Privacy, Security, and Compliance

This section outlines privacy, security, and compliance settings available within Zoom Contact Center.

Data Residency

For Zoom Contact Center-specific data residency, there are two distinct categories of data that cover different components of the service: Diagnostic Data and Customer Content Data. Each of these data types has different rules governing their residency, which are discussed in the following sections.

Diagnostic Data

Diagnostic Data is data automatically generated or collected by Zoom through use of the Zoom service. For Zoom Contact Center, Diagnostic Data includes phone call, video call, SMS/MMS, voicemail, and voice recording metadata, telemetry data (e.g., product usage and system configuration), and other service-generated data (e.g., information to provide a service requested by the end user).

Details of how Diagnostic Data and its sub-categories are collected and handled are provided within the Zoom Contact Center Privacy Data Sheet and Zoom’s Privacy Statement. Customers with outstanding questions are encouraged to speak to their Zoom account team for more information.

Customer Content Data

Zoom Contact Center Customer Content Data is the data your users record or share during an engagement, including voice/video, transcripts, recordings, voicemail, and SMS/MMS.

Where this data is stored can depend on several factors and may vary depending on account, group, and user settings or other tool-specific settings. However, it is important to note that all call recordings will be temporarily stored and processed in the SIP zone region where the user’s device is registered before it is moved to its permanent data storage location. For instance, if a user’s applicable content storage is set to Germany but they are registered to a SIP zone in the U.S., the call will be recorded and processed within the U.S. data center before being transferred to long-term storage in Germany.

The following table outlines which pieces of customer content data are customizable for residency and which are located within the account’s provisioned cluster.

Defining Storage Location Settings

Zoom Contact Center customers can choose regional data storage for applicable types of Customer Content at the account and Queue levels.

For these various groups and call-routing tools, customers can choose to store applicable Zoom Contact Center Customer Content in the following locations:

Refer to Zoom’s support center for more information on managing Customer Content storage locations.

Data Retention

Zoom Contact Center Customer Content Data is retained in the cloud indefinitely by default. However, customers can customize their data retention settings for the following items:

Customers can also define deletion behavior, with the option initially “soft delete” data, leaving it in a recoverable state for up to 30 days before it is permanently deleted. Alternatively, customers can set it to permanently delete after the set time without a “soft delete” period.

Refer to Zoom’s support center for more information on adjusting Zoom Contact Center's data retention policies.

Data Redaction, Data Masking, and Blocking Sensitive Data

To assist with protecting consumer and personally identifiable information (PII), Zoom Contact Center supports data masking and redaction, described in the sections below.

Data Redaction

With data redaction, Zoom Contact Center admins can configure the service to automatically remove or obscure sensitive information, like a consumer’s personal data, from an engagement’s records, including voice and video recordings, transcripts, and messaging interactions.

Once the feature is enabled, Zoom Contact Center will scan recordings and transcripts to detect personal data and replace it with generic placeholder text. For example, if redacting a transcript, the phone number 555-555-5555 would be replaced with the text [PHONE NUMBER]; alternatively, if redacting an audio recording, the recording would be silent for that portion of the conversation.

Refer to Zoom’s support center for more information on data redaction within Zoom Contact Center.

Data Masking

With Data Masking, Zoom Contact Center admins can configure the service to transform sensitive data into a non-identifiable format that maintains the original structure while concealing critical details. For example, transforming a credit card number from 1234-1234-1234-1234 to XXXX-XXXX-XXXX-1234.

When this feature is enabled, Zoom Contact Center admins can control which roles have access to view consumers’ personal information within engagements and reports. Personal data will be masked during live text-based interactions, as well as when viewing closed engagements, analytics, and voicemail Inboxes; however, this masking doesn't apply to Zoom APIs or third-party integrations. Lastly, when consumer information is masked, agents are unable to perform searches based on that data. Refer to Zoom’s support center for more information on data masking within Zoom Contact Center.

Blocking Sensitive Data

With the Block Sensitive Information feature, Zoom Contact Center admins can prevent consumers from sharing sensitive information through web chat, in-app chat, or SMS engagements. This feature uses regular expressions to detect specific strings or numbers, and can block sensitive content before it’s shared.

For example, if a consumer tries to send a message containing sensitive information that matches a configured expression, they will receive an automated notification informing them that their message couldn’t be sent due to the presence of sensitive content. When this occurs, the assigned agent will also receive this notification.

Refer to Zoom’s support center for more information on blocking sensitive data within Zoom Contact Center.

Localized Product Availability

The following table outlines product availability within Zoom’s localized regions.

Customer Managed Key

Customer Managed Key (CMK) allows an organization to retain control and management of keys used to symmetrically encrypt their data at rest within Zoom’s infrastructure. With CMK, certain data encrypted at rest within Zoom’s platform is protected by a key generated by the customer’s key management system (KMS), rather than—or in addition to—Zoom’s KMS. This setup allows customers to monitor Zoom’s access to encrypted data and revoke that access at any time by disabling key permissions.

The following Zoom Contact Center artifacts are applicable to Customer Managed Key encryption:

As of the date of this document’s publication the email channel is not supported, but is expected to be in the future.

Artificial Intelligence

The AI Companion Security & Privacy Whitepaper

For businesses interested in utilizing AI Companion features with Zoom Contact Center, Zoom offers the AI Companion Security & Privacy Whitepaper, a comprehensive resource detailing the security and privacy features of Zoom AI Companion.

Zoom-Hosted Models Only Processing

Businesses interested in utilizing AI Companion features without using third-party large language model (LLM) providers may request to opt in to the Zoom-hosted Model Only mode. When enabled for an account, AI Companion will not use Zoom’s third-party LLM provider models and will exclusively use Zoom’s proprietary LLM to respond to prompts. This feature is applicable to:

• Zoom AI Companion

• AI Expert Assist

• Zoom Quality Management

• Zoom Virtual Agent

Zoom Workforce Management doesn't rely on LLMs for its functionality but remains fully compatible with the Zoom-hosted Models Only configuration when this feature is enabled.

Zoom Contact Center Data Privacy Sheet

Please refer to the Zoom Contact Center Data Privacy Sheet, which describes Zoom’s process for handling personal data and other data handling practices. Readers are also encouraged to refer to Zoom’s Privacy Statement.

Certificates and Attestations

Zoom maintains a list of Certifications, Attestations, and Standards within our Compliance Center.