Zoho Marketing Automation
Based exclusively on public evidence • 20 criteria (Privacy + AI)
Last review: 21 Feb 2026
AI Trust Summary
- •Regarding AI: it does not mention ethical AI principles, which may compromise trust in generated campaigns.
- •Regarding Core Privacy: it documents data processing purposes, ensuring transparency about the use of collected information.
Safer Alternatives
Higher-rated software in the same category
Attention Points in AI (2)
AI criteria that require attention. Buy the Premium Analysis to see all 2 criteria.
- •Zoho Marketing Automation
- •Does not document ethical AI principles, which may impact trust in generated campaigns.
- •Does not mention the retention of AI inputs and outputs, leading to uncertainties about data usage.
- •Requires contractual clauses that address these critical points.
Ethical AI principles and anti-bias measures not documented
There is no mention of ethical AI principles or anti-bias measures, which may impact trust in generated campaigns.
AI data retention (prompts and responses) is not disclosed
The policy does not mention the retention of AI inputs and outputs, which may lead to uncertainties about campaign data usage.
Source: vendor public documents
Compliances in AI (3)
AI criteria the company meets. Buy the Premium Analysis to see all 3 criteria.
- •Zoho Marketing Automation
- •Clearly identifies the Zoho Group as the data controller, facilitating contact for privacy matters.
- •Connects data categories with specific purposes, ensuring transparency in the use of information.
- •These practices strengthen due diligence and customer trust.
Use of artificial intelligence clearly disclosed in policies
The policy explicitly states the use of Automation and Artificial Intelligence, ensuring transparency in marketing functionalities.
AI features clearly identified with their purposes
The policy describes specific functionalities that use AI with clear purposes, ensuring that campaign data is used effectively.
Policy on data use for AI training clearly stated
The policy mentions the use of collected information to improve services, but does not specify the training of AI models with campaign data.
Source: vendor public documents
Highlights in Privacy (3)
Most relevant criteria for this category. Buy the Premium Analysis to see all 3 criteria.
Data controller and processor roles clearly defined
The policy clearly defines the roles of Controller and Processor, ensuring that you, as a client, are the owner of campaign data.
Data controller identity and contact clearly disclosed
The policy clearly identifies the Zoho Group as responsible, facilitating contact for privacy matters related to campaigns.
Privacy contact channel available
The policy provides a specific email address for privacy matters, ensuring support for questions about campaign data.
Source: vendor public documents
Critical Alerts
- •Retenção de dados de IA (prompts e respostas) não é informada: Importante para garantir clareza sobre o tratamento de dados de campanhas..
- •Salvaguardas adicionais documentadas para tratamento de dados sensíveis: Crucial para proteger dados sensíveis que possam ser coletados em campanhas.
Conformance analysis (20)
Data controller and processor roles clearly defined
Reference: ISO/IEC 27701 (7.3)
Identity and contact of the data controller clearly informed
Reference: ISO/IEC 27701 (7.3)
Contact channel for privacy matters available
Reference: ISO/IEC 27701 (7.3)
Source: vendor public documents
Follow this company and access all 20 criteria
Track score changes, get alerts on policy updates, and view the full conformance analysis
Don't miss any update
Sign up to follow this company and track changes in privacy and AI scores
Why trust the AITS Index: Open Community Audit
Public transparency, peer review and open evidence trails — all verifiable by the community
Trust guarantees
Peer review
users, professionals and experts confirm or contest items online.
Public history
vendor and index changes are versioned and accessible.
Participate
Evidence, confirmations and contestations
participate in the collaborative validation of AITS criteria
Understanding Privacy and Security in Zoho Marketing Automation
Clear Data Processing Purposes
Zoho Marketing Automation excels in transparency regarding the purposes of data processing. Each category of data collected is clearly listed, which is crucial for users who value privacy. This clarity allows users to understand how their data is being utilized, aligning with regulations like GDPR and LGPD that emphasize the importance of informed consent. With an AITS Privacy Score of 78%, users can feel more secure knowing that the platform is committed to outlining the specific uses of their data.
Transparent Data Controller Information
Another strength of Zoho Marketing Automation is its clear communication regarding the identity and contact information of the data controller. This is vital for users who may have questions or concerns about their data. Knowing who is responsible for data handling fosters trust and accountability. Users can easily reach out for inquiries or to exercise their rights under privacy laws, enhancing their overall experience with the software.
Lack of Ethical AI Principles
Despite its strengths, Zoho Marketing Automation has notable weaknesses, particularly concerning its AI governance. The platform does not document ethical AI principles or anti-bias measures, which raises concerns about the integrity of AI-generated campaigns. With an AITS AI Score of 42%, users should be cautious about relying solely on AI for marketing decisions. Without these safeguards, there is a risk that campaigns may inadvertently perpetuate biases or misinformation.
Unclear Data Retention Policies
Another significant weakness is the lack of information regarding the retention of AI data, such as prompts and responses. Users should be aware that without clear retention policies, their data could be stored longer than necessary, potentially leading to privacy violations. It is advisable for users to regularly review their data management settings and inquire about data retention practices to ensure compliance with their privacy expectations.
Practical Settings to Enhance Privacy
To mitigate risks associated with the weaknesses identified, users should take proactive steps. First, review the settings related to data sharing and AI functionalities. Disable any features that allow for extensive data collection unless absolutely necessary. Additionally, consider implementing data minimization practices by limiting the amount of personal data shared with the platform. Regular audits of your data usage can help ensure that you remain compliant with privacy regulations like GDPR and LGPD.
Alternatives and Precautions
For users concerned about the AI governance shortcomings, exploring alternative marketing automation tools that emphasize ethical AI practices may be beneficial. Look for platforms that provide clear documentation on their AI principles and data retention policies. Furthermore, consider supplementing Zoho Marketing Automation with tools that offer enhanced privacy features, ensuring a more comprehensive approach to data protection. By being proactive and informed, users can navigate the complexities of marketing automation while safeguarding their privacy.
Other Marketing Automation software
Dive into in-depth research and analysis of each player
Source: vendor public documents
Analyzed Sources
Public documents used in the audit of Zoho Marketing Automation:
Evidence, confirmations and contestations
participate in the collaborative validation of AITS criteria
Scope & Limitations
TrustThis/AITS assessments are based exclusively on publicly available information, duly cited with date and URL, following the AITS methodology (privacy & AI transparency).
The content is indicative in nature, intended for screening and comparison, not replacing internal audits.
TrustThis/AITS does not perform invasive tests, does not access vendor technology environments and does not process customer personal data. Conclusions reflect only the vendor's public communication at the date of collection.
Source: vendor public documents