I am developing a Zoom OAuth User-based app to utilize meetings APIs which is integrated with a Web Application built using No-Code platform Bubble.io.
I requested to get a publishable URL to “share the app outside this account” as well as Submitting the app for review.
In response, received this message from Zoom Team
“Thank you for providing us with the completed Technical Design section and supporting evidence. Unfortunately, the App has failed our Security and Privacy Compliance Review. We are unable to approve the app in its current state as the evidence that was submitted is not supporting enough for approval. Our Beta review is comprehensive and documentation heavy, so we will also take into account any additional security documents you can provide us. This includes security policy, privacy policy, incident response plan, vulnerability management procedures, infrastructure/dependency management policies, etc. Please let us know if you have any questions.”
Can anyone please help understand what required documents should I provide here with any examples,
because the web application is created using no-code platform and Bubble.io have its own built in features to navigate and solve any data or security risk for its web application but it does not have built-in support for conducting static application security testing (SAST) or dynamic application security testing (DAST) scans directly within the platform.