Data Compliance

All Marketplace app developers must comply with users’ preferences on how their data should be handled.

The Zoom Data Compliance requires you to:

  1. Monitor your app’s deauthorization event webhook which is sent to the app’s Deauthorization Endpoint URL shortly after a user uninstalls your app.
  2. Retain user’s data post app-uninstallation only if the user specifies to do so.

App Deauthorization

If a user chooses to uninstall or deauthorize your app, Zoom will send a deauthorization event notification to your application’s Deauthorization Endpoint URL similar to the one shown below:

App Deauthorization Event
object
event
string

Event type.

1 validation
payload
object

This event informs the developer about the user’s decision when the user completes the uninstallation or deauthorization process. If you selected to publish your app on the Zoom App Marketplace, you can find the deauthorization endpoint URL by logging in and going to Manage > Created Apps > YourApp > Information.

Data Retention

The payload of the deauthorization webhook event includes a property named user_data_retention which indicates the Zoom users’ preference about how you should handle their data which resides in your data stores in accordance with the Zoom Marketplace Developer Agreement.

If the value of user_data_retention is TRUE, it means that the user has granted you permission to retain their data beyond the ten days period stated in the Zoom App Marketplace Developer Agreement.

A FALSE value indicates that the user wants you to delete their data after app uninstallation.