Thank you very much!
You’re subscribed
Zoom Third-Party Subprocessors & Zoom Affiliates
Effective 03 November 2023
See change log
What is a Third-Party Subprocessor?
A subprocessor is a vendor Zoom uses to process data on behalf of our customers, who are the data controllers of that data.
Zoom’s Process for Contracting with Subprocessors
Zoom requires its subprocessors to satisfy equivalent obligations as those required from Zoom (as a Data Processor) as outlined in Zoom’s Data Processing Agreement (DPA), including but not limited to the requirements to:
- process personal data following data controller’s (i.e., Customer’s) instructions (as communicated to the relevant subprocessor by Zoom);
- in connection with the subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, under applicable data protection laws;
- promptly inform Zoom about any security breach; and
- cooperate with Zoom to address requests from data controllers, data subjects, or data protection authorities, as applicable.
Except for as provided below, Zoom owns or controls access to the infrastructure that hosts real-time and stored personal data (should the Customer choose to store such content, e.g., recordings and transcripts). Personal data may be shifted among data centers within a region to ensure Zoom’s performance and availability. Zoom also works with the listed service subprocessors below to provide the noted functionality.
The following table describes the countries and legal entities engaged in the processing and storage of personal data by Zoom acting as a data processor on behalf of its customers, the data controllers.
| Zoom Authorized Subprocessors | |||||
| Name | Purpose | Data Shared with Subprocessor | Location | International Transfer Mechanism | Additional Safeguards
(links to subprocessor resources) |
| Amazon Web Services | Cloud Service Provider |
|
Australia, Brazil, Canada, Europe, India, Japan, Singapore, Taiwan, United States | SCCs | Risk and Compliance whitepaper and AWS Security Center |
| Anthropic | Intelligent Features Service Provider | Intelligent Features Service Provider Anthropic will process the following data only if an Admin separately enables this feature:
|
United States | SCCs | Privacy Policy |
| Apple | Send push notifications on iOS phones. Customers can choose not to use this service. |
|
United States | SCCs | Apple Push Notification Service Overview |
| Cloudflare | Security |
|
European Union, United States | SCCs | Cloudflare Compliance Page, GDPR Compliance Page |
| Google Cloud Platform | Cloud Service Provider |
|
Taiwan | SCCs | Privacy Resource Center |
| Google Firebase | Send push notifications on Android phones. Customers can choose not to use this service. |
|
United States | SCCs | Privacy and Security in Firebase |
| MaestroQA | Support Quality Assurance | Support related Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with MaestroQA but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction, i.e., as an attachment to a support ticket. | Ireland, United States | SCCs | Privacy Policy |
| Microsoft | Cloud Service Provider. |
|
Switzerland | SCCs | Microsoft Privacy Statement |
| OneTrust | Data Subject Requests Portal, Cookie Preference Center |
|
United States | SCCs | Trust Page |
| OpenAI | Intelligent Features Service Provider | OpenAI will process the following data only if an Admin separately enables this feature:
|
United States | SCCs | OpenAI Privacy Statement |
| Oracle | Cloud Service Provider |
|
Mexico, United States | Binding Corporate Rules (BCRs) | Technical Brief Whitepaper |
| Qualtrics | Feedback, Reviews, and Survey Responses | If a customer chooses to provide feedback, reviews, or survey responses to Zoom, then Qualtrics may process:
|
Germany, United States | SCCs | Data Protection & Privacy |
| SendSafely | Encrypted file transfer service | Communications Content such as attachments MAY be shared with SendSafely but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction (i.e., as an attachment to a support ticket). | United States | SCCs | Privacy Policy | SendSafely | End-to-End Encryption |
| ServiceNow | Cloud-based Customer Service Platform | Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with ServiceNow but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction. | Germany, United States | SCCs | Complying with the General Data Protection Regulation (GDPR) |
| TaskUS | Support Providers | Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with TaskUS but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction. | Philippines | SCCs | Content Security |
| Twilio | Sends notification emails to customers’ invitees | If customers choose to send notification emails to invitees via Zoom, then Twilio will process the following data:
|
United States | SCCs | Twilio GDPR Whitepaper |
| Zendesk | Cloud-based Customer Service Platform | Communications Content such as cloud recordings or in-meeting chat transcripts MAY be shared with Zendesk but only if Customer chooses to provide it directly to a Zoom support agent through a support interaction. | United States | BCRs | Compliance Certifications and Memberships |
For additional subprocessors specific to Zoom Events, please see below. For more information about Zoom Events, please see the Zoom Events Privacy Statement.
| Zoom Events Authorized Subprocessors | |||||
| Name | Purpose | Data Shared with Subprocessor | Location | International Transfer Mechanism | Additional Safeguards
(links to subprocessor resources) |
| Stripe | Payment Processing | Payment and transaction information such as name, email, bank account details, payment card details, date/time/amount of transaction, and merchant name. | United States | SCCs | Stripe Privacy Center |
Updates
As our business grows and evolves, the Subprocessors we utilize may also change. We will provide the owner of Customer’s account with notice of any new Subprocessors to the extent required under contractual agreement, along with posting such updates here.
You may also use the form below to subscribe to updates.
What is a Zoom Affiliate?
A Zoom affiliate is any entity that Zoom directly or indirectly controls. Together with Zoom Video Communications, Inc., these affiliates form the Zoom Group.
International Transfers within the Zoom Group
All parties of the Zoom Group have entered a data transfer agreement that sets out the data protection requirements and incorporates the appropriate EU Standard Contractual Clauses (“SCCs”).
| Zoom Affiliates | |||||
| Entity Name | Registered Location | ||||
| ZOOM VIDEO COMMUNICATIONS, INC. | Delaware, USA | ||||
| ZVC JAPAN K.K. | Japan | ||||
| ZVC Netherlands B.V. | Amsterdam, Netherlands Norway (Branch Office) |
||||
| ZVC- Australia Pty Ltd. | New South Wales, Australia | ||||
| ZVC UK Ltd. | England Wales |
||||
| Zoom Voice Communications, Inc. | Delaware, USA Hong Kong (Bus. Registration) |
||||
| ZVC France SAS | Paris, France | ||||
| ZVC India Pvt. Ltd. | Mumbai, India | ||||
| ZVC Canada, Ltd. | Registered In: New Brunswick, Canada Extra Provincial Registrations: Alberta British Columbia Manitoba Ontario Quebec |
||||
| Keybase, LLC | Delaware, USA | ||||
| ZVC Singapore Pte. Ltd. | Singapore | ||||
| ZVC Germany GmbH | Germany | ||||
| Zoom Video Communications (Hong Kong) Limited | Hong Kong | ||||
| Zoom Video Communications (Shanghai) Co., Ltd. | China | ||||
| Saasbee Inc. (Hefei) Ltd. | China | ||||
| Saasbee Software (Hangzhou) Co., Ltd. | China | ||||
| Zoom Video Communications (Suzhou) Inc. | China | ||||
| Workvivo Limited | Ireland | ||||
| Date of Change | Change | Notes |
| 03 November 2023 | Added United States as a processing location for ServiceNow. | |
| 23 October 2023 | Added Workvivo as an affiliate.
Added Mexico as a processing location for Oracle. |
|
| 28 July 2023 | Added Anthropic as a subprocessor. | |
| 10 May 2023 | Removed CSS Corps from the Subprocessor list.
Added OpenAI, Qualtrics, and ServiceNow as subprocessors. Updated Cloudflare, MaestroQA, and Twilio for accuracy. Added Stripe as a subprocessor for Zoom Events. |
CSS Corps is no longer a vendor of Zoom. |
| 05 October 2022 | Added Taiwan as a processing location for Amazon Web Services.
Added Google Cloud Platform for processing in Taiwan only. Added SendSafely as a subprocessor. |
|
| 25 April 2022 | Added Microsoft as a subprocessor. | |
| 17 February 2022 | Removed Karlsruhe Information Technology Solutions from Affiliates list. Added MaestroQA, OneTrust, and Cloudflare to the list of Subprocessors for accuracy. Updated list of AWS locations for accuracy. |
Karlsruhe Information Technology Solutions was merged with ZVC Germany GmbH. Following an internal assessment, we identified the absence of three vendors. Zoom has always used these vendors for that purpose; they are not new subprocessors. |
| 30 December 2021 | Added Twilio, CSS Corp, TaskUS for accuracy. Added Zoom Affiliates for transparency. |
Following an internal assessment, we identified the absence of four vendors. Zoom has always used these vendors for that purpose; they are not new subprocessors. |
| 11 February 2021 | Updated regional locations of cloud service infrastructure providers | Updated regional locations of cloud service infrastructure providers for accuracy |
| 14 October 2020 | Removed vendors erroneously classified as subprocessors. | Following an internal assessment, we identified some vendors previously listed that did not, in fact, process any customer data for which Zoom is the data processor. For that reason, we removed them. |
| 14 October 2020 | Added Apple and Google Firebase for accuracy. | Following an internal assessment, we identified the absence of two vendors for mobile phone push notifications. Zoom has always used these vendors for that purpose; they are not new subprocessors. |