zoom.com privacy policy — score 65/100 (medium risk)
Último análisis
El contenido del informe (resumen, hallazgos, citas) se generó en inglés y no está localizado.
Zoom Communications, Inc. · zoom.us
Detalles del informe
medium riesgoZoom's privacy portal demonstrates significant investment in compliance infrastructure and EU-specific safeguards, but the page itself is a navigation hub rather than a substantive policy, leaving critical details about data collection, AI training, and third-party sharing behind links that weren't provided for analysis.
This is Zoom's 'Privacy at Zoom' landing page — a portal linking to privacy statements, DPAs, subprocessor lists, infrastructure fact sheets, and AI-specific resources. It signals strong compliance awareness (GDPR references, EU infrastructure, Data Transfer Impact Assessments, ISO 27701, SOC 2 Type 2) but does not itself contain the substantive privacy policy text, data collection specifics, retention periods, or detailed AI data handling practices. The page is more of a trust-building and navigation resource than a document from which concrete privacy commitments can be extracted.
Evaluación por categoría
Desglose de la política en las principales áreas de cumplimiento. Bueno = sólido, regular = mixto, deficiente = preocupante.
The page does not describe what data is collected or whether collection is minimized; the actual Privacy Statement behind the link would contain this information.
The portal is well-organized and links to specific resources, but transparency cannot be assessed without the actual policy text behind those links.
A subprocessor list is referenced and linked, but no details about who subprocessors are or what data they access are available on this page.
Zoom explicitly references the EU-US Data Privacy Framework, Global DPA, Data Transfer Impact Assessments, and EU/UK infrastructure fact sheets, showing strong awareness of transfer requirements.
AI Companion data handling is mentioned with dedicated resources linked, but the page itself is silent on whether user data trains AI models or whether opt-out exists.
Consent settings and data management tools are referenced, but specific GDPR rights (access, deletion, portability, objection) are not described on this page.
Hallazgos clave
Cláusulas destacadas, problemas o buenas prácticas detectadas (críticos primero)
Portal page, not a substantive privacy policy
The entire page is a navigation hub linking to at least 15 separate documents (Privacy Statement, Global DPA, subprocessor list, AI Companion resources, etc.). No actual data processing details, retention periods, or legal bases appear on this page itself, making independent compliance assessment impossible from this content alone.
AI Companion data handling referenced but not detailed
The page states 'We understand that AI technology is changing rapidly and our customers and users want clarity on how their data is handled by Zoom when they use these AI features' and links to 'AI Companion security and privacy' and 'AI Companion data privacy lifecycle' documents. However, the page itself is completely silent on whether AI features use customer data for model training, what retention applies to AI inputs/outputs, or whether opt-out is available.
No retention periods, legal bases, or data categories specified
The page does not list what personal data categories Zoom collects, the legal bases for processing, or data retention periods. These are fundamental GDPR transparency requirements that would be in the linked Privacy Statement.
Strong EU transfer infrastructure signaled
Zoom references the EU-US Data Privacy Framework, a Global Data Processing Addendum, Data Transfer Impact Assessments for multiple products (Meetings/Chat/Webinars, Phone, Contact Center, Virtual Agent), and EU/UK/Regional Infrastructure Fact Sheets. This is a comprehensive set of transfer-related resources that suggests serious attention to Schrems II compliance.
Certifications and compliance frameworks listed
The page lists ISO 27701 certification, SOC 2 Type 2 attestation, and iAPP membership. These are meaningful privacy certifications, though the page does not provide scope details or links to the actual audit reports.
SURF partnership for Dutch/EEA education customers
The page highlights a partnership with SURF (Dutch higher education IT organization) to 'adapt and update our policies' for enterprise and education customers in the Netherlands and EEA. This suggests Zoom has made EU-specific policy accommodations, though the specifics are not described.
Resumen para el usuario
Zoom appears to have built a comprehensive privacy and compliance framework, especially for EU customers, but you cannot assess the real privacy impact from this page alone — you must review the linked Privacy Statement, AI Companion documentation, and subprocessor list.
Postura de cumplimiento
Zoom signals GDPR alignment through its Global DPA, EU infrastructure fact sheets, Data Transfer Impact Assessments, and EU-US Data Privacy Framework certification. However, the substantive terms are in linked documents not provided here, so actual compliance cannot be fully verified from this content.
Transferencias en la UE
Zoom references the EU-US Data Privacy Framework and provides EU/UK/Regional Infrastructure Fact Sheets and Data Transfer Impact Assessments, indicating awareness of Schrems II requirements. The actual transfer mechanisms and safeguards are in linked documents.
Señales detectadas
Datos y prácticas específicas identificadas en el texto
Fragmentos de evidencia
Citas directas de la política que respaldan estos hallazgos
Privacy isn't a privilege, it's your right.
We understand that AI technology is changing rapidly and our customers and users want clarity on how their data is handled by Zoom when they use these AI features.
Zoom is proud to announce that we have reached the next milestone for our enterprise and education customers in the Netherlands and all of the EEA. Over the last few years, we have worked with SURF, the collaborative organization for IT in Dutch higher education and research, to adapt and update our policies.
We've built privacy into the core of our products, empowering you with robust controls and transparency.
Ausente o poco claro
- No actual privacy policy text with data categories, legal bases, or retention periods
- No AI training opt-in/opt-out language
- No subprocessor names or data access details
- No cookie or tracking details despite Cookie Statement being linked
- No data breach notification procedures described
- No DPO contact information provided
- No specific user rights procedures or response timelines
- No details on what the EU infrastructure fact sheets actually contain regarding data residency
Preguntas que hacer
- Does Zoom AI Companion use customer audio, video, chat, or meeting content to train Zoom's AI models or any third-party models, and if so, is there a clear opt-out mechanism?
- What specific data residency guarantees does the EU Infrastructure Fact Sheet provide — is customer data stored and processed exclusively within the EU/EEA, or can it be accessed from the US for support or other purposes?
- What are the specific retention periods for meeting recordings, chat messages, and AI-generated content (summaries, action items)?
- How many subprocessors does Zoom use, and are any located outside the EU/EEA with access to EU customer data?
- What specific policy adaptations did Zoom make as part of the SURF partnership, and are those adaptations available to all EEA customers or only Dutch educational institutions?
- Does Zoom's Global DPA include Standard Contractual Clauses, and if so, which module and which supplementary measures have been implemented?
Compartir este análisis
Cualquiera con este enlace puede ver el resultado anterior.
Creado por DentroChat
Chat de IA 100 % europeo para todos
Chatea con la IA, trabaja con archivos, genera imágenes y busca en la web. Los datos permanecen en Europa.