GDPR Compliance for Zoho Voice
What is GDPR and Why does it matters?
General Data Protection Regulation (GDPR) is a European Union law specifically designed to protect their citizens and give them more control over their personal data. Every EU resident can decide how, what, when, and where their personal data is collected, used, stored, and processed.
Even though the GDPR is a specific law to the EU region, Zoho Voice is committed in applying these data protection regulation to all its users, regardless of geographical location or customer's subscription plan. This helps Zoho Voice maintain transparency and build mutual trust.
Businesses that collect, stores, or processes personal data of EU residents like a name, email address or even phone number, businesses are legally obliged to comply with the EU's GDPR. To to avoid penalties and to build trust with your customers by being transparent about how you handle their personal data, GDPR compliance is a must. Regardless of whether you operate in the EU, any interaction you engage with EU residents in any way requires a proper GDPR compliance.
Why is it crucial to have a GDPR-compliant cloud telephony?
When interacting with your customers in cloud telephony, you may collect personal information such as name, phone numbers, and email addresses. All of these are essential for logging calls, managing conversations, and providing personalized communication experiences. With the GDPR in place, it is mandatory that the businesses protect such personal data and maintain transparent records of how it is collected, used and stored.
As a GDPR-compliant cloud telephony system, Zoho Voice ensures that:
Only necessary personal data is collected and stored lawfully, fairly, securely, and transparently.
All call logs and messaging records are managed securely, with access controls in place.
Customers can access, update, or request the deletion of their data.
All usage and access logs are maintained as required by law.
How does Zoho Voice support you?
Zoho has always respected user privacy; we have never used your data to serve ads, and never will. So you've been covered since before the advent of GDPR. That said, we've introduced a number of new checkpoints so your customers have more control over how their data gets used.
Security Certification
Zoho Voice adheres to some of the highest international standards for information security and data protection. We are certified for:
ISO 27001 – Information Security Management System (ISMS)
ISO 27017 – Cloud Service Security Controls
ISO 27018 – Protection of Personally Identifiable Information (PII) in Public Clouds
ISO 27701 – Privacy Information Management System (PIMS)
SOC 2 Type II – Trust Services Criteria: Security, Availability, and Confidentiality
ISO 9001 – Quality Management System
In addition, Zoho Voice is ENS certified (medium level) and fully GDPR-compliant, ensuring strong data privacy and protection for all users.
Learn more about the security and compliance standards Zoho Voice follows.
Data Hosting and Migration
Our secure data centers are located in the EU and US. Regardless of where your account was created, your data can be migrated to data centers in the EU upon request. To minimize the impact on your business, this process will be carried out with no anticipated downtime.
Data Encryption
Once inside Zoho Voice, sensitive data is protected from unauthorized access, disclosure, or modification. We employ encryption protocols and security methods to ensure this.
Disclosure of Data
Roles and user profiles on Zoho Voice let you define who in your organization has access to what information. This helps you to control your organization information.
Audit Logs
Audit logs capture detailed information about every action performed in your Zoho Voice account, including additions, updates, and deletions of records. These logs also track key communication data such as call logs, notes, recordings, voicemails, and messages.
Refer to the Retention Policy section for details on how long these logs are stored.
Note
The Audit log feature in Zoho Voice is currently under development and is not yet available for direct access. However, if required, audit logs can be provided to users upon request.
Retention Policy
Zoho Voice retains your account data for as long as you actively use the service. Once you terminate your Zoho Voice account, your data will be removed from the active database during the next cleanup cycle, which occurs every 90 days. Additionally, data removed from the active database will be permanently deleted from backup systems after another 90-day period.
Below is a detailed breakdown of our data retention periods:
Type of data | Active users | Inactive org | After the user |
Call logs | Available forever
| 90 days* | 90 days**
|
Call notes | Available forever
| 90 days* | 90 days**
|
Call recordings | Available forever
| 90 days* | 90 days**
|
Voicemails | Available forever
| 90 days* | 90 days**
|
Audit logs | Available forever
| Available forever | Not applicable |
Messages | Available forever
| 90 days* | 90 days**
|
* Data remains available for 90 days after an organization or account is deleted. When an organization is deleted, all associated data is also deleted but retained for 90 days. If a user is deleted, their data is anonymized and remains accessible until the organization itself is deleted.
** When a user requests a data backup, Zoho Voice provides the data as a downloadable backup file. Deleted data cannot be added back to the user's Zoho Voice account.
For example, deleted call logs cannot be added back to the Logs module in Zoho Voice. It can be given only as a downloadable backup file.
We're constantly upgrading our security measures to help you on your compliance journey. Organizations that are found to be non-compliant, or have breached the regulation, may face a fine of up to €20 million or 4% of the organization's annual turnover, whichever is higher.
Learn more about Zoho's GDPR readiness.