Encryption of data in transit and at rest is currently AES 256 ECB migrating to AES 256 GCM on May 30, 2020

Controlled data routing that allows paying customers to opt-in or opt-out of any of our data centres (excluding their home region) and, for enterprise clients, the ability to customize and manage geographic regions for specific meetings

Transparency on data routing via the Zoom account administration dashboard

Safeguards and controls to prohibit unauthorized participants such as:Eleven (11) digit unique meeting IDsComplex passwordsWaiting Room with the ability to automatically admit participants from your domainMeeting lock feature that can prevent anyone from joining the meeting, and ability to remove participantsAuthentication profiles that only allow entry to registered users, or restrict to specific email domains

Meeting host controls can enable/disable participants to:Content shareChatRename themselves

Security controls at the fingertips of the host/co-host with a dedicated Security icon on the main interface

All cloud recordings are encrypted with complex passwords on by default

Prevent robocalling with rate limiting and reCAPTCHA (requires human intervention) enabled across all platforms

Audio recordings with a user’s electronic fingerprint embedded into the audio as an inaudible watermark so if the recording is shared without permission, we can help identify the source

Content watermarking superimposes the image of a meeting participant’s email address onto shared content they screenshot

SOC 2 (Type II)

FedRAMP (Moderate)

GDPR, CCPA, COPPA, FERPA, and HIPAA Compliant (with BAA)

Privacy Shield Certified (EU/US, Swiss/US, Data Privacy Practices)

TrustArc Certified Privacy Practices and Statements