Data Compliance with User Data stored on User Device

Hello, we are currently developing a Zoom App for our product where users can see their past zoom meetings and phone calls.

We do understand that upon uninstalling the Zoom App we need to delete all (user) data within our systems (in the cloud) but what is a bit unclear is how to handle data stored on the users device/within an Mobile/Desktop App installed on a device. So basically data not stored in the cloud.

Let’s say the user installs a Zoom App enabling a Desktop App to store that users data locally on a PC (utilizing the API directly).
Sometimes later the user uninstalls the Zoom App via the Zoom Website. We clear all data from our cloud systems upon “De-Auth Notification” but how do we handle the local data? What if the user never starts the Desktop App again (within the 10 days limit), so it cannot get notified to delete the data (by our cloud system)? Does that kind of data even fall under the Data Compliance as we do not have access to it but only the users themselves?

Just to clarify: we understand (and agree) that deletion of all user data in the cloud is relevant and a necessity. But what to do with data we have no access to (any longer) because it is stored “offline” / outside the cloud by the user?

Hey @bastian.brodbeck,

Checkout Section 3.2 Deactivation and Data Deletion to answer your question: https://zoom.us/marketplace_developer_agreement

Let me know if you have any additional questions.

Thanks,
Tommy

Sorry, I am just a developer not a lawyer. And it does not really answer the question, does it? I already agreed that deleting the data (within 10 days) is relevant and acknowledged the existence of section 3.2.

My question was targeted at the technical applicability of these terms in regards to data we do not have access to as it is stored offline on the users device(s).

What if the Computer Program storing/caching/holding the the data is neither deleted by the user nor opened and connected to the internet within 10 days?
As we do not have control over the user or their devices it would be technically impossible to delete such data. Again it is not that we do not want to!

Hence my question: what if we want to, but we cannot?
In this case, is it not the users responsibility to allow us to remove offline stored data?
And how to inform Zoom API about such a case as only the “success case” is specified and not the “we would like to, but a user prevented us from doing so”-case…

What are your experiences in regards to such situations. What are common-practices handling offline data-deletion?

Also what is “Application Data pertaining to End Users” exactly? Is a meetings topic and the users connection duration “pertaining to” the End User?

Cheers

Hey @bastian.brodbeck,

Can I ask what is your use case for storing data on the users local device? I understand you, the developer does not have control of the local device. If the user chooses to save their own data, for example saving a recording of their meeting to their machine, that is their choice since it is their data/recording.

Thanks,
Tommy

Our product is a Desktop App not a Cloud Product, so it does not run in the Cloud. Data is saved on the local machine because a user can not be/does not want to be online all the time and wants to see data when offline. We also cannot not just pull/refresh the data every couple of seconds due to Rate Limits—it would also be quite impractical. We need to store the data in a local database (long term cache) so we can display all information within the App.

Hence my question.

And again, it is not that we do not want to delete that data, but we might not always be able/allowed to do so…

Hey @bastian.brodbeck ,

To answer your question, if the user chooses to save their own data, for example saving a recording of their meeting to their machine, that is their choice since it is their data/recording. :slight_smile:

Thanks,
Tommy