Plain-English risk rating: 2 of 5
Zoom AI Companion has one of the better privacy postures among Embedded Productivity AI products as of mid-2026, but this conclusion rests on Zoom's published commitments after a substantial reputational scar. In August 2023, Zoom's terms of service were updated with language that appeared to grant Zoom rights to train AI models on customer audio, video, and chat content. The Verge and ABC News coverage triggered immediate backlash; within weeks, Zoom revised the language and committed publicly that "Zoom does not use any customer audio, video, chat, screen sharing, attachments, or other communications-like customer content (such as poll results, whiteboard, and reactions) to train Zoom's or its third-party artificial intelligence models."
As of mid-2026, that commitment has been maintained and is referenced consistently across Zoom's AI documentation. The risk picture is dominated less by training defaults and more by (a) the breadth of meeting content Zoom captures, (b) the deployment-option choice between Zoom-only models and Zoom + third-party models, and (c) Zoom's broader breach history affecting the platform underneath AI Companion.
Recommended for
- Sole proprietor: AI Companion is included at no additional cost with eligible paid Zoom plans. Acceptable for general meeting summaries and transcript generation. Disclose to meeting attendees that AI Companion is enabled before the meeting starts — this is both ethical practice and may be legally required in two-party-consent jurisdictions for recorded content.
- Small team (2-10 people): Zoom Workplace Pro or Business with AI Companion. Configure the deployment option (ZMO, ZM+, or Federated) based on your data residency and provider preferences — Zoom-only Models (ZMO) is the most privacy-conservative.
- Regulated industry: Zoom for Healthcare (with BAA), Zoom for Government (FedRAMP authorised), or Zoom Workplace Enterprise with EU Data Boundary configuration. Disable AI Companion for any meeting involving PHI or other regulated data unless your contracted Zoom configuration includes appropriate safeguards.
- The honest answer for most 1-10 employee businesses using Zoom: AI Companion is included with your existing paid plan and the privacy posture is genuinely strong. The right practice is: enable it, configure the deployment option deliberately (default to ZMO if your team does not need the additional models), and add a one-line disclosure to meeting invites that AI Companion is active.
Data retention default
- AI Companion meeting summaries: Stored per host's account; retention configurable
- Smart Recording transcripts: Standard Zoom recording retention applies
- Model provider retention: 30-day retention by third-party AI subprocessors after the service is provided (for non-Zoom-hosted Model deployments). Zoom-only Models (ZMO) does not involve third-party retention.
- Customer content used by AI Companion features: Used only to provide the service; not used for training
- Account-level controls: Admins can configure which AI Companion features are available per account, group, or user
Training opt-out
NO TRAINING ON CUSTOMER COMMUNICATIONS CONTENT BY DEFAULT. Zoom's public commitment since the August 2023 policy clarification: no customer audio, video, chat, screen sharing, attachments, or other communications-like content used to train Zoom's or third-party AI models.
The commitment applies to both Zoom's own AI models and the third-party model providers (Anthropic via AWS Bedrock for ZM+ deployments, OpenAI for some features) under Zoom's contractual arrangements with them.
Feedback prompts opt-in: If users send feedback on AI Companion experiences, the feedback content (including the prompt sent) may be used to improve the product experience but not for model training. This is opt-in per feedback submission.
Zero Data Retention availability
- Zoom-only Models (ZMO): Most privacy-conservative deployment option; no third-party processing
- Zoom-hosted Models Plus (ZM+): Adds Anthropic Claude via AWS Bedrock under Zoom's existing cloud arrangements; processing stays under Zoom's technical control
- Federated: Third-party models accessed directly; standard 30-day retention applies
- Customers can reach Zoom support to select their preferred deployment option based on data residency and compliance requirements
Plan tiers and pricing (as of early 2026)
| Tier | Price (USD) | AI Companion included? | Suitable for |
|---|---|---|---|
| Basic (Free) | $0 | No | Personal use; 40-minute meeting cap |
| Pro | $15.99/host/month | Yes — included | Sole proprietors and very small teams |
| Business | $21.99/host/month | Yes — included | Small teams; minimum 10 hosts |
| Business Plus | $26.99/host/month | Yes — included | Teams needing whiteboard, translated captions |
| Enterprise | Custom | Yes — included; admin controls | Larger orgs needing SSO, advanced compliance |
| Zoom for Healthcare | Custom | Yes — with BAA | HIPAA-covered workflows |
| Zoom for Government | Custom | Yes — FedRAMP authorised | US government and contractors |
Notable: AI Companion is bundled into eligible paid plans rather than sold as a per-seat add-on. This is a meaningful structural difference from Microsoft 365 Copilot (which is a $30/user/month add-on).
Jurisdiction
- Primary processor: Zoom Video Communications, Inc., San Jose, California, USA
- Cloud infrastructure: Multi-cloud (AWS, Oracle Cloud Infrastructure, Microsoft Azure, Google Cloud)
- Third-party AI subprocessors: Anthropic (via AWS Bedrock), OpenAI for certain features
- EU Data Boundary available for qualifying customers
- Zoom for Government runs on AWS GovCloud with FedRAMP Moderate authorisation
Breach history (public incidents)
August 2023 — Terms of Service language controversy and reversal
The initial August 2023 ToS update included language broad enough to suggest Zoom could train AI on customer audio, video, and chat content. The Verge and ABC News covered the change; within weeks, Zoom reversed and committed publicly that no customer communications content would be used for training. The incident is more relevant as a transparency case study than as a breach — it demonstrates how easily privacy-relevant terms can shift and how few users actually read updates.
Sources: ABC News (August 2023); All About Cookies analysis; Basil AI policy review (February 2026)
Note on broader Zoom platform breach history: The April 2020 "Zoombombing" wave and the routinely-uncovered vulnerabilities in Zoom client software during 2020-2022 are the baseline platform context. Zoom has substantially invested in security since (Bug Bounty Program, end-to-end encryption for meetings, multi-cloud regional residency), and the 2023-2026 period has been notably quieter for Zoom-specific platform incidents. The risk picture for Zoom AI Companion is dominated by ordinary Zoom-account-compromise risk amplified by AI summarisation — a compromised Zoom account now exposes both the call history and the AI-generated summaries.
Note on prompt-injection in transcripts: As Zoom AI Companion processes meeting content, the same class of indirect prompt injection that affected Microsoft 365 Copilot (EchoLeak) applies in principle. A meeting participant could craft spoken content designed to manipulate AI Companion's summary or follow-up actions. We are not aware of a publicly-disclosed Zoom-specific exploit of this class as of May 2026, but the category-level risk is present.
What this means in plain English for SMB owners
Three honest takeaways:
- Zoom AI Companion is included with your existing paid plan and the privacy posture is genuinely better than most embedded AI products. No additional per-user cost, no training on your content by default, and a deliberate deployment-option architecture that lets you choose data residency.
- The August 2023 ToS incident is the reason to take Zoom's published commitments seriously rather than blindly. A vendor that has been publicly caught with overly-permissive language and reversed it under scrutiny is, in practice, more likely to be careful about future updates than one that has never been tested. But the same vendor could quietly update terms again — watch for material changes.
- Disclose AI Companion to meeting attendees before the meeting starts. This is both ethical practice and may be legally required in two-party-consent jurisdictions (California, Washington, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, plus the EU under GDPR) when recordings or transcripts are generated. A one-line disclosure in the meeting invite suffices.
Sources
- Zoom AI Companion Security and Privacy: https://www.zoom.com/en/products/ai-assistant/resources/privacy-security/ (verified 2026-05-24)
- Zoom AI Companion data residency options blog: https://www.zoom.com/en/blog/ai-companion-data-residency-options/ (March 2026)
- Zoom AI Companion for Contact Center privacy: https://www.zoom.com/en/products/ai-assistant/resources/privacy-security/zoom-contact-center/ (verified 2026-05-24)
- ABC News: Zoom reverses policy about using customer data for AI training (August 2023)
- Basil AI: Zoom AI Companion Privacy Policy review (February 2026)
- University of Colorado Anschutz: Zoom AI Companion Security Features (educational institution deployment guide)
- All About Cookies: Zoom AI Training analysis (September 2023, updated)
Related on AI Leakage
- Compare all 29 AI tools in the risk directory — see how Zoom AI Companion stacks up against the rest, tier by tier.
- Take the 5-minute “Am I Leaking?” check — a personalised view of your business’s AI exposure.
- Check a prompt before you paste it — our free Data-Safe Prompt Rewriter.
- Shadow AI vs AI leakage — why even approved tools like Zoom AI Companion can leak data.
- Get plain-English AI Leakage Alerts — we email you when an AI tool you use changes its data policy or has an incident.
- Get the free AI Acceptable Use Policy template — a plain-English policy with the tool-by-tool risk guide built in.