At Zoho, we have always known it's important to protect the personal data of all our users. We have never used your data to serve advertisements, and we never will.

The GDPR regulation has been in effect since 25th May 2018, and we would like to reemphasize our commitment to protecting your data privacy rights.

What is GDPR?

After years of deliberation, the European Parliament has adopted a new EU data protection framework. It takes the form of the General Data Protection Regulation (GDPR). The regulation lays out principles for data controllers and data processors on how personal information is collected, processed and stored.

What is personal data?

Personal data means any information relating to an identified or identifiable natural person . This information includes your name, email address, an identification number, location data or an online identifier that can be used to identify you directly or indirectly. 

Stakeholders involved

Data Controller

The data controller, as the name implies, controls the overall purpose and means, or the ‘why’ and ‘how’ the data is to be used.

Data Processor

A data processors is a person or organization that process the data on behalf of the data controller. When you use Zoho Sprints, you allow us to process the data on your behalf. But, it is important to highlight that you still remain in full control of your data and you have the right to determine the purpose and ends to which your data is processed.

Data Subject

This refers to any person whose personal data is being collected, held or processed.

We would like you to be aware of your data subject rights and how you can exercise them.

  •  Right to Access All users can view and access their information saved on Zoho Sprints. A team owner who is the data controller of your organization, has the right to access the personal information of all the team members.
  •  Right to Rectify A team owner can correct any errors in the personal data of their team members.
  •  Right to Data Portability A team owner can create a back up of all the information for the team. A password protected link of the backup will be sent to the registered email address of the team owner.
  •  Right to Erasure A team owner can delete all the information for the team at any time.

Our GDPR-centric enhancements

We have internalized the principle of data protection by default. We collect only the data we need and store it just for the required duration.

Data Hosting 

Our secure data centers are located in the EU and US. If you sign up in, you can be certain that your data will stay within the EU. Similarly, If you sign up from, your data will stay within the US.

Data Encryption

All your personal data is protected from unauthorized access. We implement encryption at rest for all your personal data.

Data Security

We have adopted state of the art practices to safeguard your data. Zoho Corporation has earned ISO/IEC 27001:2013 certification and is also SOC 2 Type II compliant. You can read more about our security practices, policies, and infrastructure here

Please feel free to ask questions and share concerns with us at

Choose Privacy. Choose Zoho.

Learn more about Zoho's GDPR readiness.

  • bsi-assurance
  • Privacy Shield
  • TRUSTe
  • SOC

Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.