Security at Zoom

See why millions of people and organizations trust us with their communications.

More Resources
If you think you may have found a security vulnerability within Zoom, please contact our security team directly at security@zoom.us.

Our PGP key is available for download here and on key servers.

We take your security seriously

Protecting your Meetings

Zoom offers several tools to protect your meetings from how people join to how information is shared.

Protecting your Data

Communications are established using 256-bit TLS encryption and all shared content can be encrypted using AES-256 encryption.

Protecting your Privacy


Zoom is committed to protecting your privacy. We've designed policies and controls to safeguard the collection, use, and disclosure of your information.

Protecting your Meetings

The following in-meeting security capabilities are available to the meeting host:

  • Secure a meeting with encryption
  • Create Waiting Rooms for attendees
  • Require host to be present before meeting starts
  • Expel a participant or all participants
  • Lock a meeting
  • Screen share watermarks
  • Audio signatures
  • Enable/disable a participant or all participants to record
  • Temporary pause screen-sharing when a new window is opened
  • Use a passcode to protect a meeting
  • Only allow individuals with a given e-mail domain to join

Protecting your Data

Chat Encryption allows for a secured communication where only the intended recipient can read the secured message. Zoom uses both asymmetric and symmetric algorithms to encrypt the chat session. Session keys are generated with a device-unique hardware ID to avoid data being read from other devices. This ensures that the session can not be eavesdropped on or tampered with.

Recordings can be stored on the host’s local device with the local recording option or on Zoom’s cloud with the Cloud Recording option (available to paying customers).

  • Recordings stored locally on the host’s device can be encrypted if desired using various free or commercially available tools.
  • Cloud Recordings are processed and stored in Zoom’s cloud after the meeting has ended; these recordings can be passcode protected or available only to people in your organization.
  • The recordings are stored in both video/audio format and audio only format.
  • If a meeting host enables cloud recording and audio transcripts, both will be stored encrypted. If a meeting host enables file transfer through in-meeting chat, those shared files will be stored encrypted as well.
  • The meeting host can manage their recordings through the secured web interface.
  • Recordings can be downloaded, shared, or deleted.

Zoom Phone Voicemail recordings are processed and stored in Zoom’s cloud and can be managed through the secured Zoom client.

Protecting your Privacy

Zoom only stores basic information under user account profile information:

  • Email address
  • User password - salted, hashed
  • First name
  • Last name
  • Company name (optional to provide)
  • Company phone number (optional to provide)
  • Profile picture (optional to provide)

For more information about our privacy policy, visit https://zoom.us/privacy.

Authentication Methods

Zoom offers a range of authentication methods such as SAML, OAuth, and/or Password based which can be individual enable/disabled for an account.

Zoom works with Okta as well as other enterprise identity management platforms such as Centrify, Microsoft Active Directory, Gluu, OneLogin, PingOne, Shibboleth, and many others. Zoom can map attributes to provision a user to a different group with feature controls.

OAuth-based provisioning works with Google or Facebook OAuth for instant provisioning. Zoom also offers an API call to pre-provision users from any database backend.

Additionally, your organization or university can add users to your account automatically with managed domains. Once your managed domain application is approved, all existing and new users with your email address domain will be added to your account.

Security and Privacy

SOC 2
(Type II)
Trust Services Principles

FedRAMP
(Moderate)

Federal Risk and Authorization Management Program View Certificate

TRUSTe

Privacy Practices and Statements


Zoom and the EU General Data Protection Regulation (GDPR)

Zoom is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.

To learn more about our GDPR compliance, please read our GDPR notice.

Enables HIPAA, PIPEDA & PHIPA Compliance

Zoom’s solution and security architecture provides encryption and meeting access controls so data in transit cannot be intercepted.

Zoom does not have access to identifiable health information and we protect and encrypt all audio, video, and screen sharing data.

Healthcare organizations should contact our sales teams to learn more about our solutions and how they can be configured to comply.

Security questions or issues?

If you think you may have found a security vulnerability within Zoom, please get in touch with our security team.

Read more about Security Practices, Privacy Policy, Terms of Service and GDPR notice