Privacy, Retention, and Access Controls

Zoom AI Companion offers several controls that help organizations manage how meeting data is stored, accessed, and shared. These controls are designed to help reduce the risk of unauthorized access, comply with legal obligations, and align with internal security policies. The following sections explain how Zoom handles transcript retention, summary access, legal holds, and admin-managed sharing behavior.

AI Companion data is subject to legal holds

Zoom AI Companion data, including summaries and transcripts, is subject to eDiscovery and legal hold processes. If a meeting is under legal hold, content will be retained even if deleted by a host.

Zoom offers a zero data retention setting for live transcripts

Zoom offers a Zero Data Retention option with respect to Zoom’s retention of the temporary transcript, screen shared content via OCR, and in-meeting chat messages used to provide a Meeting Summary. When enabled, these inputs will be deleted by Zoom immediately after the summary is created. If a summary fails to be created it will be retained for up to 24 hours to allow for retries. To enable this feature please reach out to your account team or log a support ticket.

Summaries are not protected from copy/paste or re-sharing

Zoom does not currently prevent users from copying, downloading, or forwarding summary content that has been shared with them. Summaries can be accessed via web browsers, and Information Barriers do not currently restrict meeting summary sharing or access.

Zoom employee access to meeting and messaging content is role-based and logged

Zoom employees cannot access meeting or messaging content (audio, video, transcripts, whiteboards, etc.) unless:

• Authorized by the account admin/owner, or

• Required for legal, safety, security, or support reasons

Zoom enforces least-privilege, role-based access controls and maintains audit logs to detect unauthorized access.

Admins control summary sharing behavior

While Zoom cannot technically prevent users from exfiltrating content (e.g., via personal email or file transfer), admins can:

• Disable summary delivery via email

• Require authentication to view summary links

These settings help mitigate risk of unauthorized sharing.