Is Zoom Safe to Use in 2026?
Zoom has improved its security practices since the early pandemic era but continues to face privacy scrutiny. The platform updated its terms of service to allow using customer data for AI training, causing significant backlash before partially reversing the policy. Zoom end-to-end encryption is available but not the default for all meeting types. The company previously had an attention tracking feature, suffered from Zoombombing incidents, and misrepresented its encryption capabilities. While Zoom has addressed many of these issues, the pattern of prioritizing features over privacy and then correcting course after public backlash earns it a caution rating. Users should configure security settings carefully rather than relying on defaults.
What Zoom Collects
- Meeting audio, video, transcription, chat messages, and screen sharing content when recording and AI features are enabled
- Participant information including names, email addresses, IP addresses, device data, and meeting attendance metadata
- Usage patterns including meeting frequency, duration, feature usage, and participant engagement metrics
- Cloud recording content stored on Zoom servers, plus AI-generated meeting summaries and transcription data
Who Sees Your Data
- Zoom Video Communications which processes meeting data for platform operations and AI feature development
- Meeting hosts and account administrators who can access recordings, transcriptions, and attendance data
- Third-party integrations connected to Zoom accounts that may receive meeting data through API access
AI Training Data Controversy
In 2023, Zoom updated its terms of service to grant itself rights to use customer content for training AI models. The backlash was immediate and severe, with customers threatening to leave the platform. Zoom partially reversed the policy, stating it would not use customer audio, video, or chat content for AI training without consent. However, the incident revealed that Zoom initial instinct was to claim broad rights to customer data for AI development. The updated policy still allows Zoom to use service-generated data and telemetry for AI improvements. The willingness to claim AI training rights over customer meeting content, even briefly, demonstrates a corporate tendency to maximize data exploitation that users should keep in mind when trusting the platform with sensitive meeting content.
Encryption Reality
Zoom offers end-to-end encryption for meetings, but it requires manual activation and disables several features when enabled, including cloud recording, live transcription, and breakout rooms. The default encryption is transport encryption, which protects data in transit but allows Zoom servers to access meeting content. This means most Zoom meetings are not end-to-end encrypted because users either do not enable the feature or cannot use it without losing needed functionality. Zoom previously misrepresented its encryption as end-to-end when it was only transport encrypted, resulting in an FTC settlement. The current encryption options are technically sound when enabled, but the practical reality is that most meetings rely on transport encryption that Zoom can access.
Historical Privacy Issues
Zoom accumulated a significant list of privacy issues during its rapid growth. The attention tracking feature monitored whether participants had the Zoom window in focus. The Zoom installer on Mac used a pre-installation technique that mimicked malware behavior. Zoombombing exploited weak default security settings. The routing of some calls through Chinese servers raised data sovereignty concerns. Meeting data was shared with Facebook through the iOS SDK without disclosure. While Zoom has addressed each of these issues individually, the pattern reveals a company that historically prioritized growth and features over privacy and corrected course only when publicly pressured. This reactive rather than proactive approach to privacy warrants ongoing scrutiny.
Recommended Privacy Settings
| Setting | Where | Recommended |
|---|---|---|
| End-to-End Encryption | Settings > Security > End-to-end encryption | Enable end-to-end encryption for sensitive meetings to prevent Zoom servers from accessing meeting content |
| Waiting Room | Settings > Security > Waiting Room | Enable waiting room to prevent unauthorized participants from joining your meetings |
| AI Companion | Settings > AI Companion | Review and disable AI Companion features if you do not want meeting content processed by Zoom AI systems |
Safer Alternatives
Open-source video conferencing with self-hosting options and no corporate data collection
End-to-end encrypted video calls with no recording capability and minimal metadata collection
Our Verdict
Zoom earns a caution rating due to its pattern of prioritizing features and growth over privacy, then correcting course after public backlash. The AI training data controversy, encryption misrepresentation, attention tracking, and other historical issues demonstrate reactive rather than proactive privacy practices. While Zoom has addressed individual issues, the underlying corporate tendency to maximize data access remains a concern. For sensitive meetings, enable end-to-end encryption and disable AI features. For regular meetings, configure security settings carefully rather than relying on defaults. For maximum video conferencing privacy, open-source alternatives like Jitsi Meet provide stronger guarantees without corporate data processing interests.
Related Safety Checks
Frequently Asked Questions
Does Zoom use my meetings to train AI?
Zoom current policy states it will not use customer audio, video, or chat content for AI training without consent. However, Zoom does use service-generated data and telemetry for AI and product improvements. If you enable Zoom AI Companion features like meeting summaries, the meeting content is processed by AI systems as part of delivering those features. The distinction between using data for feature delivery and using it for AI training involves nuance that may evolve with future policy updates. The 2023 terms of service change attempt demonstrated willingness to claim broad AI training rights, suggesting ongoing vigilance about policy changes is warranted.
Is Zoom end-to-end encrypted by default?
No, Zoom default encryption is transport encryption, not end-to-end encryption. Transport encryption protects data during transmission but allows Zoom servers to access meeting content. End-to-end encryption must be manually enabled and disables features including cloud recording, live transcription, polling, reactions, and breakout rooms. Most Zoom meetings therefore use transport encryption by default. To verify your encryption level, look for the shield icon during a meeting. For meetings discussing sensitive topics, manually enable end-to-end encryption and inform participants that some features will be unavailable.
Can my employer see my Zoom activity?
Account administrators can see meeting attendance, duration, participant lists, and usage reports through the Zoom admin dashboard. If meetings are recorded to the cloud, administrators can access recordings. Meeting chat content can be saved and accessed by the host. The level of visibility depends on your organization Zoom plan and administrative settings. On enterprise plans, administrators have extensive reporting and monitoring capabilities. Zoom attention tracking was removed, but meeting engagement metrics may still be available. Treat Zoom as a monitored workplace tool where your attendance, participation, and potentially your meeting content are visible to your employer.