As with various Zoom data such as recordings, Customer Managed Key allows for encryption of chat messages at rest.
For additional communication privacy, an account admin can enable client level chat encryption. This feature is called Advanced CMK Chat Encryption (ACCE). Once enabled, chat messages are encrypted on the app using 256-bit AES using data keys managed by CMK before they are uploaded to the Zoom Cloud Platform.
For even higher communication privacy an organization can deploy their own on-prem CMK Hybrid module to manage their own data encryption keys using a separate master key called hybrid key. The app can then obtain data keys from CMK Hybrid servers for client-side encryption (CSE) before uploading messages to the Zoom Cloud Platform. CSE is only available for internal communication.
The legacy Advanced Chat Encryption (ACE) method provides functionality comparable to CSE using keys exchanged between the participating devices. Unlike CSE it requires that the participating devices can communicate with each other.
While increasing communication privacy, ACCE, CSE and ACE reduce some chat functionality, such as AI Companion, message previews, message translation, setting message reminders, and scheduling a meeting from a group chat. With ACCE and ASE an account admin can still see chat history unlike with ACE. Any client level encryption cannot be combined with continuous meeting chat.