Zoho TeamInbox is GDPR-ready
The General Data Protection Regulation (GDPR) is a EU-wide data protection law that allows data subjects to better control their personal data. GDPR came into effect on May, 25, 2018. Zoho TeamInbox is fully committed to protecting your data. Read on to know how we help you use Zoho TeamInbox in a GDPR-compliant manner.
Zoho TeamInbox's GDPR readiness
We've set certain rules and strategy on how to process personal data. Here's how we do it.
Data security
Zoho TeamInbox has security built into every layer of the product. In particular, we have proved our commitment to data privacy and protection by meeting the industry standards for ISO 27001 and SOC 2 Type 2.
Data hosting (locality)
Zoho's servers are located in most secure data centers in the US, EU, AU, CN , SA, JP, CA and IN. The region in which we host your service data depends upon the domain on which you registered your Zoho TeamInbox.
The following table lists the Zoho domains and the respective hosting locations.
| Account Registration Domain | Hosting Region (Data Center) |
| teaminbox.zoho.com | US (United States) |
| teaminbox.zoho.eu | EU (European Union) |
| teaminbox.zoho.in | IN (India) |
| teaminbox.zoho.com.au | AU (Australia and New Zealand) |
| teaminbox.zoho.com.cn | CN (China) |
| teaminbox.zoho.sa | SA (South Africa) |
| teaminbox.zoho.jp | JP (Japan) |
| teaminbox.zohocloud.ca | CA (Canada) |
Data encryption
We use the latest and secure ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for email encryption. These are meant to ensure that your Zoho TeamInbox data is protected from unauthorized access, disclosure or modification. All data is encrypted at rest and in transit. We believe that our highly secure physical controls at data centers and transit-level encryption ensure that your data stays well-protected.
Data access
As a user, you have the right to request access to the personal data we hold about you in Zoho TeamInbox. You can contact us at any time to inquire about the categories of data collected, how it’s used, and to receive a copy of that data.
Data rectification
Users can edit all of their personal information. If needed, we can help you modify the email address linked to your Zoho TeamInbox account. Please write to us at support@zohoteaminbox.com to submit a request for an email address change.
Data deletion
We have appropriate functionalities in our interface to allow users to delete their data. You can use the Delete option to delete your own data. When an admin deletes a user, the data associated with that user will be scheduled for deletion, and will be deleted within 30 days of actual user deletion.
Data portability
We export email data from your Zoho TeamInbox account upon request. Write to us if needed, and we'll export your email data.
Data retention
The data retention period in Zoho TeamInbox is 30 days. When you delete messages, they are moved to the Trash folder, where they will remain for 30 days. The data in Trash can be restored until they’re automatically cleaned up by the system. After that, the data will be permanently deleted from our database. As an organization admin, if you choose to close your organization, all of the data, including details of teams, inboxes, channels, and messages, will be permanently deleted from our database on the 7th day of actual closure.
Data disclosure
Data disclosure is the level of access within the service, where only authorized users can access, alter, or delete service data. The organization administrator can assign permissions to users and allow or restrict data access to them.
Audit logs
Data audits play a crucial role in securing your system by tracking unexpected changes and monitoring usage trends. Zoho TeamInbox records every activity that happens within your organization, and only the organization admin has access to view these logs. We maintain and keep the audit logs as long as your organization is active. Once you close your Zoho TeamInbox organization, we'll retain the audit logs for 7 days. After this period, the data in the audit logs will be permanently deleted from our database.