Deauthorization and data compliance request

Dear Zoom,

I have a question regarding deauthorization request from zoom and data compliance request.
When we get a request from you, where user_data_retention=false, do we have to remove
join_url and host_url for created zoom meetings?

More information:
We made an App, where user authorizes us for his zoom account and we then create meetings for him (through your api). When user deauthorizes, we remove all credentials (oauth token, refresh token). But we would still want to keep data about his created meetings (only host and join urls). Can we keep this info in our DB, when user deauthorizes? Or do we have to delete it?

Thank you for your answer

Best regards

Bruno Pfohl

Hi @brunikb,

Good question, happy to clarify.

If a user uninstalls your app from their account and does not want you to keep the data, then you should remove all the data related to the user, in order to be compliant. This would include not only the User ID, but the token, names, meeting history and any other data that you might have which belonged to the user. If the user owned the meeting, the host url should be removed as well.

I hope this helps to clarify,

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.