GTM AI
GTM AIby ZoomInfo

Security & Data

How authentication, entitlement enforcement, and data handling work in the ZoomInfo MCP server.

·Rowan BaileyRowan BaileySenior Director, Product

Authentication

All requests flow through ZoomInfo's MCP Gateway, which handles authentication, entitlement enforcement, and request routing. Each user authenticates with their own ZoomInfo credentials, the same login used for the ZoomInfo web app.

The MCP server is stateless. Authentication (who you are) and session state are separate concerns. Each tool call is scoped to the authenticated user, so your account relationships, CRM context, and conversation history are properly associated with your requests.

Data Entitlements

MCP does not grant access to any data beyond what your ZoomInfo package already includes. The data and fields accessible through your AI tool are identical to what you'd access in the ZoomInfo web app.

  • Different packages return different fields
  • Some tools are tied to specific entitlements (e.g., Intent data will only be available to organizations with Intent Topics configured)
  • All tool calls respect your organization's existing package entitlements

What ZoomInfo Processes

ZoomInfo's MCP server processes the tool invocations you make: the parameters you send and the results it returns. ZoomInfo does not have visibility into your broader AI conversations or the context your AI tool maintains between messages.

All MCP tools are currently read-only. No data is written back to ZoomInfo systems through the MCP connection.

AI Provider Data Retention

When you use ZoomInfo MCP through an AI tool like Claude or ChatGPT, ZoomInfo data passes through that AI provider's infrastructure. Data retention and usage policies for the AI provider are governed by your agreement with that provider, not ZoomInfo.

Review your AI provider's data retention settings and disable training data collection where available, particularly for enterprise deployments handling sensitive account or contact data.

User-Level Access Control

Admins can control which users have MCP access via Admin Portal → Users → User Management. Toggle the API Access setting per user to enable or disable MCP connectivity.

There is currently no organization-wide toggle to disable MCP for all users simultaneously. Access is managed at the user level.

Users who cannot use MCP:

  • Admin-only seats (intentionally restricted from data access by design)
  • Users without bulk data credits enabled

Users who can use MCP:

  • Any user with a Sales, Copilot, or Studio license with bulk credits enabled
PreviousCredits & BillingNext FAQ & Troubleshooting