Part I – Information Zoho collects and controls

We only collect the information that we actually need. Some of that is information that you
actively give us when you sign up for an account, register for an event, ask for customer support,
or buy something from us. We store your name and contact information, but we don't store credit
card numbers (except with your permission and in one of our secured payment gateways).

When you visit one of our websites or use our software, we automatically log some basic
information like how you got to the site, where you navigated within it, and what features and
settings you use. We use this information to improve our websites and services and to drive new
product development.

Sometimes we receive information indirectly. If you ask about our products through one of our
referral programs or reselling partners, or sign in to one of our products through an
authentication service provider like LinkedIn or Google, they'll pass on your contact information
to us. We'll use that information to complete the request that you made. If you engage with our
brand on social media (for instance, liking, commenting, retweeting, mentioning, or following
us), we'll have access to your interactions and profile information. We'll still have that
information even if you later remove it from the social media site.

What we do with your information

We use your information to provide the services you've requested, create and maintain your
accounts, and keep an eye out for unauthorized activity on your accounts. We also use it to
communicate with you about the products you're currently using, your customer support
requests, new products you may like, chances for you to give us feedback, and policy updates.
We analyze the information we collect to understand user needs and to improve our websites and
services.

We're required to have a legal basis for collecting and processing your information. In most
cases, we either have your consent or need the information to provide the service you've
requested from us. When that's not the case, we must demonstrate that we have another legal
basis, such as our legitimate business interests.

You can decline certain kinds of information use either by not providing the information in the
first place or by opting out later. You can also disable cookies to prevent your browser from
giving us information, but if you do so, certain website features may not work properly. We
completely disable third-party cookies from all Zoho websites and products.

We limit access to your personal information to our employees and contractors who have a
legitimate need to use it. If we share your information with other parties (like developers, service
providers, domain registrars, and reselling partners), they must have appropriate security
measures and a valid reason for using your information, typically to serve you.
The European Economic Area (EEA) provides certain rights to data subjects (including access,
rectification, erasure, restriction of processing, data portability, and the right to object and to
complain). Zoho undertakes to provide you the same rights no matter where you choose to live.

We keep your personal information for as long as it is required for the purposes stated in this
Privacy Policy. When we no longer have a legitimate need to process your information, we will
delete, anonymize, or isolate your information, whichever is appropriate.

Part II – Information that Zoho processes on your behalf

If you handle other people's data using Zoho apps, such as information about your customers or
employees, you are entrusting that data to us for processing. If you use a Zoho mobile app and
give the app access to your contacts and photo library, you are entrusting data to us. The data you
entrust to us for processing is called service data.

You own your service data. We protect it, limit access to it, and only process it according to your
instructions. You may access it, share it through third-party integrations, and request that we
export or delete it.

We hold the data in your account as long as you choose to use Zoho Services. After you
terminate your account, your data will be automatically deleted from our active database within 6
months and from our backups within 3 months after that.
If you are in the European Economic Area and you believe that someone has entrusted your
information to us for processing (for instance, your employer or a company whose services you
use), you can request certain actions from us regarding your data. To exercise those data rights,
please contact the person or company that entrusted the data to us and we will work with them on
your request.

Part III – General

There are some limitations to the privacy we can promise you. We will disclose personal
information if it's necessary to comply with a legal obligation, prevent fraud, enforce an
agreement, or protect our users' safety. We do not currently honor Do Not Track signals from
internet browsers; when a universal standard for processing them emerges, we will follow it.

Third-party websites and social media widgets have their own separate privacy policies. Always
check the relevant privacy policy before sharing personal information with third parties.

You can always contact us to: ask questions about our privacy practices, request a
GDPR-compliant Data Processing Addendum, alert us if you believe we have collected personal
data from a minor, or ask to have your personal information removed from our blogs or forums.
You can also check our Security Policy and Privacy Policy
We will contact you to let you know if we make any major changes to our privacy policy, or in
the highly unlikely event that we ever decide to sell our business.

Part II – Information that Zoho processes on your behalf

Information entrusted to Zoho and purpose

Information provided in connection with services : You may entrust information that you or
your organization (“you”) control, to Zoho in connection with use of our services or for
requesting technical support for our products. This includes information regarding your
customers and your employees (if you are a controller) or data that you hold and use on behalf of
another person for a specific purpose, such as a customer to whom you provide services (if you
are a processor). The data may either be stored on our servers when you use our services, or
transferred or shared to us as part of a request for technical support or other services.

Information from mobile devices : When you elect to allow it, some of our mobile applications
have access to the camera, call history, contact information, photo library, and other information
stored on your mobile device. Our applications require such access to provide their services.
Similarly, when you elect to provide access, location-based information is also collected for
purposes including, but not limited to, locating nearby contacts or setting location-based
reminders. This information will be exclusively shared with our mapping providers and will be
used only for mapping user locations. You may disable the mobile applications' access to this
information at any time by editing the settings on your mobile device. The data stored on your
mobile device and their location information to which the mobile applications have access will
be used in the context of the mobile application, and transferred to and associated with your
account in the corresponding services (in which case the data will be stored on our servers) or
products (in which case the data will remain with you unless you share it with us).

(All the information entrusted to Zoho is collectively termed “service data”)

Ownership and control of your service data

We recognize that you own your service data. We provide you complete control of your service
data by providing you the ability to (i) access your service data, (ii) share your service data
through supported third-party integrations, and (iii) request export or deletion of your service
data.

How we use service data

We process your service data when you provide us instructions through the various modules of
our services. For example, when you generate an invoice, information such as the name and
address of your customer will be used to generate the invoice; and when you use our campaign
management service for email marketing, the email addresses of the persons on your mailing list
will be used for sending the emails.

Push notifications

If you have enabled notification on our desktop and mobile applications, we will push
notifications through a push notification provider such as Apple Push Notification Service,
Google Cloud Messaging or Windows Push Notification Services. You can manage your push
notification preferences or deactivate these notifications by turning off notifications in the
application or device settings.

Who we share service data with

Zoho group and third party sub-processors : In order to provide services and technical support
for our products, the contracting entity within the Zoho group engages other group entities and
third parties .

Employees and independent contractors : We may provide access to your service data to our
employees and individuals who are independent contractors of the Zoho group entities involved
in providing the services (collectively our “employees”) so that they can (i) identify, analyze and
resolve errors, (ii) manually verify emails reported as spam to improve spam detection, or (iii)
manually verify scanned images that you submit to us to verify the accuracy of optical character
recognition. We ensure that access by our employees to your service data is restricted to specific
individuals, and is logged and audited. Our employees will also have access to data that you
knowingly share with us for technical support or to import data into our products or services. We
communicate our privacy and security guidelines to our employees and strictly enforce privacy
safeguards within the Zoho group.

Collaborators and other users : Some of our products or services allow you to collaborate with
other users or third parties. Initiating collaboration may enable other collaborators to view some
or all of your profile information. For example, when you edit a document that you have shared
with other persons for collaboration, your name and profile picture will be displayed next to your
edits to allow your collaborators to know that you made those edits.
Third-party integrations you have enabled : Most of our products and services support
integrations with third-party products and services. If you choose to enable any third-party
integrations, you may be allowing the third party to access your service information and personal
information about you. We encourage you to review the privacy practices of the third-party
services and products before you enable integrations with them.

Other cases : Other scenarios in which we may share information that are common to
information covered under Parts I and II are described in Part III.

Retention of information

We hold the data in your account as long as you choose to use Zoho Services. Once you
terminate your Zoho user account, your data will eventually get deleted from the active database
during the next clean-up that occurs once in 6 months. The data deleted from the active database
will be deleted from backups after 3 months.

Data subject requests

If you are from the European Economic Area and you believe that we store, use or process your
information on behalf of one of our customers, please contact the customer if you would like to
access, rectify, erase, restrict or object to processing, or export your personal data. We will
extend our support to our customer in responding to your request within a reasonable timeframe.

Part III – General

Children’s personal information

Our products and services are not directed to individuals under 16. Zoho does not knowingly
collect personal information from children who are under 16 years of age. If we become aware
that a child under 16 has provided us with personal information, we will take steps to delete such
information. If you believe that a child under 16 years has provided personal information to us,
please write to [email protected] with the details, and we will take the necessary steps to
delete the information we hold about that child.

How secure is your information

At Zoho, we take data security very seriously. That's why we have gotten certified for industry
standards such as ISO 27001:2013 and SOC 2 Type II. We have taken steps to implement
appropriate administrative, technical & physical safeguards to prevent unauthorized access, use,
modification, disclosure or destruction of the information you entrust to us. If you have any
concerns regarding the security of your data, we encourage you to check our Security Policy or
write to us at [email protected] with any questions.

Data Protection Officer

We have appointed a Data Protection Officer to oversee our management of your personal
information in accordance with this Privacy Policy. If you have any questions or concerns about
our privacy practices with respect to your personal information, you can reach out to our Data
Protection Officer by sending an email to [email protected] or by writing to: Data Protection
Officer, Zoho Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands.

Locations and international transfers

We share your personal information and service data within the Zoho Group. By accessing or
using our products and services or otherwise providing personal information or service data to
us, you consent to the processing, transfer, and storage of your personal information or Service
Data within the United States of America, the European Economic Area (EEA) and other
countries where Zoho operates. Such transfer is subject to a group company agreement that is
based on EU Commission’s Model Contractual Clauses.

Data processing addendum

To enable you to be compliant with the data protection obligations under the General Data
Protection Regulation, we are prepared to sign a Data Processing Addendum (DPA) that is based
on Standard Contractual Clauses. You can request a DPA from Zoho by completing this form .
Once we get your request, we'll forward the DPA to you for your signature.

Do Not Track (DNT) requests

Some internet browsers have enabled 'Do Not Track' (DNT) features, which send out a signal
(called the DNT signal) to the websites that you visit indicating that you don't wish to be tracked.
Currently, there is no standard that governs what websites can or should do when they receive
these signals. For now, we do not take action in response to these signals.

External links on our websites

Some pages of our websites may contain links to websites that are not linked to this Privacy
Policy. If you submit your personal information to any of these third-party sites, your personal
information is governed by their privacy policies. As a safety measure, we recommend that you
not share any personal information with these third parties unless you've checked their privacy
policies and assured yourself of their privacy practices.

Blogs and forums

We offer publicly accessible blogs and forums on our websites. Please be aware that any
information you provide on these blogs and forums may be used to contact you with unsolicited
messages. We urge you to be cautious in disclosing personal information in our blogs and
forums. Zoho is not responsible for the personal information you elect to disclose publicly. Your
posts and certain profile information may remain even after you terminate your account with
Zoho. To request the removal of your information from our blogs and forums, you can contact us
at [email protected]

Social media widgets

Our websites include social media widgets such as Facebook "like" buttons and Twitter "tweet"
buttons that let you share articles and other information. These widgets may collect information
such as your IP address and the pages you navigate in the website, and may set a cookie to
enable the widgets to function properly. Your interactions with these widgets are governed by the
privacy policies of the companies providing them.
Disclosures in compliance with legal obligations

We may be required by law to preserve or disclose your personal information and service data to
comply with any applicable law, regulation, legal process or governmental request, including to
meet national security requirements.

Enforcement of our rights

We may disclose personal information and service data to a third party if we believe that such
disclosure is necessary for preventing fraud, investigating any suspected illegal activity,
enforcing our agreements or policies, or protecting the safety of our users.

Business Transfers
We do not intend to sell our business. However, in the unlikely event that we sell our business or
get acquired or merged, we will ensure that the acquiring entity is legally bound to honor our
commitments to you. We will notify you via email or through a prominent notice on our website
of any change in ownership or in the uses of your personal information and service data. We will
also notify you about any choices you may have regarding your personal information and service
data.

Compliance with this Privacy Policy

We make every effort, including periodic reviews, to ensure that personal information you
provide is used in conformity with this Privacy Policy. If you have any concerns about our
adherence to this Privacy Policy or the manner in which your personal information is used,
kindly write to us [email protected] We'll contact you, and if required, coordinate with the
appropriate regulatory authorities to effectively address your concerns.
Notification of changes

We may modify the Privacy Policy at any time, upon notifying you through a service
announcement or by sending an email to your primary email address. If we make significant
changes to the Privacy Policy that affect your rights, you will be provided with at least 30 days'
advance notice of the changes by email to your primary email address. If you think that the
updated Privacy Policy affects your rights with respect to your use of our products or services,
you may terminate your use by sending us an email within 30 days. Your continued use after the
effective date of changes to the Privacy Policy will be deemed to be your agreement to the
modified Privacy Policy. You will not receive email notification of minor changes to the Privacy
Policy. If you are concerned about how your personal information is used, you should check
back at https://www.zoho.com/privacy.html periodically.
ZOHO COOKIE POLICY

What is a cookie?

A cookie is a small text file that is stored on your computer or other internet connected device in
order to identify your browser, provide analytics, and remember information about you such as
your language preference or login information. They're completely safe and can't be used to run
programs or deliver viruses to your device.You can learn more about cookies by clicking here
(external link).

What type of cookies does Zoho use?

Cookies can either be session cookies or persistent cookies. A session cookie expires
automatically when you close your browser. A persistent cookie will remain until it expires or
you delete your cookies. Expiration dates are set in the cookies themselves; some may expire
after a few minutes while others may expire after multiple years. Cookies placed by the website
you’re visiting are called “first party cookies".

Below is a detailed list of the cookies we use on our website. Our website is scanned with our
cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in
the following categories:

Strictly NecessaryFunctional/PreferenceAnalytics

Strictly Necessary cookies are necessary for our website to function and cannot be switched off
in our systems. They are essential in order to enable you to navigate around the website and use
 its features. If you remove or disable these cookies, we cannot guarantee that you will be able to
use our websites.

Cookie Name Purpose Validity

Alphanumeric cookies of length 10 Load balancing and session stickiness Session

characters(eg: 467aef24c7)
csr* / *csr* / *csr, zmpncc, zfccn Website security Session

dcl_pfx_lcnt Navigation through cross-domains Session

JSESSIONID HTTP session token identifier Session

stk, rtk Login, Signup - Success & failure analysis Session

_imtrem Manage the 'Remember me' option Session

_z_identity Manage the user's login session Session

IAMTFA* Two Factor Authentication validation Session

_zsudc Manage custom domain login sessions Session

zidp Maintain OpenID sign in options Session

zoho_fbuid Maintain Facebook login option Session

GAUTH_TICKET Provide the authentication token in mobile Session
apps for mobile sign in ability

tfa_ac Two Factor Authentication management Session

clientauthtoken Support sign in for client portal Session

_iamadt, _iambdt Manage logged in user session 1 month

zip Store IP locale country value for proper 1 day
website operations

AKA_A2 Performance optimisation in loading of 1 hour

pages

dcl_bd Stores the base domain of the current Session

dc(data center) for proper cross data center
domain navigation

is_pfx Stores the current web URL domain prefix Session

information
IAMTFATICKET_<zuid> Stores the trusted browser session, when 180day(s)
"Trust this Browser" option is enabled
during TFA verification by the user.

How you can manage cookies?

Most browsers allow you to control cookies through their 'settings' preferences. However, if you
limit the ability of websites to set cookies, you may worsen your overall user experience, since it
will no longer be personalized to you. It may also stop you from saving customized settings like
login information. Browser manufacturers provide help pages relating to cookie management in
their products. Please see below for more information.

Browser manufacturers provide help pages relating to cookie management in their products.
Please see below for more information.

● Google Chrome
● Internet Explorer
● Mozilla Firefox
● Safari (Desktop)
● Safari (Mobile)
● Android Browser
● Opera
● Opera Mobile
Disclaimer

We may update this Cookie Statement from time to time in order to reflect, for example, changes
to the cookies we use or for other operational, legal or regulatory reasons. Please therefore
re-visit this Cookie Statement regularly to stay informed about our use of cookies and related
technologies. For more information relating to cookies, you may contact
[email protected].