5 Total
0 High severity
5 Medium severity
0 Low severity
Summary

This is Zoom's public disclosure of the third-party companies and Zoom-affiliated entities that process customer data in connection with Zoom's services. The document identifies each subprocessor by name, the processing purpose, and the country or region where data processing occurs, covering infrastructure, support, analytics, security, and AI functions. Zoom states that customers who have signed a Data Processing Agreement with Zoom may be entitled to object to new subprocessors through a notification and objection process described in that agreement.

Technical / Legal Breakdown

This document is Zoom's Third-Party Subprocessors and Zoom Affiliates list, published on Zoom's trust portal, which discloses the vendors and Zoom-affiliated entities that process personal data on behalf of Zoom's customers, operating under Zoom's customer data processing agreements and applicable data protection law including GDPR. The document states that Zoom engages subprocessors to assist in delivering its services and that each subprocessor is bound by obligations no less protective than those Zoom commits to customers under its Data Processing Agreement. The list identifies subprocessors by name, purpose, and data processing location, covering categories including cloud infrastructure, customer support tooling, analytics, security operations, and AI-related processing, with processing locations spanning the United States, European Union, and other regions. This disclosure structure engages GDPR Article 28 requirements governing controller-to-processor and processor-to-subprocessor relationships, as well as analogous obligations under the UK GDPR, the Swiss Federal Act on Data Protection, and various state-level privacy frameworks including the California Consumer Privacy Act. Organizations subject to GDPR or UK GDPR that rely on Zoom as a processor should evaluate whether this list and its update notification mechanism satisfy their own downstream subprocessor management obligations, including whether contractual objection rights are operationally preserved.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Get Compliance
Medium — 5 provisions

Monitoring

Zoom has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Get Compliance

Cross-platform context

See how other platforms handle AI-Function Subprocessor Inclusion and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

BIPA
Illinois, USA
View official text ↗
CCPA/CPRA
California, USA
View official text ↗
Connecticut Data Privacy Act Amendments
US-CT
View official text ↗
CAN-SPAM
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
Indiana Consumer Data Protection Act
US-IN
View official text ↗
Kentucky Consumer Data Protection Act
US-KY
View official text ↗
UK GDPR
United Kingdom
View official text ↗
Universal Opt-Out Mechanism Expansion 2026
US
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured July 6, 2026 22:44 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000930
Version ID CA-V-004528
SHA-256 144798ca3a98501441f47060f315ea5ef2278a02e7cf3920b5f7e32307047e01
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans