Zscaler Transparency Report
Last updated: August 2024
Introduction
Zscaler takes trust and transparency very seriously, particularly as it pertains to the use and disclosure of the personal data of a customer’s user. Every year, Zscaler publishes the number of requests it received in the previous fiscal year from government agencies, regulatory bodies, and other law enforcement authorities (“Government Authorities”) to disclose information relating to Zscaler customers’ use of Zscaler products (“Government Request”). The report only covers requests received by Zscaler from Government Authorities, and therefore does not include requests for information from our customers, users, or other third parties.
Zscaler believes in promoting direct dialogue between Government Authorities and affected customers when responding to Government Requests. Therefore, when Zscaler receives a Government Request seeking information about one or more Internet Protocol (IP) transactions associated with one or more Zscaler IP addresses, Zscaler will identify its customer (e.g., corporate entity) corresponding to that IP transaction and provide contact information for that customer. This approach allows the customer an opportunity to respond to the request directly or seek legal assistance if needed.
Has Zscaler ever disclosed personal data of a customer’s user in response to a Government Request?
No, Zscaler has never and will not disclose personal data of a customer’s user (e.g., a written log of any transaction or any other customer information associated with any transaction), unless specifically compelled by a court of law to do so, which has never occurred to date.
Does Zscaler notify the affected customer after receiving a Government Request to disclose personal data of a customer’s user?
Yes, if Zscaler is legally required to disclose any personal data of a customer’s user, Zscaler will promptly notify the customer before making any such disclosure unless Zscaler is prohibited from doing so by law.