Deauthorization and data compliance request

brunikb · December 7, 2020, 5:21pm

Dear Zoom,

I have a question regarding deauthorization request from zoom and data compliance request.
When we get a request from you, where user_data_retention=false, do we have to remove
join_url and host_url for created zoom meetings?

More information:
We made an App, where user authorizes us for his zoom account and we then create meetings for him (through your api). When user deauthorizes, we remove all credentials (oauth token, refresh token). But we would still want to keep data about his created meetings (only host and join urls). Can we keep this info in our DB, when user deauthorizes? Or do we have to delete it?

Thank you for your answer

Best regards

Bruno Pfohl

will.zoom · December 8, 2020, 7:40pm

Hi @brunikb,

Good question, happy to clarify.

If a user uninstalls your app from their account and does not want you to keep the data, then you should remove all the data related to the user, in order to be compliant. This would include not only the User ID, but the token, names, meeting history and any other data that you might have which belonged to the user. If the user owned the meeting, the host url should be removed as well.

I hope this helps to clarify,
Will

system · January 8, 2021, 5:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Deauthorization API Questions API and Webhooks	2	408	August 21, 2021
App Deauthorization API and Webhooks	6	1007	December 6, 2020
What data should be deleted as part of fulfilling data compliance? API and Webhooks	3	852	June 19, 2020
Data Compliance - Publishing an App - Documentation. Deactivation event API and Webhooks	2	354	August 21, 2020
Deauthorization API API and Webhooks	6	1818	May 28, 2019

Deauthorization and data compliance request

Related Topics