More than 80 million users place their trust in us to run their businesses - Our security, privacy, and compliance practices are built on the foundation of that trust.

Trust

Security at Zoho

 

Product security 

All our products are secure by design, where every change and feature in our products goes through secure coding guidelines, code analyzer tools, vulnerability scanners, and manual review processes. Our robust security framework based on OWASP standards, implemented in the application layer, provides functionalities to mitigate threats. Our employees think "security first" and we incorporate security into our entire software development process.

 

Data security

Our framework ensures that each customer's data is logically separated from other customers' data. Furthermore, we provide encryption at rest as well as in transit to protect our customers' data. Data retention and backup happens in a secure manner.

 

Availability

Our disaster recovery and business continuity programs help us provide you with high availability. Customer data is spread over geographically diverse Data Centers (DC) such that data in one DC is replicated in another. This ensures that operations carry on smoothly with minimal or no loss of time, if one DC fails. Our DCs are physically secure with strict access control from our colocation providers.

 

Operational security

We have a robust logging and monitoring system to ensure clean and secure traffic through our servers. We use intrusion detection and prevention systems to ensure protection and prevent misuse of our infrastructure. We use a combination of certified third-party scanning tools and in-house tools to manage vulnerabilities.

For more details, please refer to our security white paper. If you have any questions, there is a good chance you can find the answer in our security FAQ

What we offer

  •   Encryption at rest
  •   Encryption in transit
  •   Single-sign on
  •   Multi-factor Authentication
  •   Role-based access controls
  •   Logging, auditing and monitoring features
  •   Features to enhance privacy of personal data

Compliance certifications

We comply with the following industry-accepted standards to help you ensure your data is secure and compliant. 

  •   ISO 27001
  •   ISO 27017
  •   ISO 27018
  •   Soc-2 type II
  •   GDPR

Click here for more details regarding our certifications.

Privacy at Zoho

Our GDPR-compliant privacy policy and Data Processing Addendum (DPA) show our commitment to privacy. For more information on our GDPR stance, please click here.

We understand, scrutinize, and evaluate each third-party service that may handle your data, through risk assessments and periodic reviews.

Our products provide you with features like authorization, encryption of fields with personal information, audit trails, and labelling of fields, that enhance the privacy of your data.

We have a dedicated team that runs the privacy program through practices like performing Data Protection Impact Assessments (DPIA), Internal audits, and providing awareness and training to our employees.

Click here for our privacy policy. Here's a list of FAQ related to Privacy