Updated on : 14 March 2024.

Frequently Asked Questions on Privacy

Right from our inception, it has been our pledge never to sell your data to third parties, never to misuse it and never to show you ads even in the free version of our products. Here is our CEO narrating our outlook towards the data privacy of our users. This is our commitment to your privacy - our Privacy Policy. It tells you how we collect, store and process your information. You can also check out our FAQ for more information regarding our practices. If you have any further queries, please contact privacy@zohocorp.com

  • Do you have a privacy policy?

    Yes. Please refer https://www.zoho.com/privacy.html. Region specific privacy policies are also available in the same page, in the headers.

  • Does Zoho comply with the GDPR?

    Yes, you can find more information about our GDPR compliance here

  • Where do I find Zoho's terms of service?

    Our terms of service can be accessed at https://www.zoho.com/terms.html

  • Do you have a dedicated person or team responsible for Privacy?

    Yes, we have a dedicated privacy team to manage the privacy program at Zoho. We have also appointed a Data Protection Officer (DPO).

  • Where is my service data stored?

    The Data Center where your data is stored is selected automatically based on your IP or based on the Country chosen by you while signing up for Zoho services. To know which Data Center is associated with a particular Country, click here. Alternatively, at any instant, you can know which Data Center your data resides in by looking at the URL on the browser when you are logged in to Zoho and are using our applications.

    1. If the URL is in the format of *.zoho.com (where * indicates the name of a Zoho Application such as crm, people, one), then your data is stored in the US(United States) DC.

    2. If the URL is in the format of *.zoho.eu, then your data is stored in the EU(European) DC.

    3. If the URL is in the format of *.zoho.in, then your data is stored in the IN(Indian) DC.

    4. If the URL is in the format of *.zoho.com.au, then your data is stored in the AU(Australian) DC.

    The data center details are also available in the profile section of the Zoho accounts page (if you are logged in). It can be viewed by clicking on the profile icon available in the top right corner.

  • How can I exercise my rights that the GDPR provides for?

    If you believe that Zoho owns, controls, or processes information pertaining to you in Zoho's capacity as a Data Controller, then send an email to privacy@zohocorp.com to exercise the rights that the law grants.

    If you are from the European Economic Area and you believe that Zoho stores, uses, or processes your personal data on behalf of one of our customers, please contact the corresponding customer directly to access, rectify, erase, restrict, or object to the process, or to export your personal data as our customers will be the data controllers for such data. Controllers are usually the administrator of a given Zoho service account. Any request for the data that is held by our customers will be forwarded to the respective customers. We will extend our support to our customer in responding to your request within a reasonable time frame.

  • Who owns the service data?

    As mentioned in part II of our Privacy Policy, you are the owner of the service data(which means that you are the Data Controller). We process your service data based on instructions provided through the User Interface or API of the applicable Zoho service(i.e, we are the Data Processor). The individuals whose data you may process in our applications are your Data Subjects. We provide you complete control of your service data by providing you the ability to (i) access your service data, (ii) share your service data through supported third-party integrations, and (iii) request export or deletion of your service data.

  • How secure is my data with Zoho?

    At Zoho, we take data security very seriously. That's why we have been audited for industry standards certifications such as ISO 27001, ISO 27017, ISO 27018, ISO 27701 and compliance with the SOC 2 Type II. Please find our compliance details here. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorized access, use, modification, disclosure or destruction of the information you entrust to us. If you have any concerns regarding the security of your data, we encourage you to check our Security Whitepaper or write to us at security@zohocorp.com with any questions.

  • How do you ensure that the cross-border data transfer is conducted according to applicable laws and regulations of the European Union such as the GDPR?

    If you have signed up for our EU data center, your service data is stored within the EU. However, in certain circumstances, data may need to be accessed from outside the EEA, specifically from India, for technical support purposes. For more details on these scenarios, please refer here.

  • Have you appointed a Data Protection Officer?

    Yes, we have appointed a Data Protection Officer (DPO) to oversee our management of your personal data in accordance with our Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your personal data, you can reach out to our DPO, whose contact details are provided in our Privacy Policy under the 'Data Protection Officer' heading.

  • How do I delete or close my Zoho account, and delete the data associated with it?

    If you wish to close your Zoho account, kindly refer to this FAQ: "How do I close my Zoho account? "

    Once you close your Zoho account, the data associated with it will be deleted as per our retention policy mentioned in Part II of our Privacy Policy under the 'Retention of Information' heading.

  • How do I opt out of marketing emails from Zoho?

    You can opt out of receiving newsletters and other non-essential messages by using the Unsubscribe function included in all such messages.

    You can also send an email to privacy@zohocorp.com, and we will remove you from our mailing list.

    Certain legislations may require us to provide this option more explicitly for users of certain geographies. This has been fittingly incorporated into our sign up forms and likewise reflects in our related processes. However, please note that you will continue to receive notices and essential transactional emails . For example, updates regarding your Zoho account, subscription reminders, and other such important updates.

  • What kind of emails are sent by Zoho?

    Zoho, in our capacity of a Data Controller, send you emails providing you with information you've requested us for. We also send mails inviting you to our events, webinars and the like which we think may be of interest to you. This communication is based on the preference you've provided us with. Emails are also generated through your use of our application. These emails are generated by the actions done by you. For example, if you share a document through Zoho Docs or invite one of your data subjects to join your Zoho organisation by adding their email ID through the UI or via the API(through your use of our application), they receive an auto-generated email from the respective service notifying the recipient that you've shared a document with them or that you've invited them to join your Zoho organisation. This is done in our capacity of a Data Processor.

    In all cases, if you or your recipient thinks the email is inappropriate or that it has been received in error, you can report it to us at abuse@zoho.com and we will take the necessary action

  • What personal data does Zoho, as a company, collect and process?

    Zoho, in its capacity as a data controller, collects information from you (user) either directly or indirectly, which includes the data we collect from you during the sign up process, and the data generated automatically by the devices you use. A detailed explanation of the types of data we collect and the purpose for which it is collected is mentioned in Part 1 of our Privacy Policy.

  • How and who is notified in case of a data breach at Zoho's end? What is the breach notification timeline?

    Breach notifications to our customers are performed in accordance with our internal Privacy Incident Response Policy. Zoho Group will notify the customers, without undue delay after becoming aware of the incident. For general incidents that affect all our customers, we will notify customers through our blogs, forums, and social media. With respect to incidents that relate to a specific customer or organization, we will notify the concerned customer or organization through their primary email address.

  • Does Zoho employees have access to my data?

    Access to your data is restricted to a small number of employees on a need-to-know basis in order to provide you technical support. This access is reviewed periodically. Appropriate security and privacy controls are implemented to govern the data access.

  • If I sign up for Zoho services from zoho.eu, will my data be stored and processed only within the EU? Is there a scenario where my data will be transferred out of the EU?

    For the most part, yes, the data is fully stored and processed within the EU boundaries. However, in some rare occasions data may be accessed by the employees of our Indian entity (Zoho Corporation Private Limited), in order to provide you technical support on the basis of the Model Contractual Clauses between Zoho Netherlands and Zoho India entities and subject to the Transfer Impact Assessment's supplementary measures. We have a data processing agreement in place based on Standard Contractual Clauses that provides for access to the EU data center by the employees of Zoho India. However, there is no physical transfer of data out of the EU.

    We endeavour to employ the services of third parties and sub-processors who fully process data locally in the EU. In some cases, data may also be shared with our third-parties or sub-processors outside of the EU which is based on the usage of certain features in the product and in such cases, this is carefully analysed, and onboarded Explicit authorisation is sought from the user to enable such transfers. Rest assured, we have executed appropriated agreements with all our third-parties and sub-processors and Transfer Impact Assessments are carried out as applicable. The latest list of our third parties and sub-processors can be viewed here.

  • How can I get a copy of your data processing addendum(DPA)?

    If you are the organization administrator and would like to sign a DPA with us for your organization, we have made our DPA available to be signed electronically in just a few easy steps.
    You can click here to initiate the signing process.

    Note: Make sure that you have logged into your Zoho account before initiating the signing process. You can also drop an email to legal@zohocorp.com to get a copy of the DPA.

  • Who should I contact in case of questions regarding the DPA?

    If you have any questions regarding the DPA, please drop an email to legal@zohocorp.com

  • Do you share my data with your reselling partners? If so, how can I opt-out?

    As mentioned in our privacy policy, we may share your personal data with our authorized reselling partners in your region, solely for the purpose of contacting you about products that you have downloaded or services that you have signed up for in the cases where we do not have expertise in assisting you in your regional language. However, we would notify you through email before we share your details with them. Our partners are carefully evaluated before we on-board them. We also execute written agreements with them which defines their responsibilities and ours.

    If you do not wish to work with our partners, you can drop us an email at privacy@zohocorp.com and we will do the needful.

  • Does Zoho use cookies? If so, can I disable them?

    Yes, we use cookies for multiple purposes. We've provided this information in detail in our Cookie policy.

    In Zoho's capacity of a Data Controller, we use cookies to maintain the security of our websites and products, remember your choices, analyse how our users interact with our websites and to improve our services. However, we do not use third-party cookies for the purpose of analytics and tracking user behaviour in our websites.

    In our capacity of a Data Processor, cookies are set by our applications for the purposes of maintaining the security of the applications, to manage some configurations, and to provide a smooth user experience.

    You can disable the cookies in your browser by following the steps provided by the respective internet browsers(more information in our Cookie policy).

    You can also manage your cookie preference anytime by clicking on 'Manage Cookie Preference' at the top of the Cookie Policy page or via the Cookie icon that appears at the left bottom most corner of the webpages.

    However, if you choose to disable cookie fully in your browser, some of the website's features may not work as intended and could lead to increased issues with the usability of our website and applications.

  • How long is my data retained after deletion? When will my data be deleted?

    We hold the data in your account as long as you choose to use Zoho services. Once you terminate your Zoho account, your data will eventually get deleted from active database during the next clean-up that occurs once in six months. The data deleted from the active database will be deleted from backups after three months.

  • What is the policy for Inactive accounts?

    We reserve the right to terminate unpaid user accounts that are inactive for a continuous period of 120 days. In the event of such a termination, all data associated with such user account will be deleted. We will provide you prior notice of such a termination and option to back-up your data. Please refer to the section 'Inactive User Accounts Policy' in our Terms of Service.

  • How is my service data handled?

    We process your service data(all of the information that you store and process in and through Zoho's application softwares is collectively referred to as Service Data) based on the instructions provided through the various modules of Zoho services. For example, when you generate an invoice, information such as the name and address of your customer will be used to generate the invoice; when you use our campaign management service for email marketing, the email addresses of the people on your mailing list will be used for sending the emails. For more details on how your service data is handled, please refer to Part II of our Privacy Policy.

  • Are sub-contractors or third-party vendors involved in the processing of my service data?

    Yes, sub-contractors and vendors are involved in the processing of service data. However, sub-contractors and vendors may vary based on the Zoho service you are using. Different Zoho services may use different sub-processors or vendors for various purposes. The Involvement of a sub-contractor or vendor in the processing of your data depends on your usage of a particular feature within the applicable Zoho service. The current list of the sub-processors is available here. You can always verify this list to learn about the sub-processors used in each Zoho service. If you are from the EU, you may also want to refer to Question 17 in this FAQ.

  • Do you sell my data to advertisers?

    No, we don't. As mentioned in our Privacy Policy, Zoho will never sell your information to third parties for advertising, or make money by showing you other people's ads. This has been our approach for almost 20 years, and we remain committed to it. We don't make a single dollar from advertising revenue, even from the free editions of our services. This means we avoid the fundamental conflict of interest between gathering customer information and fuelling advertising revenue, and the unavoidable compromises in customer privacy that it brings. Check out our CEO's commitment on your Privacy.

  • Is there an option to export all my service data?

    The export option is provided within the user interface of each service. You can find information on how to export your data and the formats available for exporting your data through the user interface by referring to the help pages of the respective services.

  • Do you provide an option for deleting any or all of my service data?

    The option to delete the data is provided within the user interface of each Zoho service. While some data may be deleted immediately from the active database, some data might be moved to the recycle bin and will be deleted subsequently. However, the data will remain in the backups for 3 months in encrypted form.

  • Do any other entities in the Zoho group have access to or use our data?

    Yes, other entities in the Zoho Group may have access to your data for the purpose of providing you technical support and during disaster recovery operations. Please refer to ‘Who we share service data with’ in Part II – Information that Zoho processes on your behalf of our Privacy Policy.

  • Does Zoho disclose our data to law enforcement authorities?

    Yes, if required by law, your personal data and service data may be disclosed or preserved in order to comply with any applicable law, legal process, regulation or governmental request, including to meet national security requirements

  • Does Zoho comply with the EU-US Privacy Shield or Data Protection Framework (DPF)?

    We've implemented data localization in Europe for our EU clientele's service data processing, ensuring that their service data is processed within the European boundaries, pursuant to the requirements of the new Standard Contractual Clauses and our operational efficiencies.

    To address the transfer of data between EU and other countries in some rare occasions, we have adopted the new Standard Contractual Clauses (SCC) as our transfer basis. Given the frailty and impending challenges in the recently released EU-US Data Protection framework, we would continue to depend on the SCC route for cross-border transfers.

    To know more about how we support our EEA clientele, please read this blog. Should you have any further questions or clarifications, please write to us at privacy@zohocorp.com.

  • I'm receiving promotional emails from a Zoho user. How can I opt out or delete my data? Will Zoho help with removing me from the mailing list and deleting my data?

    While Zoho acts as a service provider (Data Processor), our customers are the data controllers. Therefore, we request you to contact them directly to opt-out from the list or delete your data.

  • How do I close my Zoho account?

    Please follow the below steps to close the account.

    1. Sign in to your Zoho account.

    2. Click Settings and scroll down to Close Account.

    3. Click Close Account.

    4. Choose the reason for closing your account, then click Continue.

    Once the account is closed, the service data will be deleted in accordance with our retention policy mentioned in Part II 'Retention of information' in our Privacy Policy.

    With regards to the data that we have about you (i.e, mail conversations, CRM records, etc) will be deleted in accordance with our retention policy mentioned in Part I 'Retention of Information' in our Privacy Policy. Once we do not have any legitimate reason to hold your information in our CRM systems, we will securely delete it.

    Please note that this information will not be processed for any other purpose other than for complying with our legal obligations that require such retention.

    If you have any further queries related to account closure, please write to support@zohoaccounts.com

  • How should I notify about a privacy incident that affects my data or my organization?

    Please refer to the information provided on this page to know about reporting incidents.

For any other queries related to data privacy, please contact privacy@zohocorp.com