// Trust & Security Report

    ZoomInfo Technologies LLC logo

    ZoomInfo Technologies LLC

    B2B go-to-market (GTM) intelligence platform including SalesOS (contact and company database), ZoomInfo Copilot (AI sales assistant), MarketingOS, TalentOS (recruiting), OperationsOS (data enrichment), and GTM Studio (workflow automation)

    Certifications held

    11

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    GTM SOC 2 Type II - 2026 listed as a downloadable resource in the Trust Center; security overview confirms SOC 2 Type II attestation

    Verify on trust.zoominfo.com
    ISO 27001:2013
    HELD

    ISO 27001:2013 listed under Organizational Security controls and certifications on the Trust Center; confirmed in security overview page

    Verify on trust.zoominfo.com
    ISO 27701
    HELD

    ISO 27701 listed under Organizational Security controls on the Trust Center; confirmed in security overview; ZoomInfo press releases announce ISO 27701 certification

    Verify on trust.zoominfo.com
    ISO 27017
    HELD

    ISO 27017 listed as a certification on the Trust Center compliance page alongside ISO 27001 and ISO 27701

    Verify on trust.zoominfo.com
    CSA STAR Level 1
    HELD

    CSA star level 1 listed as a certification on the Trust Center compliance page

    Verify on trust.zoominfo.com
    GDPR (posture / attestation)
    HELD

    TRUSTe GDPR Attestation listed as a Trust Center resource; ZoomInfo states 'ZoomInfo works to comply with all applicable privacy regulations, including the GDPR'; EU-US Data Privacy Framework and DPA addenda available

    Verify on trust.zoominfo.com
    TRUSTe Enterprise Privacy Certification
    HELD

    TRUSTe Enterprise Privacy Certification listed as a primary certification on the Trust Center and under Privacy controls section

    Verify on trust.zoominfo.com
    TRUSTe CCPA Validation
    HELD

    TRUSTe CCPA Validation listed under Privacy controls on the Trust Center

    Verify on trust.zoominfo.com
    TRUSTe Responsible AI Certification
    HELD

    TRUSTe Responsible AI Certification listed as a downloadable resource in the Trust Center resources section

    Verify on trust.zoominfo.com
    EU-US Data Privacy Framework
    HELD

    EU-US Data Privacy Framework listed as a certification on the Trust Center; privacy policy confirms compliance and appointment of VeraSafe as Article 27 representative

    Verify on trust.zoominfo.com
    Swiss-US Privacy Shield / Swiss-US DPF
    HELD

    Swiss-US Privacy Shield listed as a certification on the Trust Center. Note: the Trust Center uses the older 'Privacy Shield' name; likely refers to the Swiss-US Data Privacy Framework adopted 2023-2024

    Verify on trust.zoominfo.com
    > Show 5 unconfirmed / not-held certifications
    ISO 27018
    NOT CONFIRMED

    No public evidence found on vendor domain; ISO 27017 is confirmed but ISO 27018 is not separately listed

    source: trust.zoominfo.com
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA compliance in ZoomInfo's privacy policy, security overview, or trust center. Security overview lists HIPAA only as a requirement ZoomInfo places on its own third-party vendors, not as a certification ZoomInfo itself holds

    source: zoominfo.com
    FedRAMP
    NOT CONFIRMED

    No public evidence found on vendor domain

    source: trust.zoominfo.com
    PCI DSS
    NOT CONFIRMED

    PCI DSS is listed only as a requirement ZoomInfo places on third-party service providers; no evidence ZoomInfo itself holds PCI DSS certification

    source: zoominfo.com
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    No public evidence found on vendor domain; TRUSTe Responsible AI Certification is held instead

    source: trust.zoominfo.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Primarily United States (AWS infrastructure); personal information 'may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities.' No contractual data residency guarantee for EU customers beyond DPA Standard Contractual Clauses.

    ZoomInfo's privacy policy explicitly states it may use customer information to 'Fine-tune or train LLMs or other Artificial Intelligence models.' The License Terms and Conditions (LTC Section 5.5-5.6) grant ZoomInfo a perpetual right to use Submitted Data and Related Information to 'test, develop, improve, or enhance ZoomInfo's products and services.' An opt-out mechanism is available within the ZoomInfo platform settings (Section 5.5). Anthropic PBC is listed as a subprocessor providing 'Generative AI services,' meaning ZoomInfo routes data through Claude for AI features. Customers should review Section 5.5 carefully and exercise in-platform opt-outs where needed.

    // Security controls

    Encryption at rest

    AES-256

    zoominfo.com

    Encryption in transit

    TLS 1.2 minimum for all browser communication

    zoominfo.com

    Password storage

    SHA-256 salted hash format

    zoominfo.com

    Multi-Factor Authentication (MFA)

    Available and supported for customer access

    trust.zoominfo.com

    Single Sign-On (SSO)

    Supported for customer access

    trust.zoominfo.com

    Role-Based Access Control (RBAC)

    Supported; listed as a product security control

    trust.zoominfo.com

    Audit Logs

    Available; 90-day retention for most systems, over 1 year for certain logs

    trust.zoominfo.com

    Security Operations Center

    24/7 Cyber Security Operations Center (CSOC)

    zoominfo.com

    Penetration Testing

    Vulnerability testing on established schedule; 2025 SalesOS pentest report available in Trust Center

    trust.zoominfo.com

    Risk Management Framework

    Anchored to ISO 31000 Risk Management Standard

    zoominfo.com

    Incident Response

    Incident Response Plan (IRP) and Data Breach Notification policy listed as controls

    trust.zoominfo.com

    Infrastructure

    Amazon Web Services (primary); Google LLC (cloud hosting and generative AI services); Auto Scaling and Data Redundancy listed; DoS protection available

    trust.zoominfo.com

    // Products & data scope

    SalesOSB2B Sales Intelligence

    data: Business contact data, company firmographics, technographics, intent signals; CRM enrichment

    Core product; SOC 2 Type II report covers GTM platform including SalesOS. Pentest report specifically named 'SalesOS pentest 2025' available in Trust Center.

    ZoomInfo CopilotAI Sales Assistant

    data: Customer account data, contact records, sales interaction data processed by AI; uses Anthropic (Claude) as subprocessor

    AI-powered co-pilot for sales reps; leverages generative AI via Anthropic PBC. Data submitted through Copilot may be used for AI training unless opt-out is exercised.

    MarketingOSB2B Marketing Intelligence

    data: Contact and company data for marketing segmentation, intent data, ad targeting

    Marketing-focused module; same data governance as SalesOS. Buyer intent data sourced from ZoomInfo's contributory network.

    TalentOSRecruiting Intelligence

    data: Candidate contact data, employment history, skills data

    Recruiting intelligence platform. Same certifications as overall platform apply.

    OperationsOSData Enrichment and RevOps

    data: CRM and marketing automation data enrichment at scale

    Data enrichment and pipeline management. Integration with Salesforce, HubSpot, Marketo, Outreach, Salesloft, and others.

    GTM StudioWorkflow Automation

    data: Sales and marketing workflow automation using ZoomInfo data signals

    AI-guided workflow automation; part of the GTM platform offering.

    // What to watch

    • AI_TRAINING_ON: ZoomInfo's privacy policy explicitly permits using customer data to 'Fine-tune or train LLMs or other Artificial Intelligence models.' LTC Section 5.5-5.6 grants a perpetual right to use Submitted and Related data for product improvement. An in-platform opt-out exists but is not default-off. Buyers should review and exercise opt-out.
    • SUBPROCESSOR_ANTHROPIC: Anthropic PBC is listed as a subprocessor for 'Generative AI services,' meaning ZoomInfo routes customer interaction data through Claude APIs for AI features (Copilot). Evaluate data handling implications for any sensitive B2B pipeline data.
    • SWISS_PRIVACY_SHIELD_NAME: Trust Center lists 'Swiss-US Privacy Shield' using older terminology. The Swiss-US Privacy Shield was superseded by the Swiss-US Data Privacy Framework in 2023-2024. This appears to be stale branding rather than reliance on an invalidated framework, but buyers should confirm currency with ZoomInfo.
    • NO_DATA_RESIDENCY: No EU or regional data residency option is publicly documented. Data may be processed in the US or other countries where ZoomInfo or its subprocessors operate. EU customers rely on SCCs and EU-US DPF for lawful transfer.
    • NO_HIPAA: ZoomInfo does not hold HIPAA certification. Healthcare or regulated buyers needing HIPAA compliance should not rely on ZoomInfo for covered PHI.
    • CSA_STAR_LEVEL1_ONLY: ZoomInfo holds CSA STAR Level 1 (self-assessment), not Level 2 (third-party audit). Do not represent this as an audited CSA STAR certification.
    • IDENTITY_NOTE: ZoomInfo Technologies LLC (zoominfo.com) is a separate company from Zoom Video Communications (zoom.com). All evidence in this assessment is from the ZoomInfo domain only. Any Zoom.com certifications (SOC 2, ISO, etc.) do not apply to ZoomInfo.

    // At a glance

    Pricing model

    Annual subscription; seat-based with tiered plans. Free trial available. Enterprise pricing negotiated directly. Global Data Passport available as an add-on for EU/international data access.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on ZoomInfo Technologies LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.zoominfo.com

    > Browse all vendor trust reports