Privacy policy for Zoho Payments

INTRODUCTION

In addition to Part I of Zoho's general privacy policy, this privacy policy explains Zoho's privacy practices with respect to the processing of personal information about you and your customers in relation to your use of Zoho Payments. If you are a customer of a Zoho Payments user, this privacy policy is not applicable to you and you should contact the Zoho Payments user for information on how your data is processed.

1. Information Zoho collects about you or your Customers

A. Information that you or your Customers provide us

i. Setting up of Zoho Payments Account: In order to use Zoho Payments, you need a Zoho Payments Account. Zoho conducts a KYC process before creating a Zoho Payments Account and as part of this KYC process, we may collect personally identifiable information about you or representatives of your business. Apart from region specific acceptable verification information and documents, we may collect:

  • Information about your business such as:
  • legal name, address, phone number, employer identification number, tax identification number, company structure, type of the business, details about the websites, description about the business, and product sold or the service sold;
  • Support related information such as support address, support email address, and support phone number;
  • Information about you or representative of your business such as:
  • Name, date of birth, email address, phone number, address, social security identification number, position/title/shareholding in the business.

ii. Payout Processing: Apart from the information mentioned above, we collect your bank account information (such as account number, routing number and account holder name), currency, country, and payout descriptors to settle transactions processed through Zoho Payments.

iii. Payment Processing: In order to process payments for you, we collect, use and share certain information related to your customers. This may include name, payment method information (such as credit or debit card number, card expiry date, card CVV, and account information), email address, phone number, billing details and shipping details including shipping address, details of the product purchased, card holder name, currency, tax amount and purchase amount.

B. Information that we collect automatically

i. Information from browsers, devices and servers: When you visit our websites, or when your customers make payments to you, we collect information that web browsers, devices and servers make available, such as the internet protocol address, browser type, language preference, date and time of access, time zone, time spent on sites, information about operating system, information about device (such as screen resolution, device manufacturer and model), plug-ins, add-ons, pages visited, and links clicked. We also collect the URLs using which your customers make payments to you. We collect this information to understand more about visitors, to detect, monitor, prevent and take actions against fraudulent activities.

ii. Cookies and tracking technologies: We use temporary and permanent cookies to identify users of our services, to enhance user experience, and to monitor, detect, and prevent fraudulent activities. We embed unique identifiers in our downloadable products to track usage of the products. We also use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted visitor and user engagement by tracking your activities on our websites. We mostly use first-party cookies and do not use third-party cookies or other third-party tracking technologies on our websites for non-essential or intrusive tracking. You can learn more about the cookies used on our websites here. You can also learn more about Zoho's stance against non-essential and intrusive third-party cookies and tracking technology here. We also use first-party Local Storage Objects (LSOs) such as HTML5 to store content information and preferences to provide certain features.

C. Information that we collect from third parties

i. Information from identity verification providers: To help us provide you Zoho payments, we engage certain third party service providers for identity verification, fraud detection and fraud prevention. We receive certain information about you such as name, social security identification number, date of birth, direct or indirect political exposure, current and previous addresses, your company name, and tax payer identification number, contact details such as primary and other phone number(s), status of the phone number(s) and email address, carrier information, credit information about your business from such service providers when we (i) set-up your Zoho Payments account; and (ii) process your payments initiated through Zoho Payments.

ii. Third-party service providers: We collect identity and account information relating to your customers from third-party service providers and networks who help us assess and manage risks from chargebacks, and prevent illegal and fraudulent activities.

iii. Other sources: We collect identity related information (such as name, address, phone number, country) about you to monitor, detect and prevent fraudulent activities from other sources like website monitoring service providers, fraud risk management providers, our business partners, financial service providers, and publicly available sources.

2. Who we share information with

i. Zoho entities and third parties: In order to provide services and technical support for Zoho Payments, Zoho Corporation engages other Zoho entities and third parties.

ii. Fraud risk management and Identity verification providers: We may need to share certain information about you and your customers that is provided to us during setting up of your Zoho Payments account or when we process payments with third-party service providers engaged for identity verification, fraud risk management and website monitoring to help us verify your identity and to detect and prevent fraud. These service providers are required to use the information shared in accordance with applicable data protection and privacy laws.

iii. Payment ecosystem partners: We have partnered with banks, card networks, payment method providers, and payment processors to enable you to accept payments and settle funds to your designated bank account. We may share certain information about you and your customers with these providers when they are involved in facilitating the provision of Zoho Payments.

iv. Third-party service providers: We may need to share your information with third-party service providers for purposes such as tax reporting and debt collection. These service providers are authorized to use your information only in accordance with applicable data protection and privacy laws.

v. Third-party integrations you have enabled: Zoho Payments may support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access the data and personal information in your account. We encourage you to review the privacy practices of the third-party services and products before you enable integrations with them.

3. Purposes for collecting and using your information

We may use your information for the following purposes :

  • To provide you, your customers and other Zoho Payments users with Zoho Payments service (including but not limited to setting up and maintenance of your Zoho Payments account, processing of your payments through Zoho Payments and to handle chargebacks);
  • To verify your identity;
  • To detect and prevent fraudulent transactions or activities, including to develop technologies for fraud detection and prevention;
  • To comply with any legal and contractual requirements that apply to Zoho (including but not limited to compliance with the requirements under "know your customer" (KYC), anti-money laundering laws (AML), or anti - terrorism laws).
  • To understand how you use Zoho Payments, to monitor and prevent problems, and to improve our service;
  • To analyze trends, administer our websites, and track visitor navigation on our websites to understand what visitors are looking for and to better help them;
  • To ask you to participate in surveys, or to solicit feedback on Zoho Payments;
  • To provide customer support, and to analyze and improve our interactions with you;
  • To monitor and improve marketing campaigns and make suggestions relevant to you;
  • To communicate with you (such as through email) about Zoho Payments, changes to this Privacy Policy, Terms of Service, or other important notices.

4. Purposes for collecting and using your Customer's information

Except in connection with your use of Zoho Payments (which may involve sharing of your customer's personal information with banks and other third party providers who help us in offering you Zoho Payments), we will never use the personal information of your customers in any manner unless they are a direct customer of one or more of our Zoho services.

5. Fraud prevention

Zoho may process information relating to you or your customer to detect and prevent fraudulent and illegal activities.

6. Compliance with Applicable Data Protection Laws

i. Role of Zoho: We process all the personal information in compliance with applicable data protection and privacy laws including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). When we process information according to your instructions, we process the information on your behalf and our role is "processor" or "service provider" (as the terms are defined under GDPR and CCPA respectively). When we process information other than according to your instructions (such as for identity verification, fraud prevention, marketing, or compliance with our legal obligations), we act as a "controller" or "business" (as the terms are defined under GDPR and CCPA respectively).

ii. Compliance with Data Subject Requests: Data protection and privacy laws provide certain rights (such as right to know and access the information processed, right to request rectification or correction, right to object to the processing, right to restrict processing, right to data portability, and right to opt out of sale of personal information) to the data subjects.

If you are a customer of Zoho Payments, we provide you with the ability to comply with these data subject requests. If we receive a data subject request directly from your customer or user (relating to the information for which we act as a processor), we will notify you of such request within reasonable time or redirect the data subject to you. It is your responsibility to comply with these data subject requests in accordance with applicable data protection and privacy laws. If we receive a data subject request (relating to the information for which we act as a controller), we will comply with the data subject requests as required by applicable data protection and privacy laws. Please note that we do not sell personal information relating to you and your customers (as the term is defined under CCPA).

7. Retention of information

We retain information mentioned above for as long as it is required for the purposes stated in this privacy policy. Sometimes, we may retain this information for longer periods as permitted or required by law, such as to monitor, detect and prevent fraud, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax and accounting purposes, or to comply with other legal obligations. When we no longer have a legitimate need to process the information, we will delete or anonymize it from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.

8. Children's personal information

Zoho Payments is not directed to individuals under 18. Zoho does not knowingly collect personal information from children who are under 18 years of age for its own purposes. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 18 years has provided personal information to us, please write to privacy@zohopay.com with the details, and we will take the necessary steps to delete the information we hold about that child.

9. How secure is your information

At Zoho, we take data security very seriously. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorized access, use, modification, disclosure or destruction of information relating to you and your customers. If you have any concerns regarding the security of your data, we encourage you to write to us at privacy@zohopay.com with any questions.

10. Data Protection Officer

We have appointed a Data Protection Officer to oversee our management of your information in accordance with our Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your information, you can reach out to our Data Protection Officer by sending an email to dpo@zohocorp.com or by writing to: Data Protection Officer, Zoho Corporation, 4141 Hacienda Drive, Pleasanton, CA 94588, USA.

11. Locations and International Transfers

Zoho Corporation shares your information with other Zoho entities and third parties for the purposes described above. By accessing or using Zoho Payments or otherwise providing information to us, you understand that the processing, transfer, and storage of information is within the United States of America, India and other countries where Zoho operate.

12. Do Not Track (DNT) Requests

Some internet browsers have enabled 'Do Not Track' (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you don't wish to be tracked. Currently, there is no standard that governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals.

13. External links on our websites

Some pages of our websites may contain links to websites that are not linked to this Privacy Policy. If you submit your personal information to any of these third-party sites, your personal information is governed by their privacy policies. As a safety measure, we recommend that you not share any personal information with these third parties unless you've checked their privacy policies and assured yourself of their privacy practices.

14. Blogs and forums

We offer publicly accessible blogs and forums on our websites. Please be aware that any information you provide on these blogs and forums may be used to contact you with unsolicited messages. We urge you to be cautious in disclosing personal information in our blogs and forums. Zoho is not responsible for the personal information you elect to disclose publicly. Your posts and certain profile information may remain after you terminate your account with Zoho. To request the removal of your information from our blogs and forums, you can contact us at privacy@zohopay.com.

15. Social media widgets

Our websites include social media widgets such as Facebook "like" buttons and X (formerly known as Twitter) "post" buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate in the website, and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.

16. Enforcement of our rights

We may disclose information to a third party if we believe that such disclosure is necessary for preventing fraud, spam filtering, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.

17. Business Transfers

We do not intend to sell our business. However, in the unlikely event that we sell our business or get acquired or merged, we will ensure that the acquiring entity is legally bound to honor our commitments to you. We will notify you via email or through a prominent notice on our website of any change in ownership or in the use of your information. We will also notify you about any choices you may have regarding your information.

18. Compliance with this Privacy Policy

We make every effort, including periodic reviews, to ensure that information you provide is used in conformity with this privacy policy. If you have any concerns about our adherence to this privacy policy or the manner in which your information is used, kindly write to us privacy@zohopay.com. We'll contact you, and if required, coordinate with the appropriate regulatory authorities to address your concerns effectively.

19. Notification of changes

We may modify the Privacy Policy at any time, upon notifying you through a service announcement or by sending an email to your primary email address. If we make significant changes to the Privacy Policy that affect your rights, you will be provided with at least 30 days' advance notice of the changes by email to your primary email address. However, if you have not verified your email address, you may miss important notifications that we send through email. If you think that the updated Privacy Policy affects your rights with respect to your use of our products or services, you may terminate your use by sending us an email within 30 days. Your continued use after the effective date of changes to the Privacy Policy will be deemed to be your agreement to the modified Privacy Policy. You will not receive email notification of minor changes to the Privacy Policy. If you are concerned about how your information is used, you should check back at https://www.zoho.com/us/payments/privacy.html periodically.

© 2025, Zoho Corporation Pvt. Ltd. All Rights Reserved.