf of our customers, the following categories of personal data, as described above, in the “What Personal Data Do We Receive?”; section: identifiers (such as in Account Information, Profile and Participant Information, Contact Information, and Registration Information), financial account information (such as in Account Information); commercial information (such as in Account Information); internet or other electronic network activity information (such as Device Information, Usage Information Regarding Meetings, Webinars, Message, Collaborative Features, and the Website, and Limited Information from Zoom Email and Calendar Services); audio, electronic, and visual information (such as in Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features) education information such as from university customers; inferences we derive from the preceding or other information we collect; and sensitive personal information (such as certain categories in Account Information, Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features.
Sources: We receive information from sources as described in the “What Personal Data Do We Receive?”; section, including: from you (including through your use of our products and services); from partners; from customers; and from publicly available sources. We collect education information from schools that use our services. Please see our Children’s Educational Privacy Statement for more information.
Zoom’s business and commercial purposes for use: Zoom uses personal data for the following business and commercial purposes: to provide Zoom Products and Services; for Product Research and Development; for Marketing and Promotions (Zoom does not use meeting, webinar, or messaging content, or any content generated or shared as part of other collaborative features for any marketing or promotions); Authentication, Integrity, Security, and Safety; to Communicate with You; and for Legal Reasons. For more information, please see “Data We Process & How We Use It.”; Categories of third parties to whom we disclose Personal Information for business purposes are described in “How Do We Share Personal Data?”;
Zoom may permit advertising and analytics services that are intended to deliver advertising to you and/or analyze your interactions, based on your interactions with our website or app which may constitute a “sale” or “sharing” of data for targeted advertising purposes under certain state privacy laws. See “California & Other U.S. State Privacy Rights” for more information regarding your right to opt-out.
Retention: Zoom retains personal data for as long as required to engage in the uses described in this Privacy Statement, unless a longer retention period is required by applicable law. Additional detail on retention criteria can be found under Retention, above.
California & Other U.S. State Privacy Rights
Under some U.S. state laws, including the California Consumer Privacy Act of 2018 (as amended by the California Consumer Privacy Rights Act) (CCPA), residents may have a right to:
- Access the categories and specific pieces of personal data Zoom has collected, the categories of sources from which the personal data is collected, the business purpose(s) for collecting the personal data, and the categories of third parties with whom Zoom has shared personal data, and obtain the personal data in a portable and, to the extent technically feasible, readily usable format;
- Delete personal data under certain circumstances;
- Correct personal data under certain circumstances; and
- Opt out of the “sale” of personal data or “sharing” of personal data for targeted advertising purposes. We do not sell your personal data in the conventional sense. However, like many companies, we may use advertising and analytics services that are intended to analyze your interactions with our website or app, based on information obtained from cookies or other trackers, including for delivering advertising to you (such as interest-based, targeted, or cross-context behavioral advertising). You can get more information and opt out of the use of cookies and other trackers on our website and app by clicking the Your Privacy Choices, also on our homepage, and setting your preferences. You will need to set your preferences from each device and each web browser from which you wish to opt out. This feature uses a cookie to remember your preference, so if you clear all cookies from your browser, you will need to re-select your preferred settings. California and Connecticut residents may also set the Global Privacy Control (GPC) to opt out of the “sale” or “sharing” of your personal information for targeted advertising for each participating browser system that you use. Zoom does not have actual knowledge that it “sells” or “shares” the personal information of consumers under 16 years of age.
- Appeal a denial of your request. Some states provide additional rights to their residents. If we decline to process your request, you may have the right to appeal our decision. You can do so by replying directly to our denial or emailing privacy@zoom.us.
Zoom will not discriminate against you for exercising any of these rights, which is further in line with your rights under state law.
Sensitive Information. Zoom receives information that may be considered sensitive under some state laws, such as certain Account Information (e.g., financial information, log-in information), certain Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features and certain Limited Information from Zoom Email and Calendar Services (e.g., messaging content in cases described in this statement) as well as voiceprints and facial geometry, if you choose to enable certain features and provide the requisite consent. Zoom processes sensitive personal information to provide Zoom products and services, for product research and development, for authentication, integrity, security, and safety reasons, to communicate with you, for legal reasons, and with your consent. Zoom does not use or disclose sensitive personal information (as defined under CCPA) for purposes of inferring characteristics about a consumer, or in any way that would require Zoom to provide a right to limit under the CCPA. Under certain laws, residents may also be permitted to opt out of certain profiling relating to automated processing analyzing certain categories of an individual’s information that would produce a legal or similarly significant effect. Zoom does not engage in this type of profiling of individuals.
To exercise your rights, please click here. California residents may also call +1-888-799-0566. To opt out of the use of cookies on our sites for interest-based advertising purposes, follow the instructions above.
We will acknowledge receipt of your request within 10 business days, and provide a substantive response within 45 calendar days, or inform you of the reason and extension period (up to a total of 90 days) in writing.
These rights are not absolute, are subject to exceptions and limitations, and may not be afforded to residents of all states. In certain cases, we may decline requests to exercise these rights where permitted by law. We will need to verify your identity to process your access, deletion, and correction requests and reserve the right to confirm your state residency. To verify your identity, we may require you to log into your existing Zoom account (if applicable), give a declaration as to your identity under penalty of perjury, and/or provide additional information, such as providing at least two pieces of personal information relating to your account (which will be compared to information we have, such as profile information) or as we otherwise may already have in our possession, such as your email address and phone number. We will verify your consumer request by comparing the information you provide to information already in our possession, and take additional steps to minimize the risk of fraud. You may designate an authorized agent to submit your verified consumer request by providing written permission and verifying your identity, or through proof of power of attorney.
To see our Disclosure of Privacy Rights Requests, please click here.
California’s Shine the Light Law
Under California’s Shine the Light law, you may also ask companies with whom you have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes and the categories of personal information disclosed. You may send us requests for this information to privacy@zoom.us. In your request, you must include the statement “Shine the Light Request,” and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
Changes to This Privacy Statement
We may update this Privacy Statement periodically to account for changes in our collection and/or processing of personal data, and will post the updated Privacy Statement on our website, with a “Last Updated” date at the top and an Update Note at the bottom. If we make material changes to this Privacy Statement, we will notify you and provide you an opportunity to review before you choose to continue using our products and services.
Privacy Statement Update Notes (August 2, 2024):
Updates to describe the processing of personal data related to enhanced audio and video features.
Privacy Statement Update Notes (October 11, 2024):
Updates to describe the processing of personal data related to enhanced audio features.
Updates to describe new intelligent feature functionality, including related integration options.