Zoho TeamInbox is GDPR ready

The General Data Protection Regulation ("GDPR") is a EU-wide data protection law which allows data subjects to better control their personal data. GDPR came into effect on the 25th of May, 2018. Zoho TeamInbox is fully committed to protecting your data. Read on to know what we do to help you use Zoho TeamInbox in a GDPR compliant manner.

Zoho TeamInbox's GDPR Readiness

We've set certain rules and strategy on how to process personal data. Here's how we do it.

Data Security

Zoho TeamInbox has security built into every layer of the product. In particular, we have proved our commitment to data privacy and protection by meeting the industry standards for ISO 27001, and SOC 2 Type 2.

Data Hosting (Locality)

Zoho's servers are located in most secure data centers in the US, EU, AU, CN and IN. The region in which we host your service data depends upon the domain on which you registered your Zoho TeamInbox.

The following table lists the Zoho domains and the respective hosting locations.

Account Registration DomainHosting Region (Data Center)
teaminbox.zoho.comUS (United States)
teaminbox.zoho.euEU (European Union)
teaminbox.zoho.inIN (India)
teaminbox.zoho.com.auAU (Australia and New Zealand)
teaminbox.zoho.com.cnCN (China)

Data Encryption

We use the latest and secure ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for email encryption. These are meant to ensure that your Zoho TeamInbox data is protected from unauthorized access, disclosure or modification. All data is encrypted at rest and in transit. We believe our highly secure physical controls at data centers and transit level encryption ensures that your data stays well protected.

Data Access

Users have access only to the inboxes they are members of. The inbox memberships can be controlled and modified by the inbox or team admin. In addition to this, users will have access to messages and email drafts that are shared with them.

Data Rectification

Users can edit all of their personal information except the registered email address. However, we could assist you in replacing the email address associated with your Zoho TeamInbox account. You can write to us to request a replacement.

Data Deletion

We have appropriate functionalities in our interface to allow users to delete their data. Use the Delete option to delete your data. When you delete a user, the data associated with the user will be scheduled for deletion, and will be deleted within 30 days of actual user deletion.

Data Portability

We export data from your Zoho TeamInbox account upon request. Write to us if needed and we'll export your data for you.

Data Retention

The data retention period in Zoho TeamInbox is 30 days. When you delete messages they are moved to Trash, where they stay for 30 days. The data in Trash can be restored, until they are automatically cleaned up by the system. After that the messages will be permanently deleted from our database.

Data Disclosure

Data Disclosure is the level of access within the service, where only authorized users can access, alter or delete service data. The organization administrator can assign permissions to users and thereby can allow or restrict data access to them.

Audit logs

Data audits help you secure your system and monitor for unexpected changes or usage trends. Zoho TeamInbox records every activity that happens in your organization and the org admin will have access to these logs. We can export the audit log for you in CSV format upon request.

Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.