Data Compliance

All Marketplace app developers must comply with users’ preferences on how their data should be handled.

The Zoom Data Compliance requires you to:

  1. Monitor your app’s deauthorization event webhook which is sent to the app’s Deauthorization Endpoint URL shortly after a user uninstalls your app.
  2. Retain user’s data post app-uninstallation only if the user specifies to do so.
  3. Inform Zoom that you complied with the requirements by calling the Data Compliance API.

App Deauthorization

If a user chooses to uninstall or deauthorize your app, Zoom will send a deauthorization event notification to your application’s Deauthorization Endpoint URL similar to the one shown below:

App Deauthorization Event

Event type.

1 validation

This event informs the developer about the user’s decision when the user completes the uninstallation or deauthorization process. You can find the deauthorization endpoint URL that you had set up for your app by logging into Marketplace and going to Manage > Created Apps > YourApp > Information.

Data Retention

The payload of the deauthorization webhook event includes a property named user_data_retention which indicates the Zoom users’ preference about how you should handle their data which resides in your data stores in accordance with the Zoom Marketplace Developer Agreement.

If the value of user_data_retention is TRUE, it means that the user has granted you permission to retain their data beyond the ten days period stated in the Zoom App Marketplace Developer Agreement. In this case, you do not have to call the Data Compliance API.

A FALSE value indicates that the user wants you to honor Zoom’s Agreement, and delete their data within ten days of app uninstallation. Next, you need to call the Data Compliance API to notify Zoom about the data deletion.

Notify Zoom of Data Compliance

After deleting a user’s data, you must notify Zoom of doing so by making an HTTP POST request to our Data Compliance API through /oauth/data/compliance endpoint. You must do this within ten days of app uninstallation by the user.

Example Data Compliance Post Request in cURL

curl -X POST \ \
  -H 'Authorization: Basic TERaOXMwYlRXbVBPVWx2Q1UwVV93OlFwWTBRU253TmIzN0JrVzBXS2FSemUxWnM5b1Z4eEpr' \
  -H 'Content-Type: application/json' \
  -H 'cache-control: no-cache' \
  -d '{
  "client_id": "ABcDefGHIj12A",
  "user_id": "a8yCxjayaSiw02igC8p8l0",
  "account_id": "abcdEfghIJklMn00",
  "deauthorization_event_received": {
   "user_data_retention": "false",
        "account_id": "abcdEfghIJklMn00",
        "user_id": "a8yCxjayaSiw02igC8p8l0",
        "signature": "85f9dd5684aecfa97h7bc86b7edc345204467f2jfj4df1b290093cf73fd1e6b00",
        "deauthorization_time": "2019-06-17T13:52:28.632Z",
        "client_id": "ABcDefGHIj12A"
  "compliance_completed": true

A 200 OK response will indicate that you have successfully notified Zoom of being in compliance. After making a successful request, no further action is required on your end.

Need help?

The first place to look is on our Developer Forum. If you can't find the answer or your request includes sensitive information, contact Developer Support.