Questions about encryption policies

I need answers to the following questions. Zoom phone and meetings is an integrated app in my instance of Salesforce. I am being asked by my customers about security risks. Here are my questions:

What are your allowable public-key or asymmetric encryption algorithms?

When symmetric encryption is used, do systems have the ability to change/update symmetric keys?

Are default vendor-defined keys changed to non-default values wherever possible such that the changed values are not known to the vendors?

Are symmetric keys used to encrypt backups protected?