Thank you very much!

You’re subscribed

Zoom Third-Party Subprocessors & Zoom Affiliates

Effective 05 October 2022
See change log

What is a Third-Party Subprocessor?

A subprocessor is a vendor Zoom uses to process data on behalf of our customers, who are the data controllers of that data.

Zoom’s Process for Contracting with Subprocessors

Zoom requires its subprocessors to satisfy equivalent obligations as those required from Zoom (as a Data Processor) as outlined in Zoom’s Data Processing Agreement (DPA), including but not limited to the requirements to:

  • process personal data following data controller’s (i.e., Customer’s) documented instructions (as communicated in writing to the relevant subprocessor by Zoom);
  • in connection with the subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, under applicable data protection laws;
  • promptly inform Zoom about any security breach; and
  • cooperate with Zoom to address requests from data controllers, data subjects, or data protection authorities, as applicable.

Except for as provided below, Zoom owns or controls access to the infrastructure that hosts real-time and stored personal data (should the Customer choose to store such content, e.g., recordings and transcripts). Personal data may be shifted among data centers within a region to ensure Zoom’s performance and availability. Zoom also works with the listed service subprocessors below to provide the noted functionality.

The following table describes the countries and legal entities engaged in the processing and storage of personal data by Zoom acting as a data processor on behalf of its customers, the data controllers.

Zoom Authorized Subprocessors

Name

Purpose 

Data Shared with Subprocessor

Location

International Transfer Mechanism 

Additional Safeguards

(links to subprocessor resources)

Amazon Web Services

Cloud Service Provider  
  • Real-time meeting and webinar traffic
  • Meeting and call recordings (if saved to the cloud by Customer
  • Transcriptions of meeting or call recordings (if meeting recorded and saved to the cloud by Customer) 
  • Uploaded files

Australia, Brazil, Canada, Europe, India, Japan, Singapore, Taiwan, United States

SCCs

Risk and Compliance whitepaper and AWS Security Center

Apple

Send push notifications on iOS phones. Customers can choose not to use this service. 
  • Chat Message Notification
  • SMS Message Notification
  • PBX (Phone Call) Message Notification

United States 

SCCs

Apple Push Notification Service Overview

Cloudflare

Security
  • IP address

United States 

SCCs


Cloudflare Compliance Page,

GDPR Compliance Page

CSS Corp

Support Providers

Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with CSS Corp but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction.

Romania

SCCs

Privacy Notice

Google Cloud Platform

Cloud Service Provider
  • Real-time meeting and webinar traffic

Taiwan

SCCs

Privacy Resource Center

Google Firebase

Send push notifications on Android phones. Customers can choose not to use this service.
  • Chat Message Notification
  • SMS Message Notification
  • PBX (Phone Call) Message Notification

United States

SCCs

Privacy and Security in Firebase

MaestroQA

Support Quality Assurance

Support related Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with MaestroQA but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction, i.e., as an attachment to a support ticket.

United States

SCCs

Privacy Policy

Microsoft

Cloud Service Provider.
  • Real-time meeting and webinar traffic
  • Meeting and call recordings (if saved to the cloud by Customer
  • Transcriptions of meeting or call recordings (if meeting recorded and saved to the cloud by Customer)
  • Uploaded files

Switzerland

SCCs

Microsoft Privacy Statement

OneTrust

Data Subject Requests Portal, Cookie Preference Center
  • Name
  • Email address
  • Account type
  • Country
  • IP address
  • DSAR reports
  • User cookie preferences

United States

SCCs

Trust Page

Oracle

Cloud Service Provider

  • Real-time meeting and webinar traffic
  • Meeting and call recordings address
  • Transcriptions of meeting or call recordings

United States

Binding Corporate Rules (BCRs)

Technical Brief Whitepaper

SendSafely

Encrypted file transfer service

Communications Content such as attachments MAY be shared with SendSafely but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction (i.e., as an attachment to a support ticket).

United States

SCCs

Privacy Policy | SendSafely | End-to-End Encryption

TaskUS

Support Providers

Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with TaskUS  but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction.

Philippines

SCCs

Content Security

Twilio

For webinars. Send notification emails to webinar registrants with Webinar details.

    If customers choose to send webinar invites via Zoom, then Twilio will process the following data:

  • Name
  • Email address
  • Meeting or webinar subject
  • Meeting/webinar ID
  • Meeting date and start time

United States

SCCs

Twilio GDPR Whitepaper

Zendesk

Cloud-based Customer Service Platform

Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with Zendesk but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction.

United States

BCRs

Compliance Certifications and Memberships

Updates

As our business grows and evolves, the Subprocessors we utilize may also change. We will provide the owner of Customer’s account with notice of any new Subprocessors to the extent required under contractual agreement, along with posting such updates here.

You may also use the form below to subscribe to updates.

 

 

What is a Zoom Affiliate?

A Zoom affiliate is any entity that Zoom directly or indirectly controls. Together with Zoom Video Communications, Inc., these affiliates form the Zoom Group.

International Transfers within the Zoom Group

All parties of the Zoom Group have entered a data transfer agreement that sets out the data protection requirements and incorporates the appropriate EU Standard Contractual Clauses (“SCCs”).

Zoom Affiliates

Entity Name

Registered Location

ZOOM VIDEO COMMUNICATIONS, INC.

Delaware, USA

ZVC JAPAN K.K.

Japan

ZVC Netherlands B.V.

Amsterdam, Netherlands

Norway (Branch Office)

ZVC- Australia Pty Ltd. 

New South Wales, Australia

ZVC UK Ltd. 

England
Wales

Zoom Voice Communications, Inc. 

Delaware, USA

Hong Kong (Bus. Registration)

ZVC France SAS

Paris, France

ZVC India Pvt. Ltd. 

Mumbai, India

ZVC Canada, Ltd. 

Registered In:
New Brunswick, Canada

Extra Provincial Registrations:
Alberta
British Columbia
Manitoba
Ontario
Quebec

Keybase, LLC

Delaware, USA

ZVC Singapore Pte. Ltd. 

Singapore

ZVC Germany GmbH

Germany

Zoom Video Communications (Hong Kong) Limited

Hong Kong

Zoom Video Communications (Shanghai) Co., Ltd. 

China

Saasbee Inc. (Hefei) Ltd. 

China

Saasbee Software (Hangzhou) Co., Ltd.

China

Zoom Video Communications (Suzhou) Inc. 

China

 

 

Date of Change 

Change

Notes

05 October 2022

Added Taiwan as a processing location for Amazon Web Services.

Added Google Cloud Platform for processing in Taiwan only.

Added SendSafely as a subprocessor.

25 April 2022

Added Microsoft as a subprocessor.

17 February 2022

Removed Karlsruhe Information Technology Solutions from Affiliates list.

Added MaestroQA, OneTrust, and Cloudflare to the list of Subprocessors for accuracy.

Updated list of AWS locations for accuracy.

Karlsruhe Information Technology Solutions was merged with ZVC Germany GmbH.

Following an internal assessment, we identified the absence of three vendors. Zoom has always used these vendors for that purpose; they are not new subprocessors.

30 December 2021

Added Twilio, CSS Corp, TaskUS for accuracy.

Added Zoom Affiliates for transparency.

Following an internal assessment, we identified the absence of four vendors. Zoom has always used these vendors for that purpose; they are not new subprocessors. 

11  February 2021

Updated regional locations of cloud service infrastructure providers

Updated regional locations of cloud service infrastructure providers for accuracy

14  October 2020

Removed vendors erroneously classified as subprocessors.

Following an internal assessment, we identified some vendors previously listed that did not, in fact, process any customer data for which Zoom is the data processor. For that reason, we removed them. 

14 October 2020

Added Apple and Google Firebase for accuracy. 

Following an internal assessment, we identified the absence of two vendors for mobile phone push notifications. Zoom has always used these vendors for that purpose; they are not new subprocessors.