The statement authorizes sharing of personal data, potentially including meeting content and user information, with third-party applications connected through the Zoom App Marketplace or API integrations when enabled by the user or account administrator. Zoom states that data shared with these third parties is then governed by the third party's own privacy policies rather than Zoom's statement.
This analysis describes what Zoom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that enabling third-party integrations creates a separate data relationship governed outside Zoom's privacy framework. For enterprise accounts, administrators enabling Marketplace apps on behalf of an organization are authorizing data flows that Zoom's own privacy protections do not cover, requiring independent vendor assessment for each integration.
This new provision clarifies data sharing practices for third-party integrations, which is increasingly important as Zoom's ecosystem of connected apps expands.
View full change record →The agreement establishes that when third-party apps are enabled by a user or administrator, Zoom may share personal data with those applications, and data handling by those apps is governed by their own terms rather than Zoom's privacy statement. Individual users in accounts managed by an employer or institution may have third-party integrations enabled on their behalf by administrators without individual consent.
How other platforms handle this
With your permission, we may also receive data from your mobile device's health app (like Apple HealthKit or Google Health Connect), including hours of sleep and sleep goals. However, we do not infer any health-related characteristics from this information and only process it consistent with the pur...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Zoom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you or your account administrator enable third-party apps or integrations, we may share personal data with those third parties. The use of such data by third parties is governed by their own privacy policies.— Excerpt from Zoom's Zoom Privacy Statement
1. REGULATORY LANDSCAPE: Third-party data sharing provisions engage GDPR Article 28 (processor agreements) and Article 26 (joint controller arrangements) depending on the role of the third-party app. For California users, CCPA requires disclosure of categories of third parties with whom personal information is shared. In education contexts, FERPA may be implicated if student data flows to third-party apps through Zoom integrations. 2. GOVERNANCE EXPOSURE: High. The provision that third-party app data use is governed by third-party policies rather than Zoom's statement creates a compliance gap for organizations that assume Zoom's data protections extend to all platform integrations. This is particularly significant for regulated industries where data processing by third parties requires documented compliance verification. 3. JURISDICTION FLAGS: EU and EEA customers must ensure that third-party apps receiving personal data have adequate data processing agreements in place and that international data transfers comply with GDPR Chapter V requirements. California residents retain CCPA rights to know which categories of third parties receive their data. Illinois organizations should assess whether any integrated apps process biometric data. 4. CONTRACT AND VENDOR IMPLICATIONS: Procurement and compliance teams should maintain a registry of Zoom Marketplace apps enabled within their organization and conduct independent privacy and security assessments of each integration. Zoom's data processing agreement likely does not extend liability or compliance obligations to third-party apps, meaning organizations bear independent responsibility for those data flows. 5. COMPLIANCE CONSIDERATIONS: Organizations should implement administrative controls limiting which Zoom Marketplace apps can be enabled by individual users, reserve app enablement to vetted IT or procurement approval processes, and include third-party Zoom integrations in their annual vendor assessment cycles.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that enabling third-party integrations creates a separate data relationship governed outside Zoom's privacy framework. For enterprise accounts, administrators enabling Marketplace apps on behalf of an organization are authorizing data flows that Zoom's own privacy protections do not cover, requiring independent vendor assessment for each integration.
The agreement establishes that when third-party apps are enabled by a user or administrator, Zoom may share personal data with those applications, and data handling by those apps is governed by their own terms rather than Zoom's privacy statement. Individual users in accounts managed by an employer or institution may have third-party integrations enabled on their behalf by administrators without …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zoom.