01Trust Score

Zoom

Week 2026-W17 · 26 Apr 2026 Vendor-Neutral

30 /100 Significant Risk

▼ 20 pts ⚠

★ ★ ★ ★ ★

2.2/5 (3924)

↓ PDF Report

AUDITOR SUMMARY

Strength: Zoom offers a highly certified and feature-rich communication platform, including AI Companion, suitable for diverse enterprise collaboration needs.

Trust Score 30/100 EVALUATE

Est. Annual Cost $24,000/year for 100 users 100 users / yr

Top Risk MED Reliability Overall: High

Priority Action Negotiate DPA and data residency terms before signing ↓ PDF · TCO · Hardening

Enterprise Verdict

× Extended Due Diligence Required

Risk: High 50 sources

Key Strength

Detailed community analysis available in report body

Priority Action

Negotiate DPA and data residency terms before signing

Live Signals This Week

Detected by daily monitoring — captured outside the weekly scrape window.

Warning May 15, 2026

Scammers told victim to attend Zoom call with PM Wong & asked for 'urgent funding' for Strait of Hormuz - Mothership

1 signal(s) detected: funding

news.google.com

This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

Medium Reliability Community Data

Vendor viability score: 78/100. No community-reported outages or reliability incidents found in recent data.

Medium Cost Predictability Community Data

Vendor financial stability score: 78/100. Total funding raised: $157M. Enterprises should negotiate fixed-rate contracts and monitor pricing changes.

High Vendor Lock-in Community Data

Data export status unclear. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Source

Medium Data Privacy Community Data

Compliance score: 100/100. GDPR: dpa_available. Encryption at rest: yes.

Low Compliance Posture Community Data

SOC 2: type_ii. ISO 27001: certified. Overall compliance score: 100/100.

Medium AI Transparency Verified

No training on user data detected. Code ownership terms unclear. Legal/ToS risk score: 65/100.

Source

Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 71+ community data points

Verified Strength Low Detailed community analysis available in report body

Inferred from 71+ signals across GitHub, HackerNews, and community forums

03Security & Compliance

Security & Compliance

SOC 2 ✓ Certified

ISO 27001 ✓ Certified

GDPR ✓ DPA

HIPAA ✓ BAA

Data Security

Encryption (At Rest): AES-256

Encryption (In Transit): TLS 1.3

Security Features

⚠ MFA TOTP

✓ Vulnerability Disclosure

IT Hardening Guide

Critical Settings

Enforce SSO for all users

medium

Mandate Single Sign-On (SSO) for all enterprise users to centralize identity management and enforce corporate access policies.

Enable Waiting Rooms for all meetings

medium

Require all participants to enter a waiting room before joining a meeting, allowing hosts to vet attendees and prevent unauthorized access.

Disable file transfer in chat for external participants

medium

Restrict file sharing capabilities in chat for participants outside the organization to prevent data exfiltration.

Configure cloud recording retention policies

medium

Set specific retention periods for cloud recordings to comply with data governance and privacy regulations.

Review and restrict AI Companion features

medium

Assess and configure AI Companion settings, particularly for data usage in summaries and notes, to align with internal data privacy policies.

Deployment Checklist

Verify SSO integration with corporate Identity Provider (IdP) and enforce mandatory login. Configure data retention policies for all content types (recordings, chat logs, whiteboards) to meet compliance requirements. Obtain a signed Data Processing Addendum (DPA) with explicit clauses on data ownership, training opt-out, and exit procedures. Establish a regular cadence for reviewing audit logs and security reports within the Zoom admin portal. Implement network segmentation and firewall rules to restrict access to Zoom services based on corporate policy.

Last verified: 10 May 2026

Legal & IP Risk

IP Ownership

User Code: Not documented in public ToS

unknown

Training Data: Not documented in public ToS

unknown

Liability & Indemnification

IP Indemnification: Not documented in public ToS

unknown

Liability Cap: Not documented in public ToS

unknown

Exit Terms

📤

Data Export Opaque Data Lifecycle. The policy buyers may want to verify availability of specific commitments on data export formats and mechanisms upon contract termination, posing a vendor lock-in risk. Request a written DPA before deployment.

unknown

🗑️

Deletion Opaque Data Lifecycle. The policy buyers may want to verify availability of specific retention timeframes and automated deletion commitments, posing a compliance risk for GDPR/CCPA regulated entities. Request a written DPA before deployment.

unknown

ToS Red Flags

Critical

Exposes enterprise data to potential use in AI model training without clear consent, posing significant privacy and IP risks. Requires explicit DPA clauses.

High

Ambiguity over who owns content created using the platform can lead to legal disputes and restricts enterprise use of derived intellectual property.

High

Lack of clear indemnification leaves the enterprise exposed to third-party IP infringement claims arising from the vendor's product or services.

High

Unspecified data export formats and deletion timelines create vendor lock-in and complicate compliance with data retention and deletion regulations (e.g., GDPR, CCPA).

High

Absence of a clear liability cap increases the financial exposure of the enterprise in case of vendor negligence, data breaches, or service failures.

Legal Risk Score:

65/100

Data & Migration Lock-in Risk

Risk Level High

Data Portability Not documented by vendor

Switching Cost Estimate 3-6 months of effort for a 100-user organization, including data migration, workflow re-establishment, and user training.

Lock-in Factors

Proprietary data formats for certain content (e.g., whiteboards, notes).
Deep integration into daily workflows, creating user habituation.
Lack of explicit data export guarantees and deletion timelines in public terms.
Reliance on Zoom Phone and Contact Center features that may not have direct equivalents in alternative platforms.

The exit migration risk is high due to opaque data lifecycle policies and the deep integration of Zoom into enterprise workflows. The absence of clear data portability guarantees and deletion timelines creates significant friction and cost for switching to an alternative vendor. Enterprises should negotiate explicit terms for data export and transition assistance.

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

📄 Data Processing Agreement Available

View DPA ↗

A Data Processing Addendum (DPA) is available, which is critical for GDPR compliance. It should be reviewed for specific clauses on data ownership, sub-processor management, and cross-border data transfer mechanisms (e.g., SCCs).

🌐 Data Residency Customer-Controlled

Default: US (inferred)

USEUAPAC

Zoom offers data residency options in multiple regions, including the EU, which is crucial for GDPR compliance. Enterprise customers typically have control over where their data is hosted. However, specific details on data flow to sub-processors and cross-border transfer mechanisms should be verified in the DPA.

⚠️ Contract Risk High Lock-in (75/100)

Data export on exit: No ⚠

⚠ 5 contract risk flags — click to review

⚠ Undisclosed AI training data policy

⚠ Unclear IP ownership for user-generated content

⚠ No publicly disclosed IP indemnification

⚠ Opaque data export and deletion policies

⚠ Undisclosed liability caps

The contract risk is high, primarily due to significant transparency gaps in the public terms of service. The lack of explicit clauses on AI training data, IP ownership, indemnification, liability caps, and data portability creates a strong vendor lock-in scenario and exposes the enterprise to unquantified legal and operational risks. Procurement must negotiate specific, favorable terms.

New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

04Community Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week.

Recurring Issues

fix: zoom peristence 🟠 Community 13 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 13 comments.

Sources: GitHub

fix(zoom): correct stacked bar-x/bar-y/area rendering under xy zoom 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub

Mejoras UI: scroll zoom mapa, imágenes completas y buscador de ubicación 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub

Project labels, Rudyard question, sharper portrait zoom 🟠 Community 1 mentions low → Stable

Enterprise Impact: Reported by community on GitHub with 1 comments.

Sources: GitHub

Asahi Linux Progress Linux 7.0 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Clay PCB Tutorial 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Source Highlights This Week

Specific signals from GitHub, Hacker News, and Reddit — what the community is actually saying

👀

Analysis Pending

Community signals collected this week. Analysis and synthesis will be available in the next report update.

🔗 GitHub Issues & PRs

fix: zoom peristence

13 comments Bug 13 comments — high community engagement

fix(zoom): correct stacked bar-x/bar-y/area rendering under xy zoom

3 comments Bug 3 comments — high community engagement

Mejoras UI: scroll zoom mapa, imágenes completas y buscador de ubicación

3 comments Discussion 3 comments — high community engagement

🔥 Hacker News

Asahi Linux Progress Linux 7.0

Story Score 0 — active HN discussion

Clay PCB Tutorial

Story Score 0 — active HN discussion

Email could have been X.400 times better

Story Score 0 — active HN discussion

💬 Reddit

FIX for reCAPTCH verification failed on Chromebook

r/Zoom

"Join the r/Zoom discord at **https://discord.gg/QBQbxHS9xZ** *I am a bot, and this action was performed automatically." Does anyone have access to Realistic Avatars which was apparently shipped in March?

r/Zoom

"Yes I did see that, but I was hoping someone would have some real world experience using it or there would be a demo of " Zoom SMS - trouble sending texts to certain clients?

r/Zoom

"If it helps to know, my throughput says “AT&T: 75 msg/min/number. T-mobile: 2000 msg/day”"

05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Pricing Not Available

Enterprise pricing information could not be obtained for this vendor. This may be due to custom/private pricing models or limited publicly available data.

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

Zoom

Enterprise Verdict

Live Signals This Week

Risk Assessment

Due Diligence Alerts

Security & Compliance

Data Security

Security Features

IT Hardening Guide

Critical Settings

Deployment Checklist

Legal & IP Risk

IP Ownership

Liability & Indemnification

Exit Terms

ToS Red Flags

Data & Migration Lock-in Risk

Enterprise Contract Intelligence

Community Evidence

Source Highlights This Week

Analysis Pending

Financial Impact Panel

TCO Calculator

Pricing Not Available

Download PDF Report