GDPR or no GDPR, your data privacy, security, and trust in us have always been at the forefront of our development. So, when this law rolled out, we embraced it with open arms and immediately committed to compliance.

What is GDPR?

GDPR stands for General Data Protection Regulation, an EU ruling intended to provide residents with control over who uses their data, when, and how. Organizations can no longer use consumer data without consent or proper lawful basis. GDPR applies to all companies that collect, store, or process data related to any EU resident.

Why you can rely on us

  • Top-notch security

    First things first—Zoho Corporation has earned ISO/IEC 27001:2013 certification and is also SOC 2 Type II compliant. Our data centers are hosted in some of the most secure facilities available today. If you sign up from zoho.eu, we make sure that your data resides in the EU, too. Visit our security page for more information.

  • Personal data remains personal

    We make sure that your personal data, as well as all attached documents, chat conversations, and webhook URLs that reside in our servers, are encrypted and allowed very limited access. You also have the option to choose if your custom fields are to be encrypted.

Our GDPR-centric enhancements

We've made a bunch of changes to the way Zoho Projects handles and processes data, to ensure the additional level of security that GDPR encourages. Here's how your rights are preserved.

  •  

    Data source tracking

    Every time Projects collects your data, the source information is maintained. You will have full access to those details if and when you need them.

  •  

    Your right to know and decide

    To best serve you with a personalized experience, and to communicate with you about our services, we use your contact information only with due consent from you or with legitimate reason. At any point, you can choose to opt out of such communication and we'll respect that decision.

  •  

    Right to be forgotten

    If you decide to discontinue using our services, you can close your account and exercise your right to leave without a trace. If you choose to cancel, we'll have a three-month window to erase all your data, during which you will not be able to retrieve or recover them.

  •  

    Right to restrict processing

    When you temporarily find no need for an account or user to exist in your portal, you can choose to deactivate them. The user's data will no longer be processed, until you specify otherwise.

  •  

    Right to port data

    The audit logs of all activities are maintained within the project. You can export your data and download the information in a readable format, at any time, through password-protected files. The download links in the Export mails will expire after a period of 15 days.

  •  

    Limits imposed on external access

    We do not allow access to any external tracking tools within Projects. You exercise the right to enable or disable integrations, and every time you enable them, information like who did so and when are recorded. You also have the option to allow or deny access via API to specific users. Every activity is duly logged.

Other questions you might have

1. Will Zoho, or anyone from Zoho, have access to the tasks and statuses of a project created in Zoho Projects?  

  • No, we do not read your data. Only a restricted number of employees have access to our servers with your consent in order to resolve issues when you report them. These access rights are reviewed periodically.

2. Do you have access to the documents in my project?

  • Documents stored within a project cannot be accessed by anyone from Zoho. Imported files will be deleted upon successful import. If the process fails, the file will be retained for a period of 7 days only.

3. Are my files encrypted in your server? 

  • Yes, the files are encrypted. (Encryption at Rest)

Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.