What comprises Zoom user data for the purpose of Data Compliance?

What comprises Zoom user data for the purpose of Data Compliance? In particular:

  1. Is Zoom aid and uid (from the access_token, and from the deauthorization webhook) considered Zoom user data that must be purged on revoke? The reason we would like to retain this is for documenting our compliance.
  2. Is a transcoded version of the downloaded recorded meeting still considered Zoom user data?
  3. If a user in our app chooses to copy a video, perhaps for the express purpose of not including that video in the auto-delete of Zoom data at app uninstallation, is that still considered Zoom user data?
  4. Can user give us explicit permission to retain certain data (videos) but still not retain everything else? In this case, can their written permission for us to retain specified Zoom user data be in compliance with Zoom terms?

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Which Endpoint/s?
Data Compliance (POST /oauth/data/compliance)


Hey @nathaniel,

The basic answer is if it was received as part of the Zoom integration FROM Zoom it should be considered Zoom User Data.

Yes, this is Zoom user data. Do you have some other way you can document your compliance, maybe with a different user UUID that you generate?

Yes, assuming you mean a digital encoding format to another video format. The video is still user data regardless of format.

Yes, but you can obtain express written consent to keep the data/video.

Yes, this is legally permissible. You just need to obtain express written consent for any data the customer allows you to retain.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.