Zia Privacy Principles

Zia Privacy Principles

Zia is a built-in AI that brings intelligent capabilities to Zoho WorkDrive.
Zoho’s approach to AI is grounded in a security-first, privacy-first philosophy, because we believe the value of AI should never come at the expense of trust. These principles reflect that commitment and apply to all Zia features within WorkDrive.
 

Customer Control and Enablement

Zia is opt-in. No AI processing is applied to content unless explicitly enabled by an Organization or Team administrator through the Admin Console. Administrators retain full control and can enable or disable Zia features at any time.
 

AI Models and Provider Options

By default, Zia uses Zoho’s in-house LLM, built on open-source models and hosted within Zoho’s infrastructure, ensuring that data processing remains within Zoho-controlled environments.

Administrators may optionally configure a third-party provider (such as OpenAI) using a Bring Your Own Key (BYOK) setup. All supported third-party providers are vetted by Zoho for privacy, security, and compliance before being made available.
 

Data Usage and Model Training  

Zoho does not use customer data to train or improve its AI models. This includes files, documents, prompts, and outputs processed through Zia. Zoho does not sell customer data or use it for advertising.

For third-party providers enabled via BYOK, data handling and training practices are governed by the provider’s terms. Organizations are responsible for reviewing and accepting those terms before enabling such integrations.
 

Data Security  

All data processed through Zia is protected by the same security standards as Zoho WorkDrive:
  • 256-bit AES encryption at rest
  • Perfect Forward Secrecy in transit
  • GDPR- and HIPAA-aligned practices across data centers
  • Data Loss Prevention (DLP) controls to classify and restrict sensitive content
For complete technical details, please refer to the Zoho's Trust Center.
 

Permission-Aware Access  

Zia operates within existing access controls and sharing permissions. It only processes and surfaces content that a user is authorized to access.

AI does not expand user permissions. A Team's or user's data will never be inadvertently surfaced to users of another Team or user through an AI query. This prevents cross-team or cross-organization data exposure.
 

Transparency of AI Output  

Users are always informed when Zia generates, summarizes, or processes content. There are no silent AI actions.
Where applicable, Zia provides source references alongside responses, allowing users to verify outputs against underlying documents.
 
For assistance, please contact WorkDrive support:
  • EU region: support@eu.zohoworkdrive.com
  • All other regions: support@zohoworkdrive.com