Zoho Data Centres: Locations, Data Residency & Compliance Guide
Zoho One Understanding where your business data is stored is no longer optional — it is a compliance imperative. Whether you are subject to Europe’s GDPR, India’s DPDP Act, or the UAE’s cybersecurity regulations, your Zoho datacentre choice determines where your data physically resides, which laws govern it, and how your API integrations are configured.
Here is everything you need to know about Zoho’s global datacentre infrastructure and how to choose the right region for your business.
Overview: Zoho’s Approach to Data Residency
Zoho operates a network of datacentres across multiple continents, giving organisations control over where their data physically resides. Unlike many SaaS providers that funnel all customer data through a single region, Zoho allows you to select your datacentre at the time of account creation — and your data stays in that region throughout its lifecycle.
This approach reflects Zoho’s commitment to privacy and data sovereignty. As a privately held company with no third-party investors, Zoho has consistently prioritised data protection over ad-driven monetisation. Their datacentre strategy is a direct extension of this philosophy.
The key principle: your data never leaves your chosen region. Backups, disaster recovery, and data processing all happen within the same regional infrastructure.
Zoho Datacentre Locations
As of 2026, Zoho operates datacentres in 9 regions with primary and secondary facilities for redundancy.
| Region | Primary Location | Secondary Location | Domain | Key Regulation |
|---|---|---|---|---|
| United States | Quincy, WA | Dallas, TX | zoho.com | CCPA, HIPAA |
| European Union | Amsterdam, Netherlands | Dublin, Ireland | zoho.eu | GDPR |
| India | Mumbai | Chennai | zoho.in | DPDP Act 2023 |
| Australia | Sydney | Melbourne | zoho.com.au | Privacy Act 1988 |
| Japan | Tokyo | Osaka | zoho.jp | APPI |
| Canada | Toronto | Montreal | zohocloud.ca | PIPEDA |
| China | Shanghai | Beijing | zoho.com.cn | PIPL, CSL |
| Saudi Arabia | Riyadh | Jeddah | zohocloud.sa | PDPL |
| UAE | Dubai | Abu Dhabi | Contact Zoho | UAE Cybersecurity |
United States (US)
Zoho’s original and largest datacentre region. Serves customers across the Americas. The US DC hosts the largest share of Zoho’s global customer base and is typically the first region to receive new feature rollouts and beta programmes.
European Union (EU)
Located in the Netherlands with secondary infrastructure in Ireland, serving EU customers with full GDPR-compliant data handling. This DC is the correct choice for any organisation that processes personal data of EU residents, regardless of where the organisation itself is headquartered.
India (IN)
Primary facility in Mumbai, secondary in Chennai. Serves the Indian subcontinent. Aligned with India’s DPDP Act 2023 requirements. Indian businesses processing personal data of Indian citizens should default to this DC to simplify compliance — particularly once the government publishes its restricted data transfer categories.
Australia (AU)
Sydney and Melbourne facilities serving Australia and New Zealand. Compliant with the Australian Privacy Act 1988. The correct choice for organisations subject to Australian Privacy Principles (APPs).
Japan (JP)
Tokyo and Osaka facilities serving the Japanese market with data residency aligned to APPI (Act on the Protection of Personal Information) requirements.
Canada (CA)
Toronto and Montreal facilities serving Canadian organisations requiring data to remain within Canadian borders under PIPEDA (Personal Information Protection and Electronic Documents Act).
China (CN)
Shanghai and Beijing facilities operated to meet China’s strict data localisation laws under the Personal Information Protection Law (PIPL) and Cybersecurity Law (CSL).
Saudi Arabia (SA)
Riyadh and Jeddah facilities addressing Middle Eastern data sovereignty requirements under Saudi Arabia’s Personal Data Protection Law (PDPL).
UAE (Launched January 2026)
Zoho’s newest DC region, launched on 13 January 2026. Primary facility in Dubai, secondary in Abu Dhabi. This represents a significant AED 100 million investment by Zoho in the Middle Eastern market.
The UAE DCs have received the CSP Security Standard Certificate from the Dubai Electronic Security Center (DESC), enabling Zoho to serve UAE government and semi-government entities. The facilities also hold ISO 27001, ISO 22301, ISO 27017, and CSA STAR Level 2 certifications.
Over 100 Zoho and ManageEngine solutions are hosted in the UAE DCs, including Zoho CRM, Zoho Books, Zoho One, Zoho Creator, and the full ManageEngine suite.
Note on domain: As of March 2026, Zoho has not yet published a UAE-specific domain extension (like .ae). Contact Zoho sales for the current signup process for UAE-hosted accounts.
Why Data Residency Matters
Choosing the right datacentre is not just a technical decision — it is a legal and strategic one.
Regulatory compliance. Laws like the EU’s GDPR, India’s DPDP Act, Australia’s Privacy Act, and the UAE’s cybersecurity framework impose strict rules on where personal data can be stored and processed. Selecting the correct DC ensures your organisation stays compliant without needing complex cross-border data transfer agreements.
Data sovereignty. Many governments require or incentivise keeping citizen data within national borders. Zoho’s regional DCs make this achievable without sacrificing the benefits of a cloud-first SaaS platform.
Performance. Data stored closer to your users means lower latency. An Australian company using the AU datacentre will see noticeably faster load times than one routed through the US. For applications like Zoho CRM where sales teams interact with the system hundreds of times daily, this latency difference compounds.
Risk management. Understanding your data’s physical location is essential for risk assessments, audit trails, and incident response planning. When a breach occurs, knowing exactly which jurisdiction’s notification laws apply — and having a 72-hour compliance window — depends on knowing where your data sits.
This is especially relevant for businesses managing sensitive financial records. If you use Zoho Books for fixed asset tracking, your asset registers, depreciation schedules, and audit trails are all subject to the data residency rules of your chosen DC. Similarly, project-based businesses monitoring profitability through Zoho Books need to ensure their financial and timesheet data stays within the correct jurisdiction.
India’s DPDP Act and Zoho Data Residency
India’s Digital Personal Data Protection Act, 2023 (DPDP Act) is the country’s first comprehensive data privacy law. The DPDP Rules were notified in November 2025, with full substantive obligations taking effect on 13 May 2027.
Does the DPDP Act Require Data Localisation?
No — not as a blanket mandate. The DPDP Act uses a “blacklist” approach under Section 16: personal data may be transferred to any country except those specifically restricted by the Central Government via notification. As of March 2026, the restricted-country list has not been published.
However, the Act does allow the government to designate specific categories of personal data that must remain stored in India. This targeted localisation is expected to apply to sensitive sectors — healthcare, financial services, and government data.
For Indian businesses, the practical advice is: choose the India DC (zoho.in) as the default. Even though the DPDP Act does not currently mandate localisation, storing data in India eliminates cross-border transfer complexity entirely and future-proofs your setup against potential restrictions.
Key DPDP Act Obligations for Zoho Users
| Obligation | What It Means for You |
|---|---|
| Consent management | Explicit, purpose-specific consent required for processing personal data. Zoho CRM and Zoho Forms support consent tracking. |
| Security safeguards | Encryption, access controls, continuous monitoring. Zoho’s infrastructure includes these by default. |
| Breach notification | Notify affected users and the Data Protection Board within 72 hours of a breach. |
| Data Processing Agreement | Enterprise customers should request a DPA from Zoho (email: [email protected] mentioning your DC). |
| Right to erasure | Data principals can request deletion. Zoho supports data export and deletion workflows. |
| Children’s data | Verifiable parental consent required for processing data of individuals under 18. |
Penalties Under the DPDP Act
| Violation | Maximum Penalty |
|---|---|
| Failure to implement security safeguards | INR 250 crore (~USD 28 million) |
| Breach notification failure | INR 200 crore (~USD 22 million) |
| Children’s data violations | INR 200 crore (~USD 22 million) |
Zoho’s DPDP Compliance Status
Zoho has published a comprehensive GDPR compliance page (zoho.com/gdpr.html) with DPO appointment, DPIA documentation, and 72-hour breach notification commitments. However, as of March 2026, Zoho has not published a dedicated DPDP Act compliance page. Zoho does offer a Data Processing Addendum (DPA) on request for enterprise customers.
For Indian businesses, Zoho’s existing security infrastructure — ISO 27001 certification, the India DC with Mumbai and Chennai facilities, encryption at rest and in transit, and the DPA availability — provides a strong compliance foundation. The gap is primarily in public documentation, not in actual technical capabilities.
Key Compliance Frameworks by Region
| Region | Key Regulation | Zoho DC | Compliance Status |
|---|---|---|---|
| European Union | GDPR | EU (Netherlands) | Dedicated compliance page, DPA available |
| United States | CCPA, HIPAA | US | HIPAA BAA available on request |
| India | DPDP Act 2023 | IN (Mumbai) | DPA available, no dedicated DPDP page |
| Australia | Privacy Act 1988 | AU (Sydney) | APPs compliant |
| Japan | APPI | JP (Tokyo) | Compliant |
| Canada | PIPEDA | CA (Toronto) | Compliant |
| UAE | DESC Cybersecurity | UAE (Dubai) | DESC CSP certified |
| Singapore | PDPA | IN or US (nearest) | No dedicated DC |
| Saudi Arabia | PDPL | SA (Riyadh) | Compliant |
How Datacentre Choice Affects Your Zoho Integrations
Your datacentre selection has practical implications beyond data residency. Every Zoho API endpoint is region-specific — meaning your integrations, automations, and third-party connectors must target the correct regional URL.
| DC Region | API Base URL | OAuth Domain |
|---|---|---|
| US | *.zoho.com | accounts.zoho.com |
| EU | *.zoho.eu | accounts.zoho.eu |
| India | *.zoho.in | accounts.zoho.in |
| Australia | *.zoho.com.au | accounts.zoho.com.au |
| Japan | *.zoho.jp | accounts.zoho.jp |
| Canada | *.zohocloud.ca | accounts.zohocloud.ca |
| China | *.zoho.com.cn | accounts.zoho.com.cn |
| Saudi Arabia | *.zohocloud.sa | accounts.zohocloud.sa |
For example, if you are building a Shopify-to-Zoho Books integration, your API calls must point to books.zoho.com (US), books.zoho.eu (EU), or books.zoho.in (India) depending on your DC. Using the wrong regional endpoint will result in authentication failures.
If your business uses Zoho CRM and Zoho Books together, the CRM-to-Books sync operates within your single DC region. Both applications must be in the same datacentre — you cannot split Zoho Books into the EU DC while keeping Zoho CRM in the US DC under the same organisation.
This also applies to Zoho Flow automations, Zoho Creator custom apps, and any third-party connector. When evaluating connectors, verify that the tool supports your specific datacentre region — not all third-party apps support all Zoho DCs.
Datacentre Migration: What to Know
Zoho datacentre migration is a support-driven process — not self-service. If you need to move your organisation to a different DC, here is what to expect.
How Migration Works
- Contact Zoho: Email [email protected] to initiate the process. Zoho’s team will assess your account and guide the migration.
- Product-specific processes: Some products (like Zoho Books) support a manual backup-and-restore approach — export your organisation data from the current DC, create a new organisation in the target DC domain, and import the backup.
- Backend migration: For account-level migrations, Zoho performs the data transfer server-side. Your data is moved to the target region’s infrastructure.
- URL and API updates: After migration, your account URLs change to reflect the new DC domain. All bookmarked URLs, API integrations, webhooks, OAuth connections, and embedded links must be updated to use the new regional domain.
Key Considerations
- Timeline: No fixed timeline — Zoho determines the schedule case-by-case after reviewing your account size and complexity.
- Data integrity: All data is migrated. No data loss is expected in the official migration process.
- Downtime: Expect some downtime during the migration window. Plan for a maintenance window and notify your team.
- Post-migration actions: Update all API integrations, Zoho Flow connections, Zoho Creator apps, and any third-party tools that reference your old DC domain.
- When to migrate: Common triggers include regulatory changes (e.g., a new data localisation requirement), business expansion into a new region, or performance concerns for geographically distant users.
How to Choose the Right Datacentre
Follow this decision process when selecting your Zoho DC:
- Identify your primary regulatory obligation. If you process personal data of EU residents, choose the EU DC. If you are an Indian company, choose the India DC. For UAE government contracts, choose the UAE DC.
- Consider your user base location. Choose the DC closest to where your team and customers are located for the best performance.
- Plan for the strictest requirement. If your business operates across multiple regions, choose the DC that satisfies the strictest data residency requirement.
- Remember: one DC per organisation. All Zoho products within a single organisation share the same DC. You cannot split products across regions.
- Check third-party compatibility. Verify that any third-party integrations you use support your chosen DC region.
Frequently Asked Questions
Can I change my Zoho datacentre after account creation?
Not easily. Zoho assigns your datacentre at account creation, and the choice is intended to be permanent. If you need to move, contact [email protected]. The migration process involves either a backend data transfer or a manual backup-and-restore, depending on your products. Expect to update all API integrations and bookmarks after migration.
Does Zoho replicate data across datacentres?
No. Zoho does not replicate your data across regions. Your data stays entirely within your chosen datacentre throughout its lifecycle. Backups and disaster recovery infrastructure are maintained within the same region, not across borders.
Where does Zoho store my data?
Your data is stored in the datacentre region you selected at account creation. You can verify your DC by checking your Zoho account URL — zoho.com means US, zoho.eu means EU, zoho.in means India, and so on. All products within your organisation use the same DC.
Which Zoho datacentre should I choose for my business?
Choose the DC in the region where your primary regulatory obligations exist. If you are an Indian company subject to the DPDP Act, choose the IN datacentre. If you serve EU customers and must comply with GDPR, choose the EU datacentre. For multinational businesses, prioritise the region with the strictest data residency requirements.
Is Zoho GDPR compliant?
Yes. Zoho has implemented comprehensive GDPR compliance measures, including data processing agreements, the right to erasure, data portability, and breach notification procedures. Choosing the EU datacentre ensures your data is stored and processed within the European Union, which simplifies GDPR compliance. Zoho’s dedicated GDPR page at zoho.com/gdpr.html provides full details.
Is Zoho compliant with India’s DPDP Act?
Zoho offers the India DC (Mumbai and Chennai), DPA availability on request, ISO 27001 certification, and encryption. However, Zoho has not yet published a dedicated DPDP compliance page comparable to their GDPR page. Indian businesses should request a DPA from [email protected] and ensure they are on the India DC for the simplest compliance posture.
Does the datacentre choice affect which Zoho apps I can use?
No. All Zoho applications are available across all datacentre regions. However, some newer features or beta programmes may roll out to certain DCs before others. The core functionality and app availability remain consistent regardless of your DC choice.
Can I have different Zoho products in different datacentres?
No. All Zoho products within a single organisation share the same datacentre. If you need products in different regions, you would need separate Zoho organisations — which means separate billing, separate user management, and no cross-product integration between the two organisations.
When did Zoho launch the UAE datacentre?
Zoho launched its UAE datacentres on 13 January 2026, with primary facilities in Dubai and secondary in Abu Dhabi. The DCs are DESC-certified (Dubai Electronic Security Center) and host over 100 Zoho and ManageEngine solutions. This was backed by an AED 100 million investment.
Key Takeaways
- Zoho operates 9 datacentre regions spanning every major market, with the UAE being the latest addition in January 2026.
- Your DC choice is made at account creation and determines where all your data is stored and processed.
- India’s DPDP Act does not mandate blanket data localisation, but choosing the India DC eliminates cross-border transfer complexity.
- Every Zoho API endpoint is DC-specific — integrations must target the correct regional URL.
- DC migration is possible but not self-service — contact [email protected].
- Explore our blog for more guides on Zoho infrastructure, compliance, and best practices.