AI Companion Security and Privacy

This digital whitepaper describes Zoom AI Companion’s security and privacy features as of the date of publication and not other AI products or services offered by Zoom. In our continuing commitment to empowering productivity — while keeping security and privacy at the core of our products — the features described in this paper may evolve.

Last updated: March 5, 2025

AI Companion Security and Privacy

In this whitepaper, we’ll cover

Overview of Zoom AI Companion and commitment to responsible AI

Jump to

Data flow and transmission to third parties

Jump to

Data processing, storage, and retention

Jump to

AI Companion features

Jump to

Putting you in control of AI Companion capabilities

Jump to

Secure Development of Generative AI Features

Jump to

Generative AI Model Security

Jump to

Security Assesments

Jump to

Zoom AI Companion

Zoom AI Companion, Zoom’s generative AI assistant, empowers individuals by helping them be more productive, connect and collaborate with teammates, and improve their skills. Zoom AI Companion is a set of generative AI features that can be enabled across the Zoom platform.

 

Zoom’s unique federated approach to generative AI is designed to deliver high-quality results by dynamically incorporating Zoom’s artificial intelligence models as well as third-party artificial intelligence models provided by subprocessors, such as OpenAI and Anthropic. With this approach, AI Companion can incorporate innovations in artificial intelligence models while providing users with the benefits of improved quality and performance.

Zoom’s Commitment to Responsible AI

Zoom is committed to developing AI responsibly, with security and privacy at the core of the generative AI capabilities it provides to its customers. Zoom recognizes that generative AI presents an evolving set of risk considerations for its customers, and the company is committed to prioritizing transparency and customer choice as it brings generative AI features to market.

 

In line with these commitments, Zoom has announced that it does not use any customer audio, video, chat, screen sharing, attachments, or other communications-like customer content (such as poll results, whiteboard, and reactions) to train Zoom’s or its third-party artificial intelligence models.

 

Zoom provides controls at the account, group, and user levels, allowing administrators to select which AI Companion features or capabilities they wish to enable for specific Zoom product offerings and which users have access. For example, for Zoom Meetings, administrators can enable the AI Companion features at the account level and meeting hosts can choose whether to activate them for specific meetings. To provide transparency, meeting participants will see an in-product notification describing the generative AI Companion capabilities that are activated for that meeting.

Data Flow

Data Flow and Transmission to Third Parties

Data used by AI Companion is sent from the user to Zoom-hosted and/or third-party generative artificial intelligence models. Customer data is encrypted in transit between customers and Zoom, between Zoom data centers, and between Zoom and third-party model providers. Customer data is encrypted at rest within Zoom's platform and the platform of any third-party model provider.
The following diagram is an example of the general flow through Zoom systems and, where relevant, to third-party models:

workflow

Third-Party Subprocessors

As part of Zoom’s federated approach to AI, artificial intelligence models from third parties, such as Anthropic and OpenAI, may be used for certain AI Companion features alongside Zoom’s artificial intelligence models to provide high-quality results. Zoom uses the Perplexity service to provide web content search results for AI Companion.

 

Zoom requires its subprocessors to satisfy obligations equivalent to those outlined in Zoom’s Data Processing Agreement. Zoom’s subprocessors are subject to security assessments on at least an annual basis as part of Zoom’s third-party risk management program. Zoom’s third-party risk management controls are assessed by independent audit firms in many of its security certifications and attestations, which are available to customers on Zoom’s Trust Center.

Data Processing, Storage, and Retention

Zoom does not use any customer audio, video, chat, screen sharing, attachments, or other communications-like customer content (such as poll results, whiteboard, and reactions) to train Zoom’s or its third-party artificial intelligence models.

 

Zoom AI Companion features must use certain content to provide the service.

Consistent with Zoom’s Privacy Statement, Zoom employees may not access or use customer content, including meeting, webinar, messaging, or email content (specifically, audio, video, files, in-meeting whiteboards, messaging, or email content), any content generated or shared as part of other collaborative features (such as out-of-meeting whiteboards), or content generated by AI Companion, unless authorized by the account owner or administrator of the account hosting the Zoom product or service where the customer content was generated, or as required for legal, safety, or security reasons.

Zoom’s federated approach to AI utilizes multiple AI models and AI services to provide its AI Companion features. Below is a summary of the models used for AI Companion. AI Companion strategically leverages these models to provide high-quality results in response to users’ interactions with Zoom’s product.

 

  • Zoom-hosted models*
  • Anthropic models (e.g., Claude 3.5)
  • OpenAI models (e.g., GPT-4, DALL·E 3)

 

Zoom uses Perplexity to provide web content search results for AI Companion. Changes to the models used in federation can occur at any time to improve the service or resolve issues and outages. In addition, maintenance of the models hosted by Zoom may include changes to their capabilities and responses. Customers on Zoom-hosted Models Only will not utilize external models in the event of an outage or other service interruption.

*IMPORTANT NOTE: Zoom offers a Zoom–hosted Models Only option, which means that data will not be sent to third-party models for processing. To enable this feature please reach out to your account team or log a support ticket.

In general, Zoom stores and retains customer content and personal data for as long as required to engage in the uses described in its Privacy Statement, unless a longer retention period is required by applicable law. 

After providing the AI Companion service, Zoom may retain the customer content (see tables below) for up to 30 days for support and debugging purposes* unless a longer retention period is required by applicable law, including for trust and safety purposes, or based on customer request or account settings. In the context of data retention and processing, “trust and safety purposes” refers to measures taken to protect the safety and integrity of a service and its users. This involves retaining certain data for a period of time to help prevent abuse and misuse. Additional information on Zoom’s Trust and Safety processes may be found in Zoom's Safety Center. In addition, certain content may be stored in accordance with the customer’s retention settings or policies, as described under “Customer Data Storage and Retention” and in the tables below.

If the AI Companion feature relies on a third-party artificial intelligence model, pursuant to Zoom’s contracts, the third-party model provider may retain the content used to provide the service for trust and safety purposes, within the U.S., for up to 30 days, unless a longer retention period is required by applicable law.

*IMPORTANT NOTE: Zoom offers a Zero Data Retention option with respect to Zoom’s retention of the temporary transcript, screen shared content via OCR, and in-meeting chat messages used to provide a Meeting Summary. When enabled, these inputs will be deleted by Zoom immediately after the summary is created. If a summary fails to be created these inputs will be retained for up to 24 hours to allow for retries. To enable this feature please reach out to your account team or log a support ticket.

Customers may choose Zoom’s storage location for some of the AI Companion outputs for their account. These settings differ based on the feature in use, and many align with existing retention policies of the related Zoom product.

AI Companion is available to customers hosted in the U.S., with certain limitations for customers in select regions that are not supported by our third-party model providers and customers in select industry verticals. For customers hosted outside of the U.S., in order to align with the data residency preferences for those accounts, AI Companion is available with the Zoom–hosted Models Only option. However, if the underlying product is not available to those customers, the related AI Companion feature will not be available.

AI Companion Features

Below is a summary of each AI Companion feature as of the date of this whitepaper. This includes the content used or generated by the feature, where the model provider processes and stores the content, and if applicable, the customer storage location and relevant retention settings and policies that apply in addition to the model provider’s 30-day retention period after providing the service.

zoom ai companion AI Companion 2.0 Meetings Meetings Mail & Calendar Mail & Calendar Team chat Team Chat Whiteboard Whiteboard Phone Phone clip Clips Docs Docs events Events Workspace Reservations Workspace Reservations

AI Companion panel in Zoom Workplace

Allow users access to the AI Companion panel within the Zoom Workplace app, allowing them to get assistance from AI Companion based on the data within applications they have given it permission to access.

Minimum Zoom Workplace app version

6.2.5

Zoom-hosted Models Only (ZMO) Eligible**

** AIC 2.0 is available with ZMO for customers hosted in the US and to those hosted in select regional locations which include: Europe, Canada, and India.

Model Processing and Provider Storage Location

Feature Inputs/Outputs

Input
  • User input
  • Zoom content
  • Third-party data sources*
  • Web content*
    • Not available with ZMO
  • Local file uploads
Output

*Please see “AI Companion panel in Zoom Workplace“ below for further information on how this feature functions.

Customer Retention Controls and Additional Information

AI Companion will be able to access Zoom data available to the enabled user (e.g. Meeting summaries, transcripts, Team Chat messages, Zoom Docs, Contacts, etc.), as well as any enabled third-party data sources to provide responses to your users.

Third-party content from Microsoft 365 and Google requires the user to authenticate the connection for AI Companion to utilize this content. You can learn more about how to authenticate in our “Using calendar and contacts integration” support article.

Zoom uses Perplexity to provide web content when providing answers with AI Companion. Perplexity processes data in the US.

AI Companion panel in Zoom Workplace

The release of the new AI Companion panel in Zoom Workplace app 6.2.5 introduces new interactions throughout the Zoom platform, including enhanced ways to use Zoom and third-party data sources to provide responses to your users.

Enabling the AI Companion panel

The AI Companion panel in Zoom Workplace can be enabled or disabled at the account, group, and user levels, and retention settings for conversations with the AI Companion panel can also be managed at the account, group, and user levels. When enabled, users will see the new AI Companion diamond on the top right of their Zoom Workplace app.

Data Sources and Access

When using the AI Companion panel, access to data sources is determined by account settings and user’s underlying permissions. The system leverages and indexes data across your Zoom account, as well as any other enabled data sources, to answer user prompts, based on the user’s underlying permissions. Citations and sources are provided for responses to assist users in understanding which data source was used to provide a response.

The AI Companion panel will use a combination of available data sources, and general knowledge available within the models, to provide responses to users.

Zoom Data Sources
When the AI Companion panel is enabled, available Zoom data from Meetings, Team Chat, Docs, Zoom Mail, Zoom Calendar, and Contacts will be used as data sources to provide responses to user prompts. In order for AI Companion to access meeting transcripts for context, the setting “Allow meeting hosts to retain and access meeting transcripts” described under “Managing Meeting Transcript Usage” above must be enabled.

Third-party Data Sources
If enabled, Zoom AI Companion can use data from Microsoft and/or Google to provide additional context to respond to user prompts. Account admins can enable the use of these third-party calendar events, emails, and documents by their users. Users must first connect their third-party account to Zoom on their Profile page. When enabled by account admins and connected by users, content will be indexed and stored by Zoom, which allows AI Companion to find relevant content when answering user prompts. Zoom will store content that has been viewed or edited within the last 30 days for authenticated users, so only recent content is used when providing responses. The initial syncing of content is not instant and will occur over time in the background as data is indexed. 

When an account admin disables the third-party data source for their account, Zoom will begin deletion of the stored content within Zoom. 

Web Content
If the “Web Content” setting is enabled, AI Companion will be able to search the web for general knowledge questions. We utilize our partner Perplexity to find relevant content to help answer the user’s prompt. AI Companion will first search internal sources prior to utilizing a general web search to answer the user prompt. Citations to the source material will be provided to users. Zoom requires Perplexity to delete inputs and outputs promptly upon delivery of the output. Perplexity is not permitted to train its artificial intelligence models on Zoom customer content. 

Local Files
If the “Local file uploads” setting is enabled, users will be able to add files from their personal device to their AI Companion prompts. When uploaded by the user, the file is stored within Zoom File Storage for up to seven days to allow the user to continue to use the document as context in their conversation with the AI Companion panel.

Differences for enabled users

Accounts may choose to enable the AI Companion panel in Zoom Workplace for only certain users. For users who do not have the Zoom Workplace panel enabled, they will only be able to use the panel in meetings where the Meeting questions feature is enabled. This means the experience for users can differ based on whether or not the AI Companion panel is enabled. Only users who have the feature enabled will be able to ask questions against data sources outside of the meeting (i.e., other than the current meeting transcript). 

An enabled user may use their AI Companion panel to ask questions in the meeting even if the host has disabled AI Companion from accessing that meeting. AI Companion will not have access to the meeting transcript and therefore will not be able to answer questions related to the content of the meeting. However, the AI Companion panel will still be able to access other data sources the user has access to, such as Team chat messages or web content.

Smart recordings

Review cloud recordings faster through highlights, smart chapters, summaries, and next steps, and get analytics on key meeting and conversation factors.

Minimum Zoom Workplace app version

5.16.5

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - meeting host’s content storage location
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Input
  • Cloud recording
  • Audio transcript
Output
  • Recording highlights, smart chapters, next steps, meeting coach metrics
    • Stored in - meeting host’s content storage location

Customer retention controls and additional information

Follows meeting host’s configured cloud recording retention settings.

Meeting Summary

Generate a summary and next steps of what was discussed in your meeting and share through email and Team Chat. Transcription begins once the meeting summary feature is activated by the meeting host.

Minimum Zoom Workplace app version

5.14.2

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - meeting host’s content storage location & “live transcript” location
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Audio transcript
    • Zero Data Retention (ZDR) Eligible
    • Transcription begins once the meeting summary feature is activated by the meeting host.
    • The meeting summary only uses the transcript of the current meeting when generating the summary.
  • In-meeting chat messages
    • Zero Data Retention (ZDR) Eligible
  • Shared screen content via OCR
    • Zero Data Retention (ZDR) Eligible
Outputs
  • Meeting summary
    • Stored in - meeting host’s content storage location

Customer retention controls and additional information

Summaries are stored in the web portal in accordance with the account, group, and/or user retention settings.


Summaries shared within the continuous meeting chat are stored in accordance with the customer’s Zoom Team Chat retention settings.


Admins and users can choose whether the full text of a meeting summary or just a link to the summary is shared via email. This can be managed at the account, group, and user level.

Emails are stored in accordance with the customer’s retention settings with the email provider.*

When enabled, in-meeting chat messages (excluding direct messages) are used as additional context when generating the summary. In-meeting messages are  subject to customer retention settings if continuous meeting chat is enabled.

When enabled, screen shared content via optical character recognition (OCR) is used to refine the meeting transcript and improve entity recognition for the summary.

When enabled, the audio transcript generated for meeting summary can be used by other AI Companion features, for example Zoom Docs.

*Zoom uses Twilio Sendgrid as its email provider to deliver the meeting summary or link to the meeting summary (depending on the customer’s settings). Twilio Sendgrid uses a process that takes random content samples of emails and retains the information for 7 days for anti-fraud purposes and troubleshooting. Twilio processes data in the US.

Meeting questions

Quickly catch up and get clarity on what you missed before you joined a meeting without interrupting it.

Transcription begins once the meeting questions feature is activated by the meeting host.

Minimum Zoom Workplace app version

5.15.12

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - meeting host’s content storage location & “live transcript” location
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Audio transcript
  • Question
    • Meeting questions uses the transcript of the current meeting
Outputs
  • Answer

Customer retention controls and additional information

When enabled, the audio transcript generated for meeting questions can be used by other AI Companion features, for example Zoom Docs.

Virtual background generation

Choose the best backdrop with AI generated virtual backgrounds.

Minimum Zoom Workplace app version

6.0.0

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - meeting host’s content storage location
  • OpenAI - US
  • Anthropic - US

Feature Inputs/Outputs

Inputs
  • User prompt
Outputs
  • Virtual background image

Customer retention controls and additional information

Virtual backgrounds generated by the service are stored on the user’s personal device. 

Zoom uses AWS (Amazon Rekognition) to provide moderation services on the generated images. Moderation occurs within AWS data centers in the US.

Email compose

Compose and reply to emails faster with suggested content based on the email thread and what you want to say.

Minimum Zoom Workplace app version

5.15.0

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Input
  • User prompt
  • Email thread
Output
  • Email draft
    • Stored in - customer email provider

Customer retention controls and additional information

Emails are stored in accordance with the customer’s retention settings with the email provider.

Chat compose

Draft messages based on conversational context and what you want to say, as well as customize its tone and length.

Minimum Zoom Workplace app version

5.14.10

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Chat message text for the selected chat thread
  • Chat participant names
  • User prompt
Outputs
  • Message draft
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

If the output is posted to the chat, the chat message is stored in accordance with the customer’s Zoom Team Chat retention settings.

Thread summary

Quickly summarize the content of long Team Chat threads.

Minimum Zoom Workplace app version

5.16.10

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Chat message text for the selected chat thread
  • Chat participant names
Outputs
  • Thread summary

Quick scheduling

Easily schedule meetings based on conversation context.

Minimum Zoom Workplace app version

5.16.10

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Chat message text, participant names and emails
Outputs
  • Schedule suggestion
    • Stored in - customer calendar provider

Customer retention controls and additional information

If the suggestion is used to schedule a meeting, the scheduled meeting will be subject to the customer’s calendar provider’s retention policies.

Sentence completion

Quickly complete messages by accepting suggestions as they appear in real time as you type.

Minimum Zoom Workplace app version

5.17.10

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Chat message text
Outputs
  • Message draft
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

If the output is posted to the chat, the chat message is stored in accordance with the customer’s Zoom Team Chat retention settings.

Quick reply

Quickly respond to messages using AI recommended responses with a single click.

Minimum Zoom Workplace app version

6.0.0

Mobile only

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Chat message text
Outputs
  • Message draft
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

If the output is posted to the chat, the chat message is stored in accordance with the customer’s Zoom Team Chat retention settings.

Content generation

Generate ideas, refine and extend existing content, and add objects to a canvas.

Minimum Zoom Workplace app version

5.16.0

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s content storage location
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Whiteboard content
  • User prompt
Outputs
  • Whiteboard content
    • Stored in - user’s content storage location

Customer retention controls and additional information

If the output is posted to the whiteboard, the whiteboard content is stored in accordance with the customer’s Whiteboard retention settings.

Call summary

Generate a call summary of what was discussed in your phone call conversation to gather information important to you. Edit and share it as you see fit.

Minimum Zoom Workplace app version

5.17.10

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Audio transcript
Outputs
  • Call summary
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Summaries are stored until deleted by the user or account administrator, or until the user or customer account is terminated.

Voicemail tasks

Quickly access a summarized list of tasks from your voicemail transcription.

Minimum Zoom Workplace app version

5.17.10

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Audio transcript
Outputs
  • Voicemail task
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Follows the site’s configured voicemail retention policy.

Voicemail prioritization

Quickly prioritize your voicemails using topic or intent.

Minimum Zoom Workplace app version

5.17.5

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Audio transcript
Outputs
  • Voicemail priority
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Follows the site’s configured voicemail retention policy.

SMS thread summary

Summarize your SMS threads as a member of a call queue or auto receptionist to quickly generate your responses.

Minimum Zoom Workplace app version

5.16.5

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • SMS message content
  • SMS participant names
Outputs
  • Thread summary

Generate title, description, tags and chapters with AI Companion

Quickly create titles, descriptions, and chapters for your Clips based on the content recorded.

Minimum Zoom Workplace app version

N/A

Zoom-hosted Models Only (ZMO) Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Audio transcript
Outputs
  • Title and description
    • Stored in - customer’s provisioned data center

Content generation and revision

Allow users to use AI to generate and revise content, including the ability to create new summary templates from existing transcripts.

Minimum Zoom Workplace app version

6.1.5

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Doc text
  • Audio transcript
  • Meeting summary
  • User prompt
Outputs
  • Doc content
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Meeting summaries and audio transcripts, when enabled*, can be selected by the user to be used as inputs. The user will only have access to Meeting summaries and audio transcripts they have permission to access.

*For more information see “Managing Meeting Transcript Access” under Putting You In Control of AI Companion Capabilities.

Sentence completion

Quickly complete messages by accepting suggestions as they appear in real time as you type.

Minimum Zoom Workplace app version

6.1.5

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Doc text
Outputs
  • Doc content
    • Stored in - customer’s provisioned data center

Events

Draft chat messages for your Lobby chat based on conversational context and what you want to say, as well as customize the tone and length.

Minimum Zoom Workplace app version

N/A

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Chat message text for the selected chat thread
  • Chat participant names
  • User prompt
Outputs
  • Message draft
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Messages posted during an event are only accessible while the event is live.

Email compose

Generate an email, subject lines, titles, and calls to action, using context from your Zoom Event description and/or providing a more specific prompt.

Minimum Zoom Workplace app version

N/A

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • User prompt
  • Email draft
Outputs
  • Email draft
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Emails sent are stored in accordance with the customer’s retention settings with their email provider.

Smart compose

Write compelling event content when setting up an event including event description, session descriptions, speaker bios, lobby announcements, images, and more.

Minimum Zoom Workplace app version

N/A

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • User prompt
Outputs
  • Event content
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Event content will be publicly available in accordance with the customer’s configuration of Zoom Events settings, for up to two years.

Image generation

Generate unique images to use in your event.

Minimum Zoom Workplace app version

N/A

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • User prompt
Outputs
  • Event content
    • Stored in - customer’s provisioned data center

Customer retention controls and additional information

Event content will be publicly available in accordance with the customer’s configuration of Zoom Events settings, for up to two years.

Workspace Recommendations

Get recommendations on rooms, desks, and even days to come in to the office to better collaborate with your team.

Minimum Zoom Workplace app version

N/A

Zoom-hosted Models Only Eligible

Model Processing and Provider Storage Location

  • Zoom hosted models - customer’s provisioned data center
  • OpenAI - US
  • Anthropic - US

Feature inputs/outputs

Inputs
  • Past bookings
  • Zoom contacts
  • Upcoming meetings
  • User information
Outputs
  • Booking recommendation
    • Stored in - customer’s provisioned data center

Putting you in control of AI Companion capabilities

Zoom is committed to providing transparency and choice when it comes to enabling and using AI Companion features. Account administrators and users are provided with controls for AI Companion features. Zoom is continually working to enhance its platform and educate users on new features. Currently, users will see certain in-product notifications, which may be updated over time.

Account administrator controls

Account administrator controls

Administrators may enable or disable features for their entire account within the account settings page in the Admin Portal. For some features that are managed outside of the AI Companion tab, links are provided to the relevant settings.

  • Managing Meeting Transcript Usage
    Managing Meeting Transcript Usage

    Account owners and administrators can allow audio transcripts generated to provide AI Companion Meeting features to be used for other AI Companion features; for example, for generating content within Zoom Docs or asking meeting questions after a meeting ends. When this option is enabled, users will be able to view and delete these transcripts through the web portal. This setting is located under the “Recording & Transcript” and the “AI Companion” settings for your account. Transcripts are retained by default unless custom auto-deletion is set in the "Recordings" settings for your account.

     

    Note: If Zero Data Retention is enabled the transcript will not be available for use by other AI Companion features.

  • User feedback to Zoom for AI Companion

    If enabled, users will be able to send feedback on their experience with AI Companion, including free text feedback and, if selected, the prompt they sent to AI Companion. This information will be used to improve the product experience and not for model training.

Data Protection

Customer data, including customer content, is encrypted in transit between customers and Zoom, where supported by the user’s connection method and as stated in Zoom's support articles, between Zoom services, and between Zoom and its third-party subprocessors, including its third-party AI model providers (e.g., OpenAI and Anthropic), using Transport Layer Security (TLS) 1.2, as a minimum, or AES 256-bit GCM. Customer data, including customer content, that is either generated by or used to provide the AI Companion features, is encrypted at rest using a minimum Advanced Encryption Standard (AES) 256-bit encryption. Customers may supply their own encryption key for content stored by Zoom if they use Zoom Customer Managed Key (CMK). A current list of the types of assets supported by CMK can be found in the “Content protected by Customer Managed Key” support article. The AI Companion panel and Zoom Phone are currently not supported by CMK. 

Zoom’s access to customer data and content used to provide the AI Companion features is role-based and restricted based on least privilege, in accordance with Zoom’s access control policies and standards. Controls are in place to prevent Zoom employees from accessing customer content, including meeting, webinar, chat, or email content (specifically, audio, video, files, in-meeting whiteboards, messaging, or email content), or any content generated or shared as part of other collaborative features (such as out-of-meeting whiteboards), unless authorized by the account owner or administrator of the account hosting the Zoom product or service where the customer content was generated, or as required for legal, safety, or security reasons. Zoom’s access to customer data and content is logged and monitored for suspicious activity or unauthorized access. Zoom’s data access controls are assessed by independent audit firms where indicated in our security certifications and attestations, which are available to our customers on Zoom’s Trust Center.

Secure Development of Generative AI Features

Zoom’s secure software development lifecycle (SDLC) is a set of practices and processes designed to integrate security into each phase of the software development lifecycle. Zoom’s secure software development controls are assessed by independent audit firms as indicated in Zoom’s security certifications and attestations, which are available to customers on Zoom’s Trust Center. Zoom AI Companion features follow Zoom’s standard secure SDLC process, which includes the following:

Zoom’s Engineering Security team is engaged during the design phase when a feature is being conceptualized so that key security controls can be built into the requirements. Security design reviews, which include threat analysis, are performed to identify potential threats and mitigations. Zoom maintains vulnerability remediation standards governing the remediation or mitigation of security vulnerabilities identified during the security design review.

Peer code reviews are a key element of Zoom’s secure software development lifecycle and are enforced in Zoom’s software development platform. In addition to peer code reviews, high-risk areas identified during the security design review require secure code reviews. Where appropriate manual testing is also performed on a release by release basis.

Zoom utilizes static analysis security testing (SAST) tools to scan its source code for coding errors and common security vulnerabilities, including Open Web Application Security Project’s (OWASP) Top 10 and National Vulnerability Database (NVD). Zoom maintains vulnerability remediation standards governing the remediation or mitigation of security vulnerabilities identified through static analysis testing.

Zoom utilizes dynamic analysis security testing (DAST) tools to identify common security vulnerabilities, including OWASP’s Top 10 and NVD. Zoom maintains vulnerability remediation standards governing the remediation or mitigation of security vulnerabilities identified through dynamic analysis testing.

Where open source software (OSS) is used, the OSS package must undergo Zoom’s third-party code review process, which includes a set of OSS evaluation criteria and scanning for common security vulnerabilities. Zoom maintains vulnerability remediation standards governing the remediation or mitigation of security vulnerabilities identified through third-party OSS scanning tools.

Security approval is required for the deployment of new products and features, including AI Companion features. Zoom has a dedicated Release Security Assurance function responsible for scanning Zoom client builds prior to release. The final Zoom client build scans are designed to identify potential vulnerabilities or malicious content, and the build is digitally signed to maintain its integrity and authenticity.

Generative AI Model Security

In addition to the steps outlined in Zoom’s secure SDLC above, models hosted by Zoom are subject to security reviews to assess security threats specific to generative AI models. The generative AI model review includes commonly known LLM model vulnerabilities, in line with OWASP’s Top 10 for LLMs and other secure AI frameworks. Vulnerabilities identified in the generative AI security reviews must be remediated in accordance with Zoom’s vulnerability remediation standards.

Zoom’s third-party subprocessors are subject to security assessments on at least an annual basis as part of Zoom’s third-party risk management program. Zoom’s third-party risk management controls are assessed by independent audit firms as indicated in Zoom’s security certifications and attestations, which are available to customers on Zoom’s Trust Center.

Security Assessments

Zoom has a dedicated offensive security team that performs ongoing vulnerability research and red team exercises across Zoom’s platform, including for Zoom AI Companion features. In addition to Zoom’s dedicated offensive security team, penetration tests are performed by an independent third party on at least an annual basis.

Vulnerability Disclosure Program

Zoom believes that the independent security research community can provide key contributions to the security of Zoom’s products. Zoom maintains a vulnerability disclosure program as well as a Bug Bounty program through HackerOne that incentivizes security researchers to responsibly report potential security vulnerabilities so Zoom can fix them and keep its users safe.

AI Companion Compliance

Zoom’s AI Companion features adhere to the same security and compliance requirements as the primary Zoom products within which they are incorporated. AI Companion is ISO 27001, ISO 27701, and ISO 27017/18 certified and is also included within the scope of Zoom’s SOC 2 report, available on Zoom’s Trust Center.