Privacy & Security for Zoom Video Communications
Privacy and security are top of mind, especially during these times with end users working remotely. Below is an outline of our security and privacy features and resources for you to learn more. We are here to support you.
Securing your Zoom Meetings can start before your event even begins, with a robust set of pre-meeting features.
- Waiting Rooms: IT Admins can enforce waiting rooms at the account, group, or user level. You can also require them for all participants, or just for guests not included in your account. If made optional, meeting hosts can enable Waiting Rooms in the “Settings” menu of their Zoom profile.
- Passwords: Passwords can be set at the individual meeting level or can be enabled at the user, group, or account level for all meetings and webinars. Account owners and admins can also lock password settings, to require passwords for all meetings and webinars on their account.
- Join by Domain: Only authenticated users can join meetings which requires individuals to sign into a zoom account and/or ensure their e-mail address is on an approved list before allowing them to join.
Zoom has controls at your fingertips to ensure your meetings are secure and disruption-free.
- Security options in toolbar: Meeting hosts have a Security icon in the toolbar for quick access to in-meeting security controls.
- Lock the meeting: When a host locks a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if you have required one).
- Remove participants: From that Participants menu, you can mouse over a participant’s name, and several options will appear, including “Remove”.
- Put participant on hold: You can put an attendee on hold and their video and audio connections will be disabled momentarily.
- Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.
- Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable “Mute Upon Entry” in your settings, which is a good option for large meetings.
- Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat.
- Turn off annotation: You can disable the annotation feature in your Zoom settings to prevent people from writing all over the screens.
- Disable private chat: Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat amongst one another while your event is going on and cut back on distractions.
- Control screen sharing: The meeting host can turn off screen sharing for participants.
- Control recording: The ability to record to the cloud or locally is something an account admin can control. If they have recording access, the host can decide to enable/disable a participant or all participants to record.
- Do not allow participants to rename their ID: The host can disable the ability for participants to rename their onscreen identity.
- Turn on waiting rooms: The meeting host can turn on waiting rooms from within the meeting.
Protecting your data
You are entrusting us with your valuable data and information and we take great care to ensure your data is secure at all times.
- Encryption: Protecting your event content by encrypting the session’s video, audio, and screen sharing. This content is protected with the Advanced Encryption Standard (AES) 256 using a one-time key for that specific session when using a Zoom client.
- Audio Signatures: Embeds a user's personal information into the audio as an inaudible watermark if they record during a meeting. If the audio file is shared without permission, Zoom can help identify which participant recorded the meeting.
- Watermark Screenshots: Superimposes an image, consisting of a portion of a meeting participant’s own email address, onto the shared content they are viewing and the video of the person who is sharing their screen.
- Local Recording Storage: Recordings stored locally on the host’s device can be encrypted if desired using various free or commercially available tools.
- Cloud Recording Storage: Cloud Recordings are processed and stored in Zoom’s cloud after the meeting has ended; these recordings can be password-protected or available only to people in your organization. If a meeting host enables cloud recording and audio transcripts, both will be stored encrypted.
- File transfer storage: If a meeting host enables file transfer through in-meeting chat, those shared files will be stored encrypted and will be deleted within 24 hours of the meeting.
- Cloud recording access: Meeting recording access is limited to the meeting host and account admin. The meeting/webinar host authorizes others to access the recording with options to share publicly, internal-only, add registration to view, enable/disable ability to download, and an option to password protect the recording.
Security and Privacy Certifications
We are recognized by industry and security organizations for excellence.
- SOC 2 (Type II)
- FedRAMP (Moderate)
- GDPR, CCPA, COPPA, FERPA and HIPAA Compliant (with BAA)
- Privacy Shield Certified (EU/US, Swiss/US, Data Privacy Practices)
- TrustArc Certified Privacy Practices and Statements
- Authentication: Zoom offers a range of authentication methods such as SAML, Google Sign-in and Facebook Login, and/or Password based which can be individually enabled/disabled for an account.
- 2-Factor Authentication: Admins can enable 2FA for your users, requiring them to set up and use 2FA to access the Zoom web portal.
- Video Preview: Before you join a meeting, you can preview your video and select a virtual background, or decide to join without video.
- Attendee consent for recording: All recordings of meetings are accompanied by a pop-up notice to attendees that a recording is taking place, and there is a visual indicator when recording is on.
- Removed Attention Tracking: Zoom recently removed the option for training professionals to track if attendees were multi-tasking during a meeting.
- Meeting participants’ basic technical information: (Such as the user’s IP address, OS details, and device details) is collected for troubleshooting and admin reporting.
- Zoom only stores basic information: Under user account profile information including: Email address, user password - salted, hashed, first and last name. Company name, phone number, and a profile picture are all optional to provide.
- We never have, and have no future intentions, to sell your information to advertisers.
- Zoom does not monitor your meetings or its contents.
- Zoom complies with all applicable privacy laws, rules, and regulations in the jurisdictions in which it operates, including the GDPR and the CCPA.
Hear what 3rd parties are saying
In the effort to present a balanced view, these articles offer a level-headed, thoughtful analysis of Zoom’s security and privacy.
“From personal experience, Zoom has brought together groups of family and friends during this time of crisis in ways that would be much harder on other platforms.”
Zooming to Conclusions by Vince Crisler
“Video conferencing company Zoom has been responsive to concerns over its software, the U.S. Department of Homeland Security (DHS) said in a memo recently distributed to top government cybersecurity officials and seen by Reuters.”
“[Zoom has] learned fast, improved fast, and from where I sit, they seem to be doing all of the right things.”
“It’s just been a really fun and professional way, during these very uncertain times, to stay informed and to stay in touch. We need social interaction and we need to see each other, and it’s a really great way to make that available.”
“Zoom has responded admirably and incredibly quickly to a series of important privacy and security issues occasioned by its meteoric rise in users.”
It’s time to stop bashing Zoom by Jerry Bowles