Privacy & Security for Zoom Video Communications
Zoom keeps privacy and security top of mind for all end users. Find resources and features on how Zoom secures your data and protects your privacy.
If you think you have found a security vulnerability in Zoom, please visit our Vulnerability Disclosure Policy.
Securing your Zoom Meetings can start before your event even begins, with a robust set of pre-meeting features.
- Waiting Rooms: IT Admins can enforce waiting rooms at the account, group, or user level. You can also require them for all participants, or just for guests not included in your account. If made optional, meeting hosts can enable Waiting Rooms in the “Settings” menu of their Zoom profile.
- Passcodes: Passcodes can be set at the individual meeting level or can be enabled at the user, group, or account level for all meetings and webinars. Account owners and admins can also lock passcode settings, to require passcodes for all meetings and webinars on their account.
- Join by Domain: Only authenticated users can join meetings which requires individuals to sign into a zoom account and/or ensure their e-mail address is on an approved list before allowing them to join.
Zoom has controls at your fingertips to ensure your meetings are secure and disruption-free.
- Security options in toolbar: Meeting hosts have a Security icon in the toolbar for quick access to essential in-meeting security controls. See it in action!
- Lock the meeting: When a host locks a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and passcode (if you have required one).
- Put participant on hold: You can put an attendee on hold and their video and audio connections will be disabled momentarily.
- Remove participants: From that Participants menu, you can mouse over a participant’s name, and several options will appear, including “Remove”.
- Report a user: Hosts/co-hosts can report users to Zoom’s Trust & Safety team, who will review any potential misuse of the platform and take appropriate action.
- Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate gestures on video.
- Mute participants: Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable “Mute Upon Entry” in your settings, which is a good option for large meetings.
- Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting chat.
- Turn off annotation: You can disable the annotation feature in your Zoom settings to prevent people from writing all over the screens.
- Disable private chat: Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat amongst one another while your event is going on and cut back on distractions.
- Control screen sharing: The meeting host can turn off screen sharing for participants.
- Control recording: The ability to record to the cloud or locally is something an account admin can control. If they have recording access, the host can decide to enable/disable a participant or all participants to record.
- Do not allow participants to rename their ID: The host can disable the ability for participants to rename their onscreen identity.
- Turn on waiting rooms: The meeting host can turn on waiting rooms from within the meeting.
Protecting your data
You are entrusting us with your valuable data and information and we take great care to ensure your data is secure at all times.
- Encryption: Protecting your event content by encrypting the session’s video, audio, and screen sharing. This content is protected with the Advanced Encryption Standard (AES) 256 using a one-time key for that specific session when using a Zoom client. Optional end-to-end encryption ensures that no third party -- including Zoom -- has access to the meeting’s private keys. End-to-end encryption will be generally available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days.
- Audio Signatures: Embeds a user's personal information into the audio as an inaudible watermark if they record during a meeting. If the audio file is shared without permission, Zoom can help identify which participant recorded the meeting.
- Watermark Screenshots: Superimposes an image, consisting of a portion of a meeting participant’s own email address, onto the shared content they are viewing and the video of the person who is sharing their screen.
- Local Recording Storage: Recordings stored locally on the host’s device can be encrypted if desired using various free or commercially available tools.
- Cloud Recording Storage: Cloud Recordings are processed and stored in Zoom’s cloud after the meeting has ended; these recordings can be passcode-protected or available only to people in your organization. If a meeting host enables cloud recording and audio transcripts, both will be stored encrypted.
- File transfer storage: If a meeting host enables file transfer through in-meeting chat, those shared files will be stored encrypted and will be deleted within 31 days of the meeting.
- Cloud recording access: Meeting recording access is limited to the meeting host and account admin. The meeting/webinar host authorizes others to access the recording with options to share publicly, internal-only, add registration to view, enable/disable ability to download, and an option to protect the recording.
Security and Privacy Certifications
We are recognized by industry and security organizations for excellence.
- SOC 2 (Type II)
- FedRAMP (Moderate)
- GDPR, CCPA, COPPA, FERPA and HIPAA Compliant (with BAA)
- International Association of Privacy Professionals (IAPP) Silver Member
- Zoom’s security controls also align with the UK National Cyber Security Centre’s (NCSC) cloud security principles
- Authentication: Zoom offers a range of authentication methods such as SAML, Google Sign-in and Facebook Login, and/or Password based which can be individually enabled/disabled for an account.
- 2-Factor Authentication: Admins can enable 2FA for your users, requiring them to set up and use 2FA to access the Zoom web portal.
- Video Preview: Before you join a meeting, you can preview your video and select a virtual background, or decide to join without video.
- Attendee consent for recording: Account admins or meeting hosts can require that all recordings of meetings are accompanied by a pop-up notice to attendees that a recording is taking place, and there is a visual indicator when recording is on.
- Removed Attention Tracking: Zoom recently removed the option for training professionals to track if attendees were multi-tasking during a meeting.
- Meeting participants’ basic technical information: (Such as the user’s IP address, OS details, and device details) is collected for troubleshooting and admin reporting.
- Zoom stores basic information: Under user account profile information including: Email address, user password - salted, hashed, first and last name. Company name, phone number, and a profile picture are all optional to provide.
- We never have, and have no future intentions, to sell your information to advertisers.
- Zoom does not monitor your meetings or its contents.
- Zoom complies with all applicable privacy laws, rules, and regulations in the jurisdictions in which it operates, including the GDPR and the CCPA.
Hear what 3rd parties are saying
In the effort to present a balanced view, these articles offer a level-headed, thoughtful analysis of Zoom’s security and privacy.
“It is my opinion that Zoom has set the bar for the entire industry creating a product that is not only at least as secure as the competition, but also implements those security capabilities in a way that doesn’t sacrifice usability and ease of use.”
Beyond the noise — 7 reasons it’s safe to run Zoom by Rowan Trollope
“From personal experience, Zoom has brought together groups of family and friends during this time of crisis in ways that would be much harder on other platforms.”
Zooming to Conclusions by Vince Crisler
“Video conferencing company Zoom has been responsive to concerns over its software, the U.S. Department of Homeland Security (DHS) said in a memo recently distributed to top government cybersecurity officials and seen by Reuters.”
Video service Zoom taking security seriously -U.S. government memo from U.S. Department of Homeland Security by Raphael Satter and Christopher Bing
“[Zoom has] learned fast, improved fast, and from where I sit, they seem to be doing all of the right things.”
The Strange Zoom Pile-on by Robert Walker
“It’s just been a really fun and professional way, during these very uncertain times, to stay informed and to stay in touch. We need social interaction and we need to see each other, and it’s a really great way to make that available.”
Zoom Security: Everything That Home Users And IT Teams Need To Know by Former White House CIO Theresa Payton
“Zoom has responded admirably and incredibly quickly to a series of important privacy and security issues occasioned by its meteoric rise in users.”
It’s time to stop bashing Zoom by Jerry Bowles