Description
If you have a web integration but you aren’t capturing user data, other than the token and refresh token, is there a need to notify for deauthorization?
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth
Which Endpoint/s?
Deauthorization
Additional context
This is in the context of submitting an app to the marketplace
Good question— If a user uninstalls your app from their account and does not want you to keep the data, then you should remove all the data related to the user , in order to be compliant. This would include not only the User ID, but the token, names, meeting history and any other data that you might have which belonged to the user.
Calling the Data compliance API is a way of letting Zoom know and record your app’s compliance. It lets us know that you have honored users’ data retention preferences on all fronts, and that you do not have any Zoom Customer Data stored on your servers, without the user’s consent (expressed via the de-authorization)—so making this call lets us know you’ve done your due diligence regardless of your servers’ storage.