Zoom · Zoom Sub-Processors · View original document ↗

Zoom Affiliates as Data Processors

Medium severity Medium confidence Explicitdocumentlanguage Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Zoom recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Zoom Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

In addition to third-party vendors, the document discloses Zoom-affiliated entities that act as processors of customer data, identifying the corporate group members through which Zoom delivers its services and within which customer data may flow.

This analysis describes what Zoom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The inclusion of Zoom affiliates alongside third-party subprocessors is relevant for GDPR intra-group data transfer analysis, as transfers between Zoom's corporate group entities located in different jurisdictions require the same transfer safeguards as transfers to independent third parties unless a specific intra-group arrangement such as Binding Corporate Rules is in place. Customers should assess whether their Data Processing Agreement covers intra-group transfers as well as third-party subprocessing.

Interpretive note: The document identifies Zoom affiliates as processors but does not specify which affiliates are located in which jurisdictions, making it difficult to fully assess intra-group transfer requirements without additional information.

Consumer impact (what this means for users)

Customer data may be processed by Zoom-affiliated entities in addition to third-party subprocessors, as disclosed in this document. Intra-group transfers between Zoom entities in different jurisdictions are subject to the same GDPR Chapter V transfer restrictions as transfers to independent third-party subprocessors.

Cross-platform context

See how other platforms handle Zoom Affiliates as Data Processors and similar clauses.

Compare across platforms →

Monitoring

Zoom has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
A subprocessor is a vendor Zoom uses to process data on behalf of our customers.

— Excerpt from Zoom's Zoom Sub-Processors

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1. REGULATORY LANDSCAPE: Intra-group data transfers between entities in different jurisdictions engage GDPR Chapter V and may require Standard Contractual Clauses or other approved mechanisms even where both entities are part of the same corporate group, unless Binding Corporate Rules are in place. The UK GDPR imposes analogous requirements. Enforcement authorities include EU supervisory authorities and the UK ICO. 2. GOVERNANCE EXPOSURE: Medium. Organizations relying on Zoom for processing of EU or UK personal data should confirm that intra-group transfers between Zoom affiliates are covered by appropriate transfer mechanisms documented in the Data Processing Agreement or in supplementary transfer documentation. 3. JURISDICTION FLAGS: EU and EEA customers face direct exposure under GDPR Chapter V for intra-group transfers to Zoom entities outside the EEA, particularly to Zoom's US parent. UK customers face equivalent obligations. Swiss customers should assess compliance with the revised Swiss Federal Act on Data Protection. 4. CONTRACT AND VENDOR IMPLICATIONS: Data Processing Agreement review should confirm whether Zoom's affiliates are specifically listed as authorized subprocessors and whether the agreement addresses intra-group transfer mechanisms. Procurement teams should request confirmation of whether Standard Contractual Clauses or Binding Corporate Rules cover intra-group processing. 5. COMPLIANCE CONSIDERATIONS: Article 30 records and transfer impact assessments should reflect intra-group processing by Zoom affiliates. Organizations should assess whether their privacy notices accurately disclose international transfers to Zoom's corporate group entities.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has jurisdiction over representations made by US-based companies regarding intra-corporate data sharing and processing practices affecting consumers and business customers
    File a complaint →

Provision details

Document information
Document
Zoom Sub-Processors
Entity
Zoom
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013434
Document ID
CA-D-00930
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
8fd5028a6a70d970b01aff7e574b1ac598f580f953416e9617e7464c57820321
Analysis generated
July 6, 2026 23:07 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Zoom
Document: Zoom Sub-Processors
Record ID: CA-P-013434
Captured: 2026-07-06 23:07:54 UTC
SHA-256: 8fd5028a6a70d970…
URL: https://conductatlas.com/platform/zoom/zoom-sub-processors/zoom-affiliates-as-data-processors/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Zoom's Zoom Affiliates as Data Processors clause do?

The inclusion of Zoom affiliates alongside third-party subprocessors is relevant for GDPR intra-group data transfer analysis, as transfers between Zoom's corporate group entities located in different jurisdictions require the same transfer safeguards as transfers to independent third parties unless a specific intra-group arrangement such as Binding Corporate Rules is in place. Customers should assess whether their Data Processing Agreement covers …

How does this clause affect you?

Customer data may be processed by Zoom-affiliated entities in addition to third-party subprocessors, as disclosed in this document. Intra-group transfers between Zoom entities in different jurisdictions are subject to the same GDPR Chapter V transfer restrictions as transfers to independent third-party subprocessors.

Is ConductAtlas affiliated with Zoom?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zoom.