Content protected by Customer Managed Key
Each organization can decide what types of assets get encrypted with their key when stored permanently in the cloud. The list of potential assets depends on what Zoom services the organization uses. For example, If cloud meeting recordings are enabled and the meeting organizer is a licensed CMK user and records the meeting, the associated files are encrypted, even if some of the meeting attendees are not CMK users. While most services follow the same approach, there are some specifics which apply to certain services as described in the following list (with their Service ID as it appears in the encryption context).
If you enable an AI Companion feature and enable CMK encryption for a related type of asset, then Zoom will encrypt all related assets including the AI generated ones, but if the feature uses a third-party model provider, that provider may only encrypt the data they receive with regular encryption.
Note: Associated metadata, such as used for searching of assets unrelated to Team Chat, may not be encrypted with the customer’s key.
- Meeting/webinar recordings (1)
Cloud meeting and webinar recordings including transcripts, summaries, and next steps can be encrypted along with in-chat text messages. Polls (Q&A, surveys and reports) and in-meeting file transfers are not encrypted. - Clips (10)
Video clip and associated comments can be encrypted. - Whiteboards (11)
Whiteboards (drawings, text, pictures and comments) from licensed users can be encrypted. - Phone recordings (2)
Phone recordings, transcripts, and summaries can be encrypted not only from individual (licensed) users, but also all call queues. - Phone voicemails (3)
Voicemail recordings, transcripts and summaries can be encrypted not only from individual (licensed) users, but also all call queues. - Compliance archives (6)
If compliance archival is enabled, meetings, webinar, phone recordings and in-chat messages can be encrypted. - Phone MMS messages (9)
MMS (multimedia messaging service) including text, pictures and video can be encrypted. - User calendar access (4)
The token or password the Zoom client uses to access Google or Microsoft calendaring can be encrypted. - Zoom Room calendar access (5)
The token or password Zoom Room uses to access Google or Microsoft calendaring is encrypted. - Other access (7)
Other access tokens such as for Microsoft Teams can be encrypted. - Team Chat (8)
All messages, files, emojis, and attachments can be encrypted if any member of the channel or chat is a CMK-licensed user unless Advanced Chat Encryption is enabled. Reaction emojis and giphys (and the associated URLs) will not be encrypted, as they are static resources. Code snippets are encrypted if the creator is a CMK-licensed user. Chats between two users of different organizations will be encrypted with both organization's keys if both users have licensed CMK. If only one person is a CMK-licensed user, a Zoom provided key will be used for the non-licensed user. An encrypted channel is encrypted using the owner's key even if external participation is allowed. - Revenue Accelerator (12)
Analytical data such as thumbnails, OCR data, transcript, meeting highlights, and certain AI generated data. - Events (13)
Meetings/Webinar, Uploads to Content Library - Contact Center
Video or voice recordings/transcripts (14)
Voicemails and voicemail transcripts (15)
Messaging transcripts (16) except attachments from social channels and SMS
Note: Email channel is not supported (yet). - Notes (17)
Note content - Docs (18)
Document content - AI Companion
Conversations in the AI Companion panel (19)
File history (20)
Email history (21) - Personal Identifiers (9999)
Pictures used for Smart Name Tags in Zoom Rooms as well as other personal identifiers.
Note: This category does not need to be enabled, the data is CMK-encrypted for the whole account regardless on whether a user has licensed CMK or not.
Large organizations can also enable the encryption of certain index data used for searching when it is stored at rest.