Content protected by Customer Managed Key

Each organization can decide what types of assets get encrypted with their key when stored permanently in the cloud. The list of potential assets depends on what Zoom services the organization uses. For example, If cloud meeting recordings are enabled and the meeting organizer is a licensed CMK user and records the meeting, the associated files are encrypted, even if some of the meeting attendees are not CMK users. While most services follow the same approach, there are some specifics which apply to certain services as described in the following list (with their Service ID as it appears in the encryption context).

If you enable an AI Companion feature and enable CMK encryption for a related type of asset, then Zoom will encrypt all related assets (phone support is coming soon) including the AI generated ones, but if the feature uses a third-party model provider, that provider may only encrypt the data they receive with regular encryption.

Note: Associated metadata, such as used for searching of assets unrelated to Team Chat, may not be encrypted with the customer’s key.


If you have enabled CMK encryption of Team Chat messages, you can also enable the encryption of the data used for searching within Team Chat when it is stored at rest.