# Privacy, Security, and Compliance This section outlines privacy, security, and compliance settings available within Zoom Contact Center. ### Data Residency For Zoom Contact Center-specific data residency, there are two distinct categories of data that cover different components of the service: Diagnostic Data and Customer Content Data. Each of these data types has different rules governing their residency, which are discussed in the following sections. #### Diagnostic Data Diagnostic Data is data automatically generated or collected by Zoom through use of the Zoom service. For Zoom Contact Center, Diagnostic Data includes phone call, video call, SMS/MMS, voicemail, and voice recording metadata, telemetry data (e.g., product usage and system configuration), and other service-generated data (e.g., information to provide a service requested by the end user). Details of how Diagnostic Data and its sub-categories are collected and handled are provided within the [Zoom Contact Center Privacy Data Sheet](https://explore.zoom.us/media/privacy-data-sheet-contact-center_202212-n.pdf) and Zoom’s [Privacy Statement](https://explore.zoom.us/en/privacy/). Customers with outstanding questions are encouraged to speak to their Zoom account team for more information. #### Customer Content Data Zoom Contact Center Customer Content Data is the data your users record or share during an engagement, including voice/video, transcripts, recordings, voicemail, and SMS/MMS. Where this data is stored can depend on several factors and may vary depending on account, group, and user settings or other tool-specific settings. However, it is important to note that all call recordings will be temporarily stored and processed in the SIP zone region where the user’s device is registered before it is moved to its permanent data storage location. For instance, if a user’s applicable content storage is set to Germany but they are registered to a SIP zone in the U.S., the call will be recorded and processed within the U.S. data center before being transferred to long-term storage in Germany. The following table outlines which pieces of customer content data are customizable for residency and which are located within the account’s provisioned cluster. | | Controlled by Customer Content Storage Setting | Stored in the Region Where the Account is Provisioned | | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | | **Zoom Contact Center** | | | | **Zoom Workforce Management** | Not Applicable | Customer Content Not Applicable | | **Zoom Quality Management** | Transcripts | Customer Content Not Applicable | | **Zoom Virtual Agent** | Transcripts | Customer Content Not Applicable | {% hint style="info" %} **Note** Region-specific (localized) accounts will automatically store Customer Content data within their account’s region. {% endhint %} **Defining Storage Location Settings** Zoom Contact Center customers can choose regional data storage for applicable types of Customer Content at the account and Queue levels. For these various groups and call-routing tools, customers can choose to store applicable Zoom Contact Center Customer Content in the following locations: {% columns %} {% column %} * United States * Australia * Brazil * Canada {% endcolumn %} {% column %} * Germany * Japan * Mexico * Singapore {% endcolumn %} {% endcolumns %} {% hint style="info" %} **Note** Some Zoom Contact Center add-on products (e.g., Zoom Virtual Agent, etc.) may not support all defined locations above. If this is important to your business, speak with your Zoom account team for more information. {% endhint %} Refer to Zoom’s support center for more information on [managing Customer Content storage locations](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0066473). ### Data Retention Zoom Contact Center Customer Content Data is retained in the cloud indefinitely by default. However, customers can customize their data retention settings for the following items: | Item | Duration | | ------------------------------------------------- | ----------------- | | Voice and Video Recordings and Transcripts | 1 Day - 10 Years | | Audio Survey Files | 1 Day - 10 Years | | Inbox Messages (Voicemail) | 1 - 30 Days | | Messages and Files (Video and Messaging Channels) | 1 Day - 12 Months | | Email Messages | 1 Day - 12 Months | Customers can also define deletion behavior, with the option initially “soft delete” data, leaving it in a recoverable state for up to 30 days before it is permanently deleted. Alternatively, customers can set it to permanently delete after the set time without a “soft delete” period. Refer to Zoom’s support center for more information on adjusting [Zoom Contact Center's data retention policies](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0058770). ### Data Redaction, Data Masking, and Blocking Sensitive Data To assist with protecting consumer and personally identifiable information (PII), Zoom Contact Center supports data masking and redaction, described in the sections below. #### Data Redaction With data redaction, Zoom Contact Center admins can configure the service to automatically remove or obscure sensitive information, like a consumer’s personal data, from an engagement’s records, including voice and video recordings, transcripts, and messaging interactions. Once the feature is enabled, Zoom Contact Center will scan recordings and transcripts to detect personal data and replace it with generic placeholder text. For example, if redacting a transcript, the phone number **555-555-5555** would be replaced with the text **\[PHONE NUMBER]**; alternatively, if redacting an audio recording, the recording would be silent for that portion of the conversation. {% hint style="danger" %} **Warning** Due to the predictive nature of the machine learning algorithm that is used in this feature, Zoom Contact Center can't guarantee 100% accuracy of the data redactions. Users of this feature are responsible for ensuring the accuracy of the redaction results. {% endhint %} Refer to Zoom’s support center for more information on [data redaction](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0073940) within Zoom Contact Center. #### Data Masking With Data Masking, Zoom Contact Center admins can configure the service to transform sensitive data into a non-identifiable format that maintains the original structure while concealing critical details. For example, transforming a credit card number from **1234-1234-1234-1234** to **XXXX-XXXX-XXXX-1234**. When this feature is enabled, Zoom Contact Center admins can control which roles have access to view consumers’ personal information within engagements and reports. Personal data will be masked during live text-based interactions, as well as when viewing closed engagements, analytics, and voicemail Inboxes; however, this masking doesn't apply to Zoom APIs or third-party integrations. Lastly, when consumer information is masked, agents are unable to perform searches based on that data.\ \ Refer to Zoom’s support center for more information on [data masking](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0058523) within Zoom Contact Center. #### Blocking Sensitive Data With the Block Sensitive Information feature, Zoom Contact Center admins can prevent consumers from sharing sensitive information through web chat, in-app chat, or SMS engagements. This feature uses regular expressions to detect specific strings or numbers, and can block sensitive content before it’s shared. For example, if a consumer tries to send a message containing sensitive information that matches a configured expression, they will receive an automated notification informing them that their message couldn’t be sent due to the presence of sensitive content. When this occurs, the assigned agent will also receive this notification. Refer to Zoom’s support center for more information on [blocking sensitive data](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0058497) within Zoom Contact Center. ### Localized Product Availability The following table outlines product availability within Zoom’s localized regions.
Zoom Contact CenterUS: Yes
Europe: Yes
FedRAMP (Gov): Yes
Australia: No
India: No
Singapore: No
Zoom Workforce ManagementUS: Yes
Europe: Yes
FedRAMP (Gov): No
Australia: No
India: No
Singapore: No
Zoom Quality ManagementUS: Yes
Europe: Yes
FedRAMP (Gov): No
Australia: No
India: No
Singapore: No
Zoom Virtual AgentUS: Yes
Europe: Yes
FedRAMP (Gov): No
Australia: No
India: No
Singapore: No
### Customer Managed Key [Customer Managed Key](https://www.zoom.com/en/products/cmk/) (CMK) allows an organization to retain control and management of keys used to symmetrically encrypt their data at rest within Zoom’s infrastructure. With CMK, certain data encrypted at rest within Zoom’s platform is protected by a key generated by the customer’s key management system (KMS), rather than—or in addition to—Zoom’s KMS. This setup allows customers to monitor Zoom’s access to encrypted data and revoke that access at any time by disabling key permissions. The following Zoom Contact Center artifacts are applicable to Customer Managed Key encryption: {% columns %} {% column %} * Video Recordings * Voice Recordings * Video Transcripts * Voice Transcripts {% endcolumn %} {% column %} * Voicemails * Voicemail Transcripts * Messaging Transcripts, **excluding** attachments from social channels and SMS {% endcolumn %} {% endcolumns %} As of the date of this document’s publication the **email** channel is **not** supported, but is expected to be in the future. ### Artificial Intelligence #### The AI Companion Security & Privacy Whitepaper For businesses interested in utilizing AI Companion features with Zoom Contact Center, Zoom offers the [AI Companion Security & Privacy Whitepaper](https://www.zoom.com/en/lp/zoom-ai-whitepaper/), a comprehensive resource detailing the security and privacy features of Zoom AI Companion. #### Zoom-Hosted Models Only Processing Businesses interested in utilizing AI Companion features without using third-party large language model (LLM) providers may request to opt in to the Zoom-hosted Model Only mode. When enabled for an account, AI Companion will not use Zoom’s third-party LLM provider models and will exclusively use Zoom’s proprietary LLM to respond to prompts. This feature is applicable to: * Zoom AI Companion * AI Expert Assist * Zoom Quality Management * Zoom Virtual Agent Zoom Workforce Management doesn't rely on LLMs for its functionality but remains fully compatible with the Zoom-hosted Models Only configuration when this feature is enabled. {% hint style="info" %} **Note** When Zoom-hosted Models Only mode is enabled, some AI features may not be available. If you are interested in a specific feature and are concerned about its availability with Zoom-hosted Models Only enabled, speak with your Zoom account team for more information. {% endhint %} ### Zoom Contact Center Data Privacy Sheet Please refer to the [Zoom Contact Center Data Privacy Sheet](https://explore.zoom.us/media/privacy-data-sheet-zoom-phone.pdf), which describes Zoom’s process for handling personal data and other data handling practices. Readers are also encouraged to refer to Zoom’s [Privacy Statement](https://explore.zoom.us/en/privacy/). ### Certificates and Attestations Zoom maintains a list of Certifications, Attestations, and Standards within our [Compliance Center](https://www.zoom.com/en/trust/legal-compliance/#certifications). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://library.zoom.com/business-services/zoom-contact-center/zoom-customer-experience/privacy-security-and-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.