Last updated: July 2020

Zoom Video Communications, Inc., and its subsidiaries, affiliates and parent companies (“Zoom”, “we”, “us” or “our”) is committed to protecting your privacy and ensuring you have a positive experience when you use our video conferencing and communication services (the “Services”), visit our webpages, interact with us on social media, or attend a Zoom sponsored event offline or online.

This Statement explains Zoom’s practices when we process your “personal data,” which is information that relates to an identified or identifiable individual. To “process” or “processing” means any use of personal data including, transferring, collecting, recording, storing, using, analyzing, combining, disclosing or deleting it.

This Statement may be updated periodically. If we plan to make any material changes to the way we handle personal data as described here, we will notify you by posting an updated version of this Statement on our website. Changes to this Statement are summarized in our Change Log. We may supplement this Statement with “just-in-time” notices, or other disclosures contained within or in connection with the provision of the Services, which may describe in more detail our data collection, use and sharing practices. Unless we say otherwise, such supplemental privacy statements will govern how we may process the information in the context of the specific product or service.

What this Statement Covers

This Statement applies to the personal data we process as a data controller, that is, as the party that determines what data to collect and why. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with the Services. The data we collect depends on the context of your interactions with Zoom and the choices you make, including the products and features you use. We also obtain data about you from third parties.

When you use Zoom’s Services through a Zoom account holder, such as your employer or school, the processing of your personal data is determined and administered by that account holder under its privacy policies. If you have questions about how and why your personal data is collected, the legal basis for processing, or requests regarding your personal data, please refer to the account holder’s privacy statement and direct your inquiries to the account holder or its administrator.

Supplementary Information

Applying for a Job at Zoom

Please see our Applicant Privacy Statement for supplemental information on the personal data we process in connection with our recruiting efforts.

Your California Privacy Rights

If you are a resident of the State of California, this Privacy Statement is supplemented by our California Privacy Rights Statement that explains your California privacy rights and how you can exercise these rights.

Zoom for Government

The following section on Zoom for Government (ZfG) supplements this Privacy Statement. Where terms differ, this section takes precedence.

ZfG is hosted in the United States in a separate cloud authorized by FedRAMP and is accessible by way of a separate website (www.zoomgov.com).  If you use the ZfG service:

  • All data collected about you while using the ZfG service or the ZfG website is stored in the United States of America;
  • Your data is only processed by Zoom in accordance with FedRAMP “moderate impact level” control standards;
  • The sections in this Statement related to data handling outside the United States do not apply to the personal data collected by Zoom about you in connection with your use of the ZfG service or ZfG website;
  • With regard to the Zoom App Marketplace, we do not allow third parties to use any personal data obtained from us for their own purposes, unless it is with your consent (e.g. when you download an app from the Zoom for Government Marketplace: https://marketplace.zoomgov.com/).

Zoom and Children

Zoom does not knowingly allow children under the age of 16 to sign up for their own accounts. Primary and secondary schools or districts register to use Zoom’s video communications platform through a “K-12/Primary and Secondary Account.” Please see Zoom’s K-12/Primary and Secondary Privacy Statement for additional information. Where terms differ, as with the limitations on advertising in K-12 Accounts, the K-12/Primary and Secondary Privacy Statement takes precedence.

Zoom App Marketplace & Other Sites, Mobile Applications and Services

This Privacy Statement does not apply to any third-party applications or software that you elect to add to the Services (“Third Party Services”), or any other third-party websites, mobile applications, or online products, services or businesses you may access from the Services. When you download an App from the Zoom App Marketplace, for example, the app publisher provides its own terms of service, privacy policy and support information. Please review that information carefully.

Personal Data We Process & How We Use It

The table below describes Zoom’s processing of personal data as a data controller.

Personal Data Processing

Types of Personal Data

How We Get It

What we do with it

Legal Basis

[Applies only in the EEA, and only within the meaning of the EU’s General Data Protection Regulation (GDPR)]

Account User Data

Information we collect when you register for a free Zoom Account, such as:

  • Date of birth (for age-verification purposes only, Zoom does not retain or use this information for any other purpose)
  • First Name
  • Last Name
  • Phone (optional)
  • Email
  • Language preference
  • User IDs and Password (if Single Sign On is not used)
  • Profile Picture for avatar (optional)
  • Department (optional)
  • Meeting schedule

From the free Zoom Account registrant

  • Enroll you in the Services
  • Display your user avatar to meeting participants.
  • Provide you with support
  • Send marketing communications, where permitted
  • Provide announcements related to software updates, upgrades, and system enhancements
  • Run opt-in contests, sweepstakes or other promotional activities
  • Provide you with Zoom event information and offers from us or Zoom event co-sponsors
  • Contract
  • Legitimate Interests

Paid Account Holder Data

Information we collect for a Paid Zoom Account, such as:

  • Zoom Account User Data (listed above)
  • Billing name
  • Billing phone
  • Billing address
  • Payment method
  • Company Name (if applicable)
  • Employee count (if applicable)

From the Paid Zoom Account registrant

  • Create a Zoom Account
  • Provide Zoom services
  • Respond to requests for support
  • Send marketing communications, where permitted
  • Provide announcements related to software updates, upgrades, and system enhancements
  • Contract
  • Legitimate Interests

Operation Data

Technical information from Zoom’s software or systems hosting the Services, and from the systems, applications and devices that are used to access the Services, such as:

  • Configuration Data: information about the deployment of Zoom Services and related environment information.
  • Meeting metadata: metrics about when and how meetings were conducted.
  • Feature Usage Data: information about if and how Service features were used.
  • Performance Data: metrics related to how the Services perform.
  • Service Logs: information on system events and states.

Automatically through use of the Services

  • Facilitate the delivery and optimization of the Services
  • Monitor performance of our data centers and networks
  • Provide Account dashboards and reports
  • Provide support
  • Maintain the security of our infrastructure and Services
  • Administer our disaster recovery plans and policies
  • Detect, investigate and stop fraudulent, harmful, unauthorized or illegal activity (“fraud and abuse detection”)
  • Confirm compliance with contractual obligations
  • Comply with legal obligations
  • Create anonymized and/or aggregated data to improve our products and for other lawful business purposes
  • Contract
  • Legitimate interests
  • Protect vital interests
  • Legal compliance

Support and Feedback Data, such as:

  • Support Data: information that has been provided by a customer to Zoom or is otherwise processed in connection with support activities such as support chats or calls (including recordings of those calls) and Service support tickets.
  • Survey Data: feedback from in-service Survey data relates to a customer’s Net Provider Score (“NPS”) and other similar in-Service surveys or feedback in relation to use of the relevant Services.

Directly from a Zoom user

  • Respond to requests for support
  • Conduct anonymized, aggregated analytics to improve performance
  • Contract
  • Legitimate interests

Approximate Location (e.g., nearest city or town)

Automatically through your use of the Services

  • Connect you to the nearest data center
  • Comply with privacy and other laws – for example, so we can provide you with the right notices for your area
  • Suggest choices such as language preferences
  • Monitor performance of our data centers and networks
  • Route support requests
  • Contract
  • Legitimate interests
  • Legal obligation

Persistent Identifiers on Marketing Pages

Data collected through the use of cookies and pixels from tools (such as Google Analytics and

Google Ads), such as:

  • Internet protocol (IP) addresses,
  • Browser type,
  • Internet service provider (ISP),
  • Referrer URL,
  • Exit pages, the files viewed on our marketing sites (e.g., HTML pages, graphics, etc.),
  • Operating system, and
  • Date/time stamp
  • Approximate location (e.g., nearest city or town) Please see our Cookie Policy for more detail.

Depending on how you choose to configure our cookie preference tool, we may collect this info automatically from our Marketing Pages and other online services

  • Analyze how our website is used so we can improve your experience
  • Complete orders and remember your settings
  • Identifying language preferences
  • Evaluate the success of our Marketing campaigns
  • Marketing, including facilitating tailoring of advertising you see when you are on other online services
  • Consent
  • Legitimate Interests

Persistent Identifiers on Product Pages

These are third-party cookies that are necessary for technical support and to deliver the service. Please see our Cookie Policy for more detail.

Automatically when you use the Services from your web browser

  • Provide the Service
  • Provide Technical Support
  • Contract
  • Legitimate Interests

Marketing Data

  • Data enrichment services (only in connection with Marketing Pages)
  • Email marketing lists (where permitted under applicable law)

From Third Parties and public sources

  • Marketing activities
  • Sending marketing communications
  • Providing tailored information about our Services
  • Legitimate Interests

Zoom sponsored or co-sponsored Event Attendee information

  • Event title & details
  • Name
  • Email address
  • Employer (if applicable)
  • Job Title (if applicable)

From you or the party responsible for registering you for a Zoom sponsored event

  • Communicate with you about the event
  • Run opt-in contests, sweepstakes or other promotional activities
  • Provide you with information and offers from us or event co-sponsors
  • Contract
  • Consent
  • Legitimate interests

Customer Content

Customer content is the “in-session” information you give us directly through your use of the Services, such as files, chat logs, and transcripts, and any other information you may upload while using the Services. Zoom uses customer content only in connection with providing the Services – we do not monitor, sell or use customer content for any other purposes.

We do not control the actions of anyone with whom you or any other Service user may choose to share information. Therefore, we cannot and do not guarantee that any customer content you or any user provides to the Services will not be viewed by unauthorized persons. Nor can Zoom control the information a user may choose to share during a meeting. Although Zoom account holders can set privacy options that limit access to certain areas of the Services, please be aware that no security measures are perfect or impenetrable and that we are not responsible for circumvention of any security measures contained on the Services. You should be cautious about the access you provide to others when using the Services, and the information you choose to share when using the Services.

Zoom’s Product and Marketing Pages

Zoom generally processes personal data in two different manners using its websites and apps. First, Zoom processes personal data it obtains from the webpages or mobile application interfaces that Zoom uses to provide its Services, such as the landing page a user sees after clicking on a link to join a meeting (Zoom’s “Product Pages”). Product Pages also include webpages and links that are only accessible to a Zoom account holder after they login to their Zoom account. Product Pages serve only third-party cookies that are necessary for technical support and to deliver the service. There are no interest-based advertising cookies on Product Pages.

Second, Zoom processes personal data obtained from its webpages that are accessible without logging in to a Zoom account (Zoom’s “Marketing Pages”). Marketing Pages, such as www.zoom.us, are designed to encourage sales of Zoom subscriptions. They tell you about our product, plans, and pricing, features, and other related information.

Like many companies, we use advertising services that try to tailor online ads to your interests based on information collected via cookies and similar technologies on our Marketing Pages. This is called interest-based advertising. You can get more information and opt-out of the use of cookies on our Marketing Pages by clicking the Do Not Sell My Personal Information link in the footer of this webpage. You will need to set your preferences from each device and each web browser from which you wish to opt-out. This feature uses a cookie to remember your preference, so if you clear all cookies from your browser, you will need to re-set your settings. For more information regarding cookies or similar technologies, please review our Cookie Policy.

Our Referral Program

You can use our referral program to tell others about Zoom. When you do, you will be asked to provide that person’s name and email so that we can contact them. We rely on you to make sure the person you are referring to us has agreed to be contacted by us. We will send a one-time email inviting them to visit a Marketing Page. Unless that person says they want to hear more, we will only use their name and email address to send this one-time email and to maintain an activity log of our referral program where permitted by law.

How We Share Personal Data

We only share personal data with companies, organizations or individuals outside of Zoom when one of the following circumstances applies:

With Consent

We may share personal data with companies, organizations, individuals outside of Zoom and others when we have consent from an individual (as applicable).

With Zoom Partners

If Zoom received your personal data from a third-party partner and you become a Customer, Zoom may disclose select personal data to that partner or their designee for the purpose of the partnership agreement; for example, to reward a referral partner from a co-sponsored event. Zoom’s partners have contractually agreed to comply with appropriate privacy and security obligations.

For corporate transactions

We may share personal data with actual or prospective acquirers, their representatives and other relevant participants in, or during negotiations of, any sale, merger, acquisition, restructuring, or change in control involving all or a portion of Zoom’s business or assets, including in connection with bankruptcy or similar proceedings.

For sub-processing

We provide personal data to sub-processors or services providers to help us provide the Services and for Zoom’s business purposes. Examples include public cloud storage vendors, carriers, payment processor, and service provider for managing customer support tickets. Zoom contractually prohibits sub processors from using the personal data for any reason other than to provide the contracted-for services and Zoom contractually requires sub-processors to comply with all appropriate privacy and security requirements. Please find a list of Zoom’s sub-processors at https://zoom.us/subprocessors

For legal reasons

We share personal data with companies, organizations or individuals outside of Zoom if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

    • meet any applicable law or respond to valid legal process, including from law enforcement or other government agencies.
    • enforce applicable Terms of Service, including investigation of potential violations.
    • detect, prevent, or otherwise address fraud, security or technical issues.
    • protect against harm to the rights, property or safety of Zoom, our users or the public as required or permitted by law, including to help prevent the loss of life or serious injury of anyone.


For more information about data we disclose in response to requests from law enforcement and other government agencies, please see our Guidelines for Government Requests.

Data Subject Privacy Rights and Choices

Right to Correct or Update Your Information

If you would like to correct or update information that you have provided to us, please logon to www.zoom.us and update your profile.

Marketing Communications

You may receive marketing email communications from us where permissible. If you would like to stop receiving these communications, you can update your preferences by using the “Unsubscribe” link found in those emails.

European Privacy Rights

If you reside in the European Economic Area, you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes or to complete transactions that you began prior to requesting any deletion.

  • Right not to provide consent or to withdraw consent. We may seek to rely on your consent in order to process certain personal data. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
  • Right of access and/or portability. You may have the right to access the personal data that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or “port” that data to another provider.
  • Right of erasure. In certain circumstances, you may have the right to the erasure of personal data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
  • Right to object to processing. You may have the right to request that Zoom stop processing your personal data and/or to stop sending you marketing communications.
  • Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal information.
  • Right to restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
  • Right to lodge a complaint to your local Data Protection Authority. If you are an EEA resident, you have the right to complain to a data protection authority about our collection and use of your personal data.

How to Exercise Your Rights

To exercise any of the rights above, email us at privacy@zoom.us. You may also submit a request to the following address:

Zoom Video Communications, Inc.

Attention: Data Privacy Officer

55 Almaden Blvd, Suite 600

San Jose, CA 95113

Please identify yourself and specify your request. If you have a password protected Zoom account, we will use your account information to verify your identity. If not, we will ask you to provide additional verification information. What we request will depend on the nature of your request, how sensitive the information is, and how harmful unauthorized disclosure or deletion would be.

We use commercially reasonable efforts to delete your personal data as required but retain records necessary to comply with a governmental authority or applicable federal, state, or local law. Where legally permitted, we may decline to process requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others.

International Transfers

Zoom operates globally, which means personal data may be stored and processed (for example stored in a data center) in any country where we or our service providers have facilities or hold events. By using Zoom or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the United States or in other countries around the world. Such countries may have data protection rules that are different and less protective than those of your country.

If you are a resident of the European Economic Area (EEA), and your personal data is transferred outside of the EEA, we will:

  • Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or
  • Implement appropriate safeguards to protect your personal information, including transferring it in accordance with applicable transfer mechanism, including the European Commission's standard contractual clauses or the Privacy Shield Framework.

Zoom complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. Zoom has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this Statement and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification page, please visit the U.S. Department of Commerce's Privacy Shield List, https://www.privacyshield.gov/list and search for Zoom Video Communications.

Zoom is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Zoom complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, Switzerland, and the United Kingdom including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Zoom is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Zoom may be required to disclose personal data in response to valid and lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you can invoke binding arbitration when other dispute resolution procedures have been exhausted.

Retention

We will retain personal data for as long as required to do what we say we will in this Statement, unless a longer retention period is required by applicable law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide our services to you (for example, for as long as you have an account with us or keep using our services);
  • Whether we have a legal obligation to keep the data (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Customers can delete their own accounts.

Security

Zoom is committed to protecting your personal data. We use reasonable and appropriate technical and organizational measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data. If you have any questions about the security of your data, please contact our security team at security@zoom.us

How to Contact Us

If you have any privacy-related questions or comments related to this Statement, please send an email to privacy@zoom.us. You can also contact us by writing to this address:

Zoom Video Communications, Inc.

Attention: Data Privacy Officer

55 Almaden Blvd, Suite 600

San Jose, CA 95113

Deborah Fay is our Data Protection Officer for the EEA and she can also be contacted at privacy@zoom.us.

Change Log

Summary of Updates Made:

Date of Update

Summary of Changes

March 29, 2020

Revised entire Statement to be more readable and transparent. We did not change any data practices, only how we described them.

July 2020

  • Removed “Attention Tracker” language, due to feature removal on April 5
  • Added language required by TrustArc, our verification vendor
  • Added GDPR specific language.
  • Clarified language to improve readability and transparency

We did not change or add any data practices, only how we described them.