> For the complete documentation index, see [llms.txt](https://library.zoom.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://library.zoom.com/ai-whitepaper/data-governance-and-privacy.md).

# Data Governance and Privacy

## Data Encryption

Customer data, including customer content, is encrypted in transit between customers and Zoom, where supported by the user’s connection method and as stated in Zoom's support articles, between Zoom services, and between Zoom and its third-party subprocessors, including its third-party AI model providers (e.g., OpenAI and Anthropic), using Transport Layer Security (TLS) 1.2, as a minimum, or AES 256-bit GCM. Customer data, including customer content, that is either generated by or used to provide the Zoom AI features, is encrypted at rest using a minimum Advanced Encryption Standard (AES) 256-bit encryption.

{% hint style="info" %}
**Note**

Customers may supply their own encryption key for content stored by Zoom if they use Zoom Customer Managed Key (CMK), available for Enterprise customers or as an add-on. A current list of the types of assets supported by CMK can be found in the “Content protected by Customer Managed Key” support article.
{% endhint %}

## Data Access

Consistent with Zoom’s [Privacy Statement](https://www.zoom.com/en/trust/privacy/privacy-statement/?ampDeviceId=bb815bd9-9fc2-43c5-8323-028b2011295a\&ampSessionId=1777925804236), Zoom employees may not access or use customer content, including meeting, webinar, messaging, or email content (specifically, audio, video, files, in-meeting whiteboards, messaging, or email content), any content generated or shared as part of other collaborative features (such as out-of-meeting whiteboards), or content generated by AI features, unless authorized by the account owner or administrator of the account hosting the Zoom product or service where the customer content was generated, or as required for legal, safety, or security reasons.

## Data Usage

Zoom does not use any customer audio, video, chat, screen sharing, attachments, or other communications-like customer content (such as poll results, whiteboard, and reactions) to train Zoom’s or its third-party artificial intelligence models.

Zoom AI features must use certain content to provide the service.

## Data Processing and Storage Locations

Zoom processes and stores data based on the hosted data center region and applicable settings of the host, owner or user, as applicable. See also the [Managing Data & Storage location](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0066473) support article for more information on storage locations.\
\
When interacting with external participants, content (e.g., chats, meeting transcripts) exchanged between accounts may be processed according to the external account settings.

## Data Retention

Zoom stores and retains customer content and personal data for as long as required to engage in the uses described in its [Privacy Statement](https://www.zoom.com/en/trust/privacy/privacy-statement/?ampDeviceId=bb815bd9-9fc2-43c5-8323-028b2011295a\&ampSessionId=1777925804236), unless a longer retention period is required by applicable law, including for reasons such as trust and safety. In the context of data retention and processing, “trust and safety purposes” refers to measures taken to protect the safety and integrity of a service and its users. This involves retaining certain data for a period of time to help prevent abuse and misuse. Additional information on Zoom’s Trust and Safety processes may be found in [Zoom's Safety Center](https://safety.zoom.us/?ampDeviceId=bb815bd9-9fc2-43c5-8323-028b2011295a\&ampSessionId=1777925804236). Content that would ordinarily be retained by the associated Zoom service is stored in accordance with the retention period for that service. Customers may also set custom retention periods for certain content.

With respect to third-party generative AI model providers used as part of Zoom AI’s federated approach, Zoom has zero data retention policies in place, which provide that they do not retain customer content, with limited exceptions for trust and safety purposes, such as to detect and report CSAM.

### Zero Data Retention for Meeting Summary

Administrators can implement a zero data retention approach for transcripts within their account by **disabling** and **locking** the Meeting transcript setting on the account or group-level. When configured in this manner, Zoom uses temporary speech-to-text data for the purpose of generating a meeting summary and does not retain a persistent transcript of the meeting conversation.

Once summary generation is successful, the ephemeral speech-to-text data is discarded and cannot later be recovered, re-obtained, or reused. If the initial attempt to generate a summary is unsuccessful, Zoom uses the temporary speech-to-text data to allow additional attempts to complete the summary. If summary generation still does not succeed, the speech-to-text data is discarded.

Because no persistent transcript is retained under this configuration, meeting summaries generated in this manner cannot later be reprocessed, regenerated, or used with a different or custom summary template. This approach is therefore intended for organizations that prioritize minimizing transcript retention over preserving the ability to perform later transcript-based reprocessing.

This configuration applies only to Zoom’s meeting summary feature and controls whether transcripts are generated and retained when summaries are generated. However, other Zoom Meetings features that require access to meeting transcripts such as My Notes and archival will be impacted when transcript generation is disabled, as these features depend on the availability of transcripts. Additionally, if a cloud recording feature is enabled, it can generate and retain a meeting transcript as part of the cloud recording files independent of this configuration. Additional transcript settings for My Notes, archival, and cloud recordings will continue to be managed in separate locations in the web portal. This setting also does not prevent participants or third parties from independently creating, storing, or retaining separate transcript copies, notes, recordings, or other records of the conversation through external tools or services.

Refer to Zoom’s support center for more information on [allowing users to retain transcripts generated with meeting summary](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0076631) or [accessing meeting transcripts](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0076632).

## Third-Party Sub-processors

As part of Zoom’s federated approach to AI, artificial intelligence models from third parties, such as Anthropic and OpenAI, may be used for certain Zoom AI features alongside Zoom’s artificial intelligence models to provide high-quality results. Zoom also uses other model providers for particular features, discussed above.\
\
Zoom requires its [sub-processors](https://www.zoom.com/en/trust/subprocessors/) to satisfy obligations equivalent to those outlined in Zoom’s Data Processing Addendum. Zoom’s sub-processors are subject to security assessments on at least an annual basis as part of Zoom’s third-party risk management program. Zoom’s third-party risk management controls are assessed by independent audit firms in many of its security certifications and attestations, which are available to customers on Zoom’s Trust Center.

## How Zoom AI Features Use Your Data

Detailed information about how individual Zoom AI features use data is maintained in Zoom’s support documentation. For information about how particular Zoom AI features handle data, including what content may be used to provide the service, refer to Zoom’s support article, [How Zoom AI features handle your data](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0057861).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://library.zoom.com/ai-whitepaper/data-governance-and-privacy.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
