Is Zoho Sprints GDPR compliant?

 

Yes, we are! We have developed the product with high-end data security and we are reviewing them periodically to meet the GDPR requirements. Zoho Sprints follows the general GDPR guidelines that are mentioned in our Zoho's GDPR page:  https://www.zoho.com/gdpr.html

 

How secure is your data?

 

We preserve your data and keep it safe and secure round the clock. Listed below are some of the reasons why Zoho Sprints is GDPR compliant. 

Your personal details are encrypted! Usually termed as PII (Personally Identifiable information), details like your mobile number, email address, attachments and authorization parameters will be encrypted and handled by us. We ask for your contact number only when you create your team for the first time. The field is optional and you can choose to skip it if you want to. We assure to use your contact number strictly for our sales and support purposes only.  Click here to know more about how data encryption is done at Zoho Sprints.

 

Without your consent, we will not collect any data from the third party tools. We will encrypt and save the tokens generated from the third party tools for the integrations. Your credentials and other details are not saved to our database for any particular reason. 

You can take a backup of your data in Zoho Sprints. We will send the download link that's password protected to your registered email address for you to download the backup. The backup cannot be restored again in Zoho Sprints.

If you wish to delete your Zoho Sprints account, we will double-check from our end to ensure it is only you who would like to get the account deleted and not someone else. In this process, we will send a secret key to your registered email address that you have to copy and paste to delete your account. 

Your import and export details are secured! While importing and exporting the data, you can be sure about the data protection. The imported file will be encrypted and stored in our database for a period of seven days. Once you export the data, we will send an email to your registered email address where you will find the link to download your exported file. You can download the file from your email within a period of 15 days. You cannot download the exported file after the retention period ends. 

When a new user is added, an invitation will be sent to their email address. Further communication will happen from our end only when they confirm their sign-up with Zoho Sprints. Until then, we will not try to contact the user in any form.

Access Control

We support a couple of privacy settings that the team owners can take full control of.  We have the option of roles and profiles. Using this, the admin can set access and restrictions for profiles and assign them to users. They can also define each user's role within the team. An admin can choose to mask the display of their users' email addresses in the team. By doing so, the team members will not have access to each others' email addresses. The admin is empowered to enable or disable the API access to their team members. 

Your data is safe and secure! We maintain proper audit logs for the source of data within the project. If you happen to miss any data in your portal, you can retrieve them back from the logs. 

We have dedicated data centres in the CN, EU, AU,IN, JP and US regions. The users in these regions can sign up for Zoho Sprints hosted in the CN, EU, AU,IN, JP and US regions ( .com.cn or .eu or .com.au, .in, .jp or .com domains). They can store their data in the data centres of these regions. But, they cannot migrate the data between these centres. Cross-region access is not possible because users can only access the domains specific to their regions.