See why millions of people and organizations trust us with their communications.Security Whitepaper
Zoom offers several tools to protect your meetings from how people join to how information is shared.
Communications are established using 256-bit TLS encryption and all shared content can be encrypted using AES-256 encryption.
Zoom is committed to protecting your privacy. We've designed policies and controls to safeguard the collection, use, and disclosure of your information.
The following in-meeting security capabilities are available to the meeting host:
End-to-End Chat Encryption allows for a secured communication where only the intended recipient can read the secured message. Zoom uses both asymmetric and symmetric algorithms to encrypt the chat session. Session keys are generated with a device-unique hardware ID to avoid data being read from other devices. This ensures that the session can not be eavesdropped on or tampered with.
Recordings can be stored on the host’s local device with the local recording option or on Zoom’s cloud with the Cloud Recording option (available to paying customers).
Zoom Phone Voicemail recordings are processed and stored in Zoom’s cloud and can be managed through the secured Zoom client.
Zoom only stores basic information under user account profile information:
Zoom offers a range of authentication methods such as SAML, OAuth, and/or Password based which can be individual enable/disabled for an account.
Zoom works with Microsoft Active Directory as well as other leading enterprise identity management platforms such as Centrify, Fugen, Gluu, Okta, OneLogin, PingOne, Shibboleth, Symplified, and many others. Zoom can map attributes to provision a user to different group with feature controls.
OAuth-based provisioning works with Google or Facebook OAuth for instant provisioning. Zoom also offers an API call to pre-provision users from any database backend.
Additionally, your organization or university can add users to your account automatically with managed domains. Once your managed domain application is approved, all existing and new users with your email address domain will be added to your account.
Federal Risk and Authorization Management Program View Certificate
Zoom is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.
To learn more about our GDPR compliance, please read our GDPR notice.
Zoom’s solution and security architecture provides end-to-end encryption and meeting access controls so data in transit cannot be intercepted.
Zoom does not have access to identifiable health information and we protect and encrypt all audio, video, and screen sharing data.
Healthcare organizations should contact our sales teams to learn more about our solutions and how they can be configured to comply.