When your application receive deauthorization request from zoom, you should need to delete the User-specific data: Recording data, meeting poll results, and Zoom UserID.
Authentication tokens: Access token and refresh token.
Yes, if a user deletes the app and sends a deauthorization request, you should delete all links to that tenant to ensure compliance with data privacy and security practices. This helps maintain a clean and secure environment for the remaining users.