WhatDoTheyCollect
Back to Home
Zoom logo

Zoom Privacy Summary

zoom.usLast updated: 12/28/2023
Communication
high Risk

Video-first communication and collaboration platform for meetings, webinars, phone calls, recordings, and team messaging used by individuals and organizations worldwide.

Quick Summary

  • What They Collect: Customer Content, account/billing info, telemetry (service-generated) and feedback.
  • How They Use & Share It: To provide services, for safety/compliance, with subprocessors, affiliates, and as required by law.
  • Your Rights: Retrieve Customer Content for 30 days post-termination; business customers get DPA protections; opt-out arbitration window.

Why You Should Care About Zoom's Privacy Practices

  • High-risk data collection: Zoom stores recordings, transcripts and files — sensitive audio/video data can reveal private conversations and PII.
  • Real-world impact: Stored meeting content can be accessed during legal demands, used for internal analysis, or shared with subprocessors.
  • Scale & influence: Widely used across businesses, schools, and governments, Zoom’s data practices affect daily communications and organizational privacy.
  • Actionable concern: Customer Content license and broad subprocessors mean you should review DPAs and recording/consent workflows to reduce exposure.

Privacy Highlights

What They Collect

  • Account information (email, billing address, company name, contact name)
  • User content and files (Customer Content: audio, video, chat, files, recordings)
  • Feedback data (user suggestions / feedback)
  • Payment information / Charges and billing details (billing address, VAT, amounts charged)
  • Service usage information (telemetry, product usage, diagnostic data — “Service Generated Data”)

How They Share Data

  • Service providers, consultants, contractors and subprocessors (for delivery of services)
  • Affiliates and business affiliates (assignment, contracting entity)
  • Third-party integrations and offerings (optional integrations; Zoom disclaims liability)
  • Government authorities / compelled disclosures (Government Request Guide; disclosures required by law)

Data Retention

Customer Content: users may retrieve content for 30 calendar days after termination, after which Zoom deletes Customer Content according to applicable law and Zoom’s deletion protocols; other data (Service Generated Data, logs) are owned by Zoom and retention periods are governed by applicable law and internal policies (not fully specified in the provided documents)

Your Rights

  • Access data: ability to retrieve Customer Content for 30 days after termination (then deleted per policy)
  • Terminate account / Services: termination procedures and rights described in Terms of Service
  • Opt-out of arbitration: individual opt-out procedure within specified 30-day windows (email opt-out)
  • Contractual protections for controllers/processors via Data Processing Addendum (for business customers)

Detailed Analysis

Concerning Practices

  • Sharing Customer Content and Customer Confidential Information with subprocessors and contractors for service delivery (broad sharing scope)
  • Broad license / rights language: customers grant Zoom a broad, perpetual license for permitted uses of Customer Content (sublicensable, transferable)
  • Limited explicit retention details in the provided docs for non-customer-content data (retention policy unclear for Service Generated Data)
  • Strong liability and limitation clauses plus arbitration/class-action waivers that limit legal remedies for users/businesses

Personal Data Types

Account information (email, billing address, company name, contact name) User content and files (Customer Content: audio, video, chat, files, recordings) Feedback data (user suggestions / feedback) Payment information / Charges and billing details (billing address, VAT, amounts charged) Service usage information (telemetry, product usage, diagnostic data — “Service Generated Data”) Customer Data (business identifiers like taxpayer ID, VAT registration number) Recordings stored when hosts enable recording (stored and retrievable per policy)

Tracking Methods

Third Parties

Service providers, consultants, contractors and subprocessors (for delivery of services) Affiliates and business affiliates (assignment, contracting entity) Third-party integrations and offerings (optional integrations; Zoom disclaims liability) Government authorities / compelled disclosures (Government Request Guide; disclosures required by law) Advertising / marketing partners (marketing uses and right to identify customers / use logos)

User Controls

Access data: ability to retrieve Customer Content for 30 days after termination (then deleted per policy) Terminate account / Services: termination procedures and rights described in Terms of Service Opt-out of arbitration: individual opt-out procedure within specified 30-day windows (email opt-out) Contractual protections for controllers/processors via Data Processing Addendum (for business customers)

Frequently Asked Questions About Zoom

Want updates when Zoom's privacy policy changes?

We'll notify you when there are significant changes to their data practices.

You'll only receive updates for Zoom. We won't spam you.

Legal Disclaimer

This analysis is provided for informational purposes only and should not be used as legal advice. Consult with legal professionals for matters requiring legal guidance.