Government Requests Guide
Government Requests Guide
01How to submit a request
02Requirements for all jurisdictions
03U.S. government requests for user information
04Non-U.S. government requests for user information
06Types of data that Zoom may have
08Production of records
11Requests for Zoom to restrict access to services on our platform
12Expert witness testimony and authentication of records
Zoom supports the free and open exchange of thoughts and ideas. We are proud to facilitate meaningful conversations and professional collaboration around the world. Because of our commitments to user privacy, security, and safety, Zoom subjects all government requests to a careful review, and we will not respond to government requests that fail that review.
Zoom Video Communications, Inc. (“Zoom”), provides these guidelines to law enforcement and government agencies seeking nonpublic information about Zoom’s customers. Zoom also provides this for informational purposes to our customers.
For quick reference, here are links below to additional location-specific instructions.
How to submit a request
Law enforcement and government agencies must submit all inquiries and requests for information or preservation (and extensions) via our Law Enforcement Response System (LERS) here.
Requirements for all jurisdictions
- Be in English;
- Be in .pdf format, except in certain emergency situations;
- Be addressed to Zoom Video Communications, Inc., 55 Almaden Boulevard, San Jose, CA 95113 for requests about meetings, or to Zoom Voice Communications at the same address for requests about phone calls;
- Come from an official government email address;
- Requesting agent’s name;
- Requesting agency’s name;
- Requesting agent’s badge/Identification number;
- Requesting agent’s government-issued email address;
- Requesting agent’s telephone number (including extension);
- Requesting agent’s mailing address (no P.O. boxes);
- A date and the signature of the authorizing official;
- A date by which the legal process requests a response.
Content of requests
Requests should be legally valid, appropriately scoped, and sufficiently detailed. This means they must:
- Have a valid legal basis and have been issued pursuant to applicable laws and rules in the jurisdiction of the agency making the request
- Be signed and submitted by someone with the authority to make the request.
- Be clear and not overly broad
- Include specific identifiers in your requests, such as the meeting number, date and time in UTC, the email address used to set up the meeting, and the username(s) of those targeted, if the request is about a meeting. Specify reasonable date ranges where applicable
Where requests are submitted without proper identifiers or reasonable scope and date limitations, we may require that the request be narrowed before processing.
U.S. government requests for user information
U.S. government requests must comply with the requirements in Requirements for all Jurisdictions above. Here are the types of requests we accept and the information we may disclose in response to them.
|Type of legal request||What you may obtain||Examples of data processed by Zoom (not exhaustive; dependent on customer settings)|
|Subpoena (administrative, trial or grand jury)*||Non-content information listed in 18 U.S.C. 2703(c)(2)||User names, emails, billing information, meeting or webinar metadata such as the time a user joined|
|Search warrant based on probable cause||User content and non-content information||The above, plus cloud recordings, profile pictures, voicemails & voicemail prompts, SMS (Zoom Phone)|
We respect and seek to comply with the privacy laws where our customers and users live. We may object to requests for personal information or customer content if the request would require the violation of foreign privacy laws, including the European General Data Protection Regulation.
*We may require a 2703(d) order instead of a subpoena for non-content information other than what is listed in 2703(c)(2) and in certain other circumstances where a subpoena is legally insufficient.
Requests for real-time interception or monitoring of user meeting content
Zoom does not have the capability to facilitate law enforcement intercept for customer meetings and webinars, and we do not have the means to insert our employees or others into meetings without them being visible as participants.
Non-U.S. government requests for user information
In addition to the requirements in Requirements for all Jurisdictions above, your request must be legally valid. Zoom does not consider a non-U.S. request to be legally valid unless:
- It has a particular legal basis and meets applicable requirements in the domestic law of the requesting country, and
- It pertains to the bona-fide prevention, detection, or investigation of a criminal offense in your jurisdiction
If a non-U.S. request does not meet the requirements above, Zoom will challenge or reject it. You may always seek process under a Mutual Legal Assistance Treaty, a CLOUD Act agreement, or letters rogatory.
We scrutinize all non-U.S. requests on a country-by-country and case-by-case basis. We do this in order to balance our local legal obligations against our basic principles described above, including our commitments to promote the free and open exchange of ideas, keep our users safe, and protect our users’ privacy. Where those principles conflict with local law, we may reject a request, even if the request is proper under local law.
We accept preservation requests both from U.S. and non-U.S. governments. We will preserve a one-time snapshot of the relevant records for 90 days. We can extend a preservation request for up to 90 more days with a separate, formal extension request.
Preservation requests must meet all the relevant requirements in Requirements for all Jurisdictions above, and must specify the particular account, host, or meeting information to be preserved.
Types of data that Zoom may have
What account information we have depends on the type of account, what the customer chooses to share or store with us, and our data retention policies. We cannot determine or guarantee the accuracy of information provided by our customers and users.
Here are examples of the types of information that Zoom may have about an account:
About content: Zoom only has meeting content if (1) an account enables recording, (2) a host records a meeting or webinar and (3) asks Zoom to store it in the Zoom cloud. If a host records a meeting locally (to their device) instead of to the Zoom cloud, then Zoom does not have access to any content from the meeting. If a host does not record a meeting at all, then no content exists.
For more information, please see below and visit our Privacy Statement.
Zoom meeting, webinar and phone call information
Zoom may process the following information about meetings, webinars and Zoom phone calls. What information we process depends on (1) whether a user has a registered Zoom account, (2) the type of account and (3) the kind of Zoom product in question.
For more information on the data Zoom processes, please visit our Privacy Data Sheet.
Our policy is to notify users of requests for their information unless we are legally prohibited from doing so (e.g., by a judge under 18 U.S.C. § 2705), or where the matter involves child endangerment, an emergency involving danger of death or serious physical injury to a person, or a threat to Zoom services, rights or property. Any non-disclosure order must have a fixed duration. If you are seeking an exception to our notice policy, include a description of the exigent circumstances or potential adverse result of notice so that we can evaluate the circumstances.
If the request draws attention to an ongoing or prior violation of our Terms of Service, Acceptable Use Guidelines, Privacy Statement, or other applicable policies, guidelines or legal requirements, we may act to address the violation or prevent further abuse.
Production of records
Unless otherwise agreed upon, we provide responsive records in electronic format. We may seek reimbursement for costs associated with producing information pursuant to legal process and as permitted by law. We may also seek additional reimbursement for costs incurred in responding to unusual or burdensome requests.
If you are seeking information about a Zoom customer who has provided consent for a government to obtain their account or meeting information, you should seek the information directly from the customer to the extent possible, as opposed to seeking the information from Zoom.
We evaluate emergency requests on a case-by-case basis. If we have a good faith belief that an emergency involving danger of death or serious physical injury to any person requires us to disclose information without delay, we may provide information consistent with our Privacy Statement and applicable law (e.g., 18 U.S.C. § 2702(b)(8) and (c)(4)). We do not commit to producing records under any set of circumstances or within a particular timeline and may request additional information about the request or the identity of the requester.
Submit emergency requests via our Law Enforcement Response System (LERS) here and include all of the following information:
- The detailed nature of the emergency, including how you learned of the threat, links to social media posts, chat logs, etc.;
- Identify who is at risk of death or serious physical injury;
- Describe the imminent nature of the threat, including information that suggests there is a specific deadline before which it is necessary to receive the requested information; or that suggests there is a specific deadline by which the harm will occur (e.g., tonight, tomorrow at noon);
- Identify the specific information you are requesting from Zoom. Narrowly tailor your request – requesting all information associated with a user, account, or meeting may delay processing.
- Explain how the information you seek will help avert the emergency.
Requests for Zoom to restrict access to services on our platform
Many countries have laws that may restrict one or more of their residents from participating in or hosting particular Zoom meetings or webinars. We will carefully review any government requests demanding we shut down a meeting or restrict user access to any part of the Zoom platform. If we receive a legally valid, appropriately scoped and sufficiently detailed request from a legitimate government agency, we may take action to limit participation from the appropriately scoped jurisdiction. We will reject or challenge requests that do not meet this standard.
We strive to limit the actions we take to only those necessary to comply with our legal obligations. Unless we determine that there has been a violation of our Terms of Service or Acceptable Use Guidelines, we will not prevent our users from accessing our services if they are outside of the jurisdiction of the requesting government agency, or if they are not subject to applicable local law.
Unless prohibited by law, we will attempt to notify those named in a request to restrict access. We will send notice to the email address associated with the account.
Except for the circumstance where we receive a request from a legitimate government agency and we have a good faith belief that there is an emergency involving danger of death or serious physical injury to any person (a process for which will be outlined with governments directly), government personnel outside of the U.S. transmitting requests to restrict access should transmit them directly from their official government email address by submitting a request via the Law Enforcement Response System (LERS) available here.
Expert witness testimony and authentication of records
We do not provide expert testimony support, except as required by applicable laws and regulations. Pursuant to law, our records are self-authenticating and should not require the testimony of a records custodian. If a special form of authentication is required in your jurisdiction, please attach it to your request.