As part of our continual efforts to protect our users’ privacy, Zoom is requiring all developers to provide a new attestation as to how user data is processed. This information will need to be updated in your app/integration’s technical design document (TDD). To assist with these updates, Zoom has created a new embedded TDD form that includes these new data privacy questions.
Why do I have to answer these data privacy questions?
Zoom takes privacy and user data protection very seriously. Teams around the world use the Zoom platform for working, connecting, learning, providing healthcare, delivering services, and hosting events. We are committed to being transparent about how we collect and use data and it is important that 3rd-party apps on the Zoom App Marketplace have appropriate standards for what user data they collect, save, and procedures for how this data will be used.
Do I need to consult a lawyer about any of this?
These questions are related to how your application handles user data. Zoom’s Technical Design Document is not intended as legal advice. We encourage all developers to seek counsel as needed regarding their own data privacy requirements under applicable laws in the jurisdictions in which they make their applications available.
My privacy policies and documentation are internal documents that are confidential. Do I really need to share this?
Your internal documents will remain confidential and are only used to review and demonstrate your app's security posture for Marketplace. If you have concerns, please reach out to email@example.com to begin the process of acquiring an NDA.
I answered some questions about privacy policies in my previous TDD. Can’t this apply here?
To the extent previous answers remain accurate and answer these questions fully, you may copy those answers into the updated TDD. We recommend that you review all previous answers and update and/or supplement them as appropriate.
Is it possible to get my Zoom App approved, if I say No to any of the TDD or privacy questions?
The most important thing is for the developer to provide accurate information about how its app functions, particularly how it processes and secures user data. In some cases, you are given an opportunity to provide an explanation with your response. Our App review team will review your responses and may request additional information or provide feedback on issues that need to be resolved prior to publication.
Ultimately, the weight of the Technical Design Document attestation and evidence depends on whether or not you’re submitting the app to our Marketplace or you’re applying for a Publishable URL (Beta).
A Publishable URL (Beta) requires submission of documentation outlined in the TDD, however a standard Marketplace publication will use these documents as optional supporting evidence. The security review process is holistic given your apps overall security posture, additional specific feedback will be given to your submission once submitted.
Who do I contact if I have questions about this?
You can contact us at firstname.lastname@example.org.
Can I get an exemption?
There will no exemptions from this policy.