App Deauthorization

Description
If you have a web integration but you aren’t capturing user data, other than the token and refresh token, is there a need to notify for deauthorization?

Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth

Which Endpoint/s?
Deauthorization

Additional context
This is in the context of submitting an app to the marketplace

Hey @demo2Thalamus

Thanks for posting on the Zoom Devforum! I am still learning, but I will try my best to help answer your question. :slightly_smiling_face:

Checkout this related thread that may have the answer you are looking for:

If this thread did not help, please let us know by replying back here and someone from the Developer Relations team will get back to you shortly.

Thanks,
DeveloperBot

Thanks DevBot, but that answer did not help

Hi @demo2Thalamus,

Good question— If a user uninstalls your app from their account and does not want you to keep the data, then you should remove all the data related to the user , in order to be compliant. This would include not only the User ID, but the token, names, meeting history and any other data that you might have which belonged to the user.

Calling the Data compliance API is a way of letting Zoom know and record your app’s compliance. It lets us know that you have honored users’ data retention preferences on all fronts, and that you do not have any Zoom Customer Data stored on your servers, without the user’s consent (expressed via the de-authorization)—so making this call lets us know you’ve done your due diligence regardless of your servers’ storage.

I hope this helps to clarify!
Will

But what if we only have the tokens? Those expire automatically after 14 days.

Hi @demo2Thalamus,

Even if you only retain tokens, it is still required to call our Data Compliance endpoint.

Thanks,
Will

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.