Data privacy and security are the core elements that every business should guarantee its customers with. Keeping this in mind, the European Union's General Data Protection Regulation (GDPR) came into discussion. It enforces all the businesses across the globe that work with the European citizens' personal data in any form should obligate to GDPR mandates. This is effective since May 25, 2018.
Is Zoho Sprints GDPR compliant?
Yes, we are! We have developed the product with high-end data security and we are reviewing them periodically to meet the GDPR requirements. Zoho Sprints follows the general GDPR guidelines that are mentioned in our Zoho's GDPR page: https://www.zoho.com/gdpr.html
How secure is your data?
We preserve your data and keep it safe and secure round the clock. Listed below are some of the reasons why Zoho Sprints is GDPR compliant.
Your personal details are encrypted! Usually termed as PII (Personally Identifiable information), details like your mobile number, email address, attachments and authorization parameters will be encrypted and handled by us. We ask for your contact number only when you create your team for the first time. The field is optional and you can choose to skip it if you want to. We assure to use your contact number strictly for our sales and support purposes only.
We consider your email address, contact number, attachments, and third-party authorization parameters as Personally Identifiable Information. We do not consider your item name, description, sprint name, etc. as PIIs.
You can also encrypt data from the users in your team and mark them as PII while adding custom fields. Click here to learn more about them.
Your consent is our priority
Without your consent, we will not collect any data from the third party tools. We will encrypt and save the tokens generated from the third party tools for the integrations. Your credentials and other details are not saved to our database for any particular reason.
You can take a backup of your data in Zoho Sprints. We will send the download link that's password protected to your registered email address for you to download the backup. The backup cannot be restored again in Zoho Sprints.
This link will be active for 15 days only. If you miss to download the file during this period, you will have to reschedule the backup again.
If you wish to delete your Zoho Sprints account, we will double-check from our end to ensure it is only you who would like to get the account deleted and not someone else. In this process, we will send a secret key to your registered email address that you have to copy and paste to delete your account.
Your data will be stored in our database for a period of 60 days. You can make use of this time to retrieve any data of yours if you wish to.
In Zoho Sprints, you will have a retention period once you sign up or delete your account.
Your import and export details are secured! While importing and exporting the data, you can be sure about the data protection. The imported file will be encrypted and stored in our database for a period of seven days. Once you export the data, we will send an email to your registered email address where you will find the link to download your exported file. You can download the file from your email within a period of 15 days. You cannot download the exported file after the retention period ends.
Double Opt-In Mechanism
When a new user is added, an invitation will be sent to their email address. Further communication will happen from our end only when they confirm their sign-up with Zoho Sprints. Until then, we will not try to contact the user in any form.
We support a couple of privacy settings that the team owners can take full control of. We have the option of roles and profiles. Using this, the admin can set access and restrictions for profiles and assign them to users. They can also define each user's role within the team. An admin can choose to mask the display of their users' email addresses in the team. By doing so, the team members will not have access to each others' email addresses. The admin is empowered to enable or disable the API access to their team members.
Your data is safe and secure! We maintain proper audit logs for the source of data within the project. If you happen to miss any data in your portal, you can retrieve them back from the logs.
We have dedicated data centres in the CN, EU, AU,IN DC and US. The users in these regions can sign up for Zoho Sprints hosted in the CN, EU, AU,IN DC and US regions ( .com.cn or .eu or .com domains ). They can store their data in the data centres of these regions. But, they cannot migrate the data between these centres. Cross-region access is not possible because users can only access the domains specific to their regions.