What is GDPR?

The EU's General Data Protection Regulation (GDPR) aims to provide customers with granular-level control over their personal data. It requires organizations to know the legal grounds and lawful basis for collecting and processing personal data; when based on consent, obtain consent in the right way to process the data in a secure and transparent manner; and store the data no longer than necessary. GDPR is applicable to all organizations that work with the data of European Union residents.

What is personal data?

In the scope of the GDPR, personal data is any information related to an identified or identifiable natural person. This includes, but is not limited to: name, email address, phone number, address, IP address, identification numbers, and photos.

How is Zoho Flow GDPR compliant?

Zoho Flow collects only the required data for general purposes and for the functioning of your flows. Your data is stored securely, and we provide transparency in data processing. You, as a customer and the controller of the data, have complete control over the data collected and processed for your flows, and can also choose to erase your data from our systems at any time.

Security of data processed by Zoho Flow

Features such as two-factor authentication, role-based access, and the ability to limit access to your connections provide advanced data security. Your email address, API keys, and other sensitive data are encrypted in storage using the Advanced Encryption Standard (AES).


You hold the control to authorize the Zoho Flow team to access your account and connections in case you want to resolve any issues or validate your flows and connections. You can enable or disable this access at any time. You are encouraged to read the privacy policies of the respective applications before you set up integration flows with them.

Support Access

Based on explicit user request, the Zoho Flow support team can review user accounts and connections only after the user provides an explicit approval through the Support Access feature.

Records of processing

For each organization on Zoho Flow, an audit trail of organization-specific activities is maintained. This lets you track when each activity happened and who performed it.

Data rectification and erasure

You can edit your organization details and connections anytime you want. Flow details—like trigger and action configurations, name, and description—can also be modified. You can delete a flow or connection that you create at any time.

As an organization owner, you can also choose to delete your Zoho Flow organization—all data, including flows, app connections, history, and audit trial, will be deleted in 30 days. If you are a part of another Flow organization, you may exit the organization at any time.

Data retention

We retain your account-related information as long as you choose to use Zoho Flow. The audit logs, which include information about every addition, update, and deletion of records made in your Zoho Flow organization, will be retained as long as you retain the organization. The flow history, which includes the date and time of executions and the input and output data exchanged between the apps in that flow, will be retained up to 100 days from the time the execution data is created. The amount of data retained or the length of time retained do not depend on the type of account or the subscription plan.

If you delete your organization, all data, including flows, app connections, history, and audit trial, will be deleted in 30 days.


We'll document and keep you posted on relevant changes as we implement them. If you have any questions, drop us a line at support@zohoflow.com.

Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.