Thank you very much!

You’re subscribed

Effective 28 July 2023
See change log

What is a Third-Party Subprocessor?

A subprocessor is a vendor Zoom uses to process data on behalf of our customers, who are the data controllers of that data.

Zoom’s Process for Contracting with Subprocessors

Zoom requires its subprocessors to satisfy equivalent obligations as those required from Zoom (as a Data Processor) as outlined in Zoom’s Data Processing Agreement (DPA), including but not limited to the requirements to:

process personal data following data controller’s (i.e., Customer’s) instructions (as communicated to the relevant subprocessor by Zoom);
in connection with the subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, under applicable data protection laws;
promptly inform Zoom about any security breach; and
cooperate with Zoom to address requests from data controllers, data subjects, or data protection authorities, as applicable.

Except for as provided below, Zoom owns or controls access to the infrastructure that hosts real-time and stored personal data (should the Customer choose to store such content, e.g., recordings and transcripts). Personal data may be shifted among data centers within a region to ensure Zoom’s performance and availability. Zoom also works with the listed service subprocessors below to provide the noted functionality.

The following table describes the countries and legal entities engaged in the processing and storage of personal data by Zoom acting as a data processor on behalf of its customers, the data controllers.

Zoom Authorized Subprocessors
Name	Purpose	Data Shared with Subprocessor	Location	International Transfer Mechanism	Additional Safeguards (links to subprocessor resources)
Amazon Web Services	Cloud Service Provider	Real-time meeting and webinar traffic Meeting and call recordings (if saved to the cloud by Customer Transcriptions of meeting or call recordings (if meeting recorded and saved to the cloud by Customer) Uploaded files	Australia, Brazil, Canada, Europe, India, Japan, Singapore, Taiwan, United States	SCCs	Risk and Compliance whitepaper and AWS Security Center
Anthropic	Intelligent Features Service Provider	Intelligent Features Service Provider Anthropic will process the following data only if an Admin separately enables this feature: Customer Content and context	United States	SCCs	Privacy Policy
Apple	Send push notifications on iOS phones. Customers can choose not to use this service.	Chat Message Notification SMS Message Notification PBX (Phone Call) Message Notification	United States	SCCs	Apple Push Notification Service Overview
Cloudflare	Security	IP address	European Union, United States	SCCs	Cloudflare Compliance Page, GDPR Compliance Page
Google Cloud Platform	Cloud Service Provider	Real-time meeting and webinar traffic	Taiwan	SCCs	Privacy Resource Center
Google Firebase	Send push notifications on Android phones. Customers can choose not to use this service.	Chat Message Notification SMS Message Notification PBX (Phone Call) Message Notification	United States	SCCs	Privacy and Security in Firebase
MaestroQA	Support Quality Assurance	Support related Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with MaestroQA but *only if Customer chooses to provide it* directly to a Zoom support agent through a support interaction, i.e., as an attachment to a support ticket.	Ireland, United States	SCCs	Privacy Policy
Microsoft	Cloud Service Provider.	Real-time meeting and webinar traffic Meeting and call recordings (if saved to the cloud by Customer Transcriptions of meeting or call recordings (if meeting recorded and saved to the cloud by Customer) Uploaded files	Switzerland	SCCs	Microsoft Privacy Statement
OneTrust	Data Subject Requests Portal, Cookie Preference Center	Name Email address Account type Country IP address DSAR reports User cookie preferences	United States	SCCs	Trust Page
OpenAI	Intelligent Features Service Provider	OpenAI will process the following data only if an Admin separately enables this feature: Customer Content and context	United States	SCCs	OpenAI Privacy Statement
Oracle	Cloud Service Provider	Real-time meeting and webinar traffic Meeting and call recordings address Transcriptions of meeting or call recordings	United States	Binding Corporate Rules (BCRs)	Technical Brief Whitepaper
Qualtrics	Feedback, Reviews, and Survey Responses	If a customer chooses to provide feedback, reviews, or survey responses to Zoom, then Qualtrics may process: Email address IP address Account information Customer Content or any data the customer chooses to provide in the feedback, survey, or review	Germany, United States	SCCs	Data Protection & Privacy
SendSafely	Encrypted file transfer service	Communications Content such as attachments MAY be shared with SendSafely but *only if Customer chooses to provide it* directly to a Zoom support agent through a support interaction (i.e., as an attachment to a support ticket).	United States	SCCs	Privacy Policy \| SendSafely \| End-to-End Encryption
ServiceNow	Cloud-based Customer Service Platform	Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with ServiceNow but *only if Customer chooses to provide it* directly to a Zoom support agent through a support interaction.	Germany	SCCs	Complying with the General Data Protection Regulation (GDPR)
TaskUS	Support Providers	Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with TaskUS but *only if Customer chooses to provide it* directly to a Zoom support agent through a support interaction.	Philippines	SCCs	Content Security
Twilio	Sends notification emails to customers’ invitees	If customers choose to send notification emails to invitees via Zoom, then Twilio will process the following data: Name Email address Meeting or webinar subject Meeting/webinar ID Meeting date and start time	United States	SCCs	Twilio GDPR Whitepaper
Zendesk	Cloud-based Customer Service Platform	Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with Zendesk but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction.	United States	BCRs	Compliance Certifications and Memberships

For additional subprocessors specific to Zoom Events, please see below. For more information about Zoom Events, please see the Zoom Events Privacy Statement.

Zoom Events Authorized Subprocessors

Name

Purpose

Data Shared with Subprocessor

Location

International Transfer Mechanism

Additional Safeguards

(links to subprocessor resources)

Stripe

Payment Processing

Payment and transaction information such as name, email, bank account details, payment card details, date/time/amount of transaction, and merchant name.

United States

SCCs

Stripe Privacy Center

Updates

As our business grows and evolves, the Subprocessors we utilize may also change. We will provide the owner of Customer’s account with notice of any new Subprocessors to the extent required under contractual agreement, along with posting such updates here.

You may also use the form below to subscribe to updates.

What is a Zoom Affiliate?

A Zoom affiliate is any entity that Zoom directly or indirectly controls. Together with Zoom Video Communications, Inc., these affiliates form the Zoom Group.

International Transfers within the Zoom Group

All parties of the Zoom Group have entered a data transfer agreement that sets out the data protection requirements and incorporates the appropriate EU Standard Contractual Clauses (“SCCs”).

Zoom Affiliates
Entity Name	Registered Location
ZOOM VIDEO COMMUNICATIONS, INC.	Delaware, USA
ZVC JAPAN K.K.	Japan
ZVC Netherlands B.V.	Amsterdam, Netherlands Norway (Branch Office)
ZVC- Australia Pty Ltd.	New South Wales, Australia
ZVC UK Ltd.	England Wales
Zoom Voice Communications, Inc.	Delaware, USA Hong Kong (Bus. Registration)
ZVC France SAS	Paris, France
ZVC India Pvt. Ltd.	Mumbai, India
ZVC Canada, Ltd.	Registered In: New Brunswick, Canada Extra Provincial Registrations: Alberta British Columbia Manitoba Ontario Quebec
Keybase, LLC	Delaware, USA
ZVC Singapore Pte. Ltd.	Singapore
ZVC Germany GmbH	Germany
Zoom Video Communications (Hong Kong) Limited	Hong Kong
Zoom Video Communications (Shanghai) Co., Ltd.	China
Saasbee Inc. (Hefei) Ltd.	China
Saasbee Software (Hangzhou) Co., Ltd.	China
Zoom Video Communications (Suzhou) Inc.	China

Date of Change	Change	Notes
28 July 2023	Added Anthropic as a subprocessor.
10 May 2023	Removed CSS Corps from the Subprocessor list. Added OpenAI, Qualtrics, and ServiceNow as subprocessors. Updated Cloudflare, MaestroQA, and Twilio for accuracy. Added Stripe as a subprocessor for Zoom Events.	CSS Corps is no longer a vendor of Zoom.
05 October 2022	Added Taiwan as a processing location for Amazon Web Services. Added Google Cloud Platform for processing in Taiwan only. Added SendSafely as a subprocessor.
25 April 2022	Added Microsoft as a subprocessor.
17 February 2022	Removed Karlsruhe Information Technology Solutions from Affiliates list. Added MaestroQA, OneTrust, and Cloudflare to the list of Subprocessors for accuracy. Updated list of AWS locations for accuracy.	Karlsruhe Information Technology Solutions was merged with ZVC Germany GmbH. Following an internal assessment, we identified the absence of three vendors. Zoom has always used these vendors for that purpose; they are not new subprocessors.
30 December 2021	Added Twilio, CSS Corp, TaskUS for accuracy. Added Zoom Affiliates for transparency.	Following an internal assessment, we identified the absence of four vendors. Zoom has always used these vendors for that purpose; they are not new subprocessors.
11 February 2021	Updated regional locations of cloud service infrastructure providers	Updated regional locations of cloud service infrastructure providers for accuracy
14 October 2020	Removed vendors erroneously classified as subprocessors.	Following an internal assessment, we identified some vendors previously listed that did not, in fact, process any customer data for which Zoom is the data processor. For that reason, we removed them.
14 October 2020	Added Apple and Google Firebase for accuracy.	Following an internal assessment, we identified the absence of two vendors for mobile phone push notifications. Zoom has always used these vendors for that purpose; they are not new subprocessors.

Thank you very much!

Zoom Third-Party Subprocessors & Zoom Affiliates