Does Zoom offer EU data residency?
Zoom Communications, Inc. · Video Conferencing · official site ↗
EU residency on higher tiersEU-US DPF + SCCsDPA available
Where does Zoom store EU data — and who can touch it?
Zoom offers EU data residency only on higher plan tiers, and relies on the EU-US Data Privacy Framework plus SCCs for transfers.
Zoom offers EU data-centre routing and dedicated EU infrastructure to eligible paid, enterprise and education accounts (not standard/free), is an active EU-US Data Privacy Framework participant, and incorporates SCCs into its standard DPA.
EU data residency
Can you keep data in the EU?
Zoom lets eligible paid accounts route meeting and webinar data through EU data centres, and runs dedicated Zoom EU Infrastructure that hosts accounts for EU Education and Enterprise customers. It is limited to those eligible tiers — account data and diagnostic data still reside in the US — so EU residency is gated, not a default for all plans.
Transfer mechanism
Zoom registered as an active participant in the EU-US Data Privacy Framework and implemented the 2021 SCCs into its standard DPA for personal data transferred from the EEA; even EU-routed meetings can involve cross-border support and sub-processor flows under SCCs.
Sub-processors
Who else processes your data?
Zoom publishes a sub-processor list (~28 entities) covering AWS, Google Cloud, Microsoft, Oracle, Twilio and AI vendors (OpenAI, Anthropic) with a maintained changelog. Account owners are notified of new sub-processors to the extent required by their contract; most rely on SCCs, Oracle on Binding Corporate Rules. current sub-processor list ↗
Data Processing Agreement (DPA)
Does Zoom sign a DPA?
Zoom incorporates its Global Data Processing Addendum into the Zoom Terms of Service for all customers (no separate signature). Accounts with EU data residency configured accept the DPA via the admin portal; otherwise the global DPA applies automatically. DPA ↗
What the trust-badge pages don't tell you
EU data-centre routing covers meeting/webinar content, but account and diagnostic data still sit in the US — 'EU residency' here is partial. Confirm which data classes your plan actually pins before relying on it.
$249/moto monitor up to 25 vendors' DPA & residency
≈ $3,000/yr, incl. cited bulk export
≈ $3,000/yr, incl. cited bulk export
Monitor your whole vendor list for DPA & residency changes
The free lookup answers one vendor at a time. Teams running EU vendor intake track dozens and need to know the moment a sub-processor, residency region or DPA term changes. Leave your work email and we'll set up monitoring + a cited export for your list.
Get notified when this changes
Compliance isn't one-and-done. Leave your email and we'll alert you when any vendor's BAA or HIPAA status we cover changes.
Frequently asked questions
Does Zoom offer EU data residency?
Only on higher tiers. Zoom lets eligible paid accounts route meeting and webinar data through EU data centres, and runs dedicated Zoom EU Infrastructure that hosts accounts for EU Education and Enterprise customers. It is limited to those eligible tiers — account data and diagnostic data still reside in the US — so EU residency is gated, not a default for all plans.
Where does Zoom send my data, and does it rely on SCCs?
Zoom registered as an active participant in the EU-US Data Privacy Framework and implemented the 2021 SCCs into its standard DPA for personal data transferred from the EEA; even EU-routed meetings can involve cross-border support and sub-processor flows under SCCs.
Who are Zoom's sub-processors?
Zoom publishes a sub-processor list (~28 entities) covering AWS, Google Cloud, Microsoft, Oracle, Twilio and AI vendors (OpenAI, Anthropic) with a maintained changelog. Account owners are notified of new sub-processors to the extent required by their contract; most rely on SCCs, Oracle on Binding Corporate Rules. See the current list at https://www.zoom.com/en/trust/subprocessors/.
Does Zoom sign a GDPR Data Processing Agreement (DPA)?
Yes — Zoom incorporates its Global Data Processing Addendum into the Zoom Terms of Service for all customers (no separate signature). Accounts with EU data residency configured accept the DPA via the admin portal; otherwise the global DPA applies automatically.
Is Zoom GDPR compliant?
Zoom can be used in a GDPR-compliant way, but compliance depends on your configuration, not just the vendor: Zoom offers EU data-centre routing and dedicated EU infrastructure to eligible paid, enterprise and education accounts (not standard/free), is an active EU-US Data Privacy Framework participant, and incorporates SCCs into its standard DPA. You are the controller — confirm the current DPA, residency and sub-processor terms with Zoom Communications, Inc. and run a transfer impact assessment before processing EU personal data. This is not legal advice.
Sources
https://www.zoom.com/en/trust/gdpr/
https://www.zoom.com/en/trust/subprocessors/
This page is cited public information, not legal or compliance advice. Whether Zoom can lawfully process your EU personal data depends on your plan, configured region, contract and a transfer impact assessment you control. Always confirm current terms with Zoom Communications, Inc. before sending EU personal data.