All Marketplace app developers must comply with users’ preferences on how their data should be handled.
The Zoom Data Compliance requires you to:
- Monitor your app’s deauthorization event webhook which is sent to the app’s Deauthorization Endpoint URL shortly after a user uninstalls your app.
- Retain user’s data post app-uninstallation only if the user specifies to do so.
If a user chooses to uninstall or deauthorize your app, Zoom will send a deauthorization event notification to your application’s Deauthorization Endpoint URL similar to the one shown below:
This event informs the developer about the user’s decision when the user completes the uninstallation or deauthorization process. If you selected to publish your app on the Zoom App Marketplace, you can find the deauthorization endpoint URL by logging in and going to Manage > Created Apps > YourApp > Information.
The payload of the deauthorization webhook event includes a property named
user_data_retention which indicates the Zoom users’ preference about how you should handle their data which resides in your data stores in accordance with the Zoom Marketplace Developer Agreement.
If the value of
user_data_retention is TRUE, it means that the user has granted you permission to retain their data beyond the ten days period stated in the Zoom App Marketplace Developer Agreement.
A FALSE value indicates that the user wants you to delete their data after app uninstallation.