Security at Zoom
Security at Zoom
See why millions of people and organizations trust us with their communications.
Privacy and security are top of mind for us at Zoom. Find resources and learn how Zoom works to secure your data and protect your privacy.
Protecting your meetingsZoom offers several tools to protect your meetings, helping manage participant activity, information sharing, and more.
Protecting your dataCommunications are established using TLS, and meeting, webinar and messaging content is encrypted using 256-bit Advanced Encryption Standard (AES), with optional end-to-end encryption.
Protecting your privacyZoom is committed to protecting your privacy. We've designed policies and controls to safeguard the collection, use, and disclosure of your information.
Protecting your meetings
The following in-meeting security capabilities are available to the meeting host:
- Encrypted meetings on by default with optional E2EE encryption
- Create Waiting Rooms for attendees
- Require host to be present before meeting starts
- Expel a participant or all participants
- Suspend participant activities
- Lock a meeting
- Screen share watermarks
- Audio signatures
- Enable/disable a participant or all participants to record
- Temporary pause screen-sharing when a new window is opened
- Use a passcode to protect a meeting
- Only allow individuals with a given email domain to join
Protecting your data
Encryption: Protecting your event content by encrypting the session’s video, audio, and screen sharing. This content is protected during transit with 256-bit Advanced Encryption Standard (AES) using a one-time key for that specific session when all participants use a Zoom client.
End-to-end Encryption, when enabled, ensures that communication between all meeting participants in a given meeting is encrypted using cryptographic keys known only to the devices of those participants. This ensures that no third party -- including Zoom -- has access to the meeting’s private keys.
Advanced Chat Encryption, when enabled, allows for a secured communication where only the intended recipient can read the secured message. Zoom uses both asymmetric and symmetric algorithms to encrypt the chat session. Private keys are generated on the device and not shared. This ensures that the session cannot be eavesdropped on or tampered with.
Zoom Phone Voicemail recordings are processed and stored in Zoom’s cloud and can be managed through the secured Zoom client.
Recordings can be stored on the host’s local device with the local recording option or on Zoom’s cloud with the Cloud Recording option (available to paying customers).
- Local Recording Storage: Recordings stored locally on the host’s device can be encrypted if desired using various free or commercially available tools.
- Cloud Recording Storage: Cloud recordings are processed and stored in Zoom’s cloud after the meeting has ended; account owners control whether these recordings are passcode-protected. The recordings are stored in both video/audio format and audio only format.
- If a meeting host enables cloud recording and audio transcripts, both will be stored encrypted. The account owner and people and apps they approve can access encrypted content stored in ZoomCloud (and Zoom can access stored content for troubleshooting if requested by the account owner).
- If a meeting host enables file transfer through in-meeting chat, those shared files will be stored encrypted and will be deleted within 31 days of the meeting.
Audio Signature embeds a user's personal information into the audio as an inaudible watermark if they record during a meeting. If the audio file is shared without permission, Zoom can help identify which participant recorded the meeting.
Watermark Screenshot superimposes an image, consisting of a portion of a meeting participant’s own email address, onto the shared content they are viewing and the video of the person who is sharing their screen.
Zoom offers a range of authentication methods such as SAML, OAuth, and/or Password based which can be individually enabled/disabled for an account. Users authenticating with username and password can also enable two-factor authentication (2FA) as an additional layer of security to sign in.
Zoom works with Okta as well as other enterprise identity management platforms such as Centrify, Microsoft Active Directory, Gluu, OneLogin, PingOne, Shibboleth, and many others. Zoom can map attributes to provision a user to a different group with feature controls.
OAuth-based provisioning works with Google or Facebook OAuth for instant provisioning. Zoom also offers an API call to pre-provision users from any database backend.
Additionally, your organization or university can add users to your account automatically with managed domains. Once your managed domain application is approved, all existing and new users with your email address domain will be added to your account.