Description
Since there is no way to cancel a data purge request by the user on app deauthorization, will a re-authorization by that same user within 10 days after deauthorization cancel the need for data compliance actions required from the initial deauthorization?
Which App Type (OAuth / Chatbot / JWT / Webhook)?
OAuth
Which Endpoint/s?
Data Compliance: POST # /oauth/data/compliance
How To Reproduce (If applicable)
Steps to reproduce the behavior:
User uninstalls app from Marketplace and doesn’t check the “Grant App developer consent to retain data?” checkbox
User re-installs app within 10 days
App retains Zoom user data, and doesn’t call Data Compliance API within 10 days
==> Is app in compliance with Zoom terms?
From a business perspective it could cancel the need to delete that data as they are re-authorizing that company to have access to that data.
However, if the scope of data is LESS that what was originally provided than you would need to handle the delta.
It may be easier to just require deletion of all data on de-authorization but then reacquire that data when a subsequent authorization happens. However, that could be cumbersome.
Thanks for your response. It still does leave me unclear as to whether data needs to be deleted, so let me make my use case more explicit:
Aug 1st: User installs app and imports a Zoom meeting recording into our app
Aug 2nd: User uninstalls app from Marketplace and doesn’t check the “Grant App developer consent to retain data?” checkbox. Delete of Zoom user data is scheduled for Aug 11th.
Aug 3rd: User re-installs app using the same scope as was authorized on Aug 1st
App removes the scheduled Aug 11th Zoom user data deletion. App retains Zoom meeting recording imported on Aug 1st, and doesn’t call Data Compliance API.
==> Is app in compliance with Zoom terms?
From a user’s perspective, we want to inform the user how they can cancel a pending delete, and because there is no API or way in the Zoom Marketplace to do this, we want to tell the user that by re-authorizing the app, that will cancel a pending delete of Zoom user data.
Thanks so much for helping us get clarity on this.
~Nathaniel
The reason we wait to delete data is to give the users the ability to not have their data deleted in the event that they made a mistake, or change their mind, about wanting all of their imported Zoom user data deleted. The use case is that someone mistakenly uninstalls the app and wants to undo that action. Does that clarify it?
Thanks.
~Nathaniel
It might help for you to understand our use case a bit more. Our app allows an imported zoom video to be analyzed by our users where the user attaches comments and tags to different time codes in the video. If the video is deleted, all of that metadata is deleted as well.
For the sake of this question, please assume that deleting a Zoom imported meeting video recording would be a loss of time and additional data for this user that would not be able to be easily remedied by simply importing their data after a subsequent authorization.
So given all that, is a reauthorization of the app an implicit cancellation of a previous uninstall?
From a business perspective it could cancel the need to delete that data as they are re-authorizing that company to have access to that data.
However, if the scope of data is LESS that what was originally provided than you would need to handle the delta.
That being said, maybe you should warn the user or display a popup notifying them they are about to unlink their Zoom account so they do not do it accidentally.