What is GDPR?

The General Data Protection Regulation (GDPR) is a new set of regulations that aims primarily to give full control over personal data to residents in the European Union. Simply put, the EU residents will now have a greater say over what, how, why, where, and when their personal data is used, processed, or disposed. While this is an EU legislation, we're committed to extending GDPR practices to our users worldwide.

Personal data processing

With two-factor authentication, role-based access and activity logs, we make sure users meet the necessary security standards. 

Business model

Writer is one product in Zoho's much larger, 45+ business and productivity application portfolio. Zoho has been a profitable, bootstrapped, privately-held company for over 20 years; we've been offering free (and ad-free) productivity apps for more than a decade. While some of our products are free, others are paid. Paid products subsidize our free apps. Free apps bring more awareness to our paid apps and brand in general. Our business model is as simple as that. There's no hidden agenda here to sell user data for ads.

To put it simply:

We don't own your data. You do.

We'll never sell your data

We don't read your notes

We'll never do advertisements

Data protection

Under Article 25 of the GDPR: "Data Protection by Design"

All your documents are securely stored within Zoho's infrastructure, with multiple data centers across the United States and Europe. For our users in the European region - data of accounts created with zoho.eu resides only in our EU data centers.

Right to rectification

Under Article 16 of the GDPR: "Right to rectification"

You can access and change your account settings anytime to update and complete your account information. Also contact us at support@zohowriter.com to access, correct, amend or delete information we have about you.

Data encryption

Under Article 32 of the GDPR: "Client-specific data is encrypted at rest"

Your data is encrypted in transit and at rest. The server always stores encryption keys and user data in an encrypted format. Writer is secured with TLS 1.2 and 256-bit AES encryption. In case of a data breach or leak, end-to-end encryption will keep you anonymous.

Right of access

Under Article 15 of GDPR: "Right of Access" 

Right of Access allows individuals to be aware of and verify the lawfulness of our data processing activities. Activity logs can be monitored when a document is shared, modified, exported or accessed.

Right to erasure

Under Article 17 of GDPR: "Users are in full control of what they upload, modify and erase from our ecosystem"

You can delete all created, uploaded, and edited data inside Writer when it's no longer relevant.  

Additional features

We've also added some additional features to help making your Writer experience even more secure:

Password protected sharing

Writer makes document sharing more secure with the inclusion of password protection in its link-sharing feature. This is especially helpful as document links shared without password protection might be easily accessible by anyone who gets hold of the link.

Password protected download 

You can allow file downloads, and keep them protected from the general public using password protection

Data security

Users and administrators are allowed to decide who can access the content, and for how long. 

Access can be revoked any time—even after the documents are shared. Access to personal data is provided based on user roles.  

You can also set an expiry date to documents shared via a link, which will make them inaccessible after the expiry date.

Writer's mobile and desktop Apps will not leave behind any “orphaned files” after uninstalling them.

All files created by the mobile and desktop & Apps, and documents downloaded for offline editing will be removed on uninstall as well.


Learn more about Zoho's GDPR readiness.


Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.