Privacy and Security

At Zoho Invoice, we take the privacy of your organization very seriously. With the data protection laws coming up, the following feature enhancements in Zoho Invoice will help you stay GDPR compliant. 

Permissions to Access PII

Zoho Invoice lets you to restrict your organization user’s access to the sensitive data of your contacts. You can choose to edit a user’s role and enable or disable their access to Personally Identifiable Information (PII) - Any data that can be used to identify a specific individual. To do this:

• Click the Gear icon in the top-right corner. 
• Go to Users and Roles and click the Roles tab. 
• Hover the cursor over a role and click edit to modify an existing role or create a new role. 
• Scroll to the Settings section and enable or disable Provide Access to Personally Identifiable Information.

• Click Save. 

Note: By default, the setting will be enabled only for the Admin of the organization. 

Read more about Roles and Users. 

Custom Field Creation 

Custom Fields in Zoho Invoice allow you to quickly and easily add data against fields created by you. From now on, when you create a new custom field, you can choose to encrypt and save the Personally Identifiable Information (PII).

• Click the Gear icon from the top right corner and select Preferences. 
• Select the module for which you would like to create a new custom field. 
• Enter the Label Name and select the Data Type. 
• Select how you want to store your data based on its sensitivity under Is this PII?  

You can select one of the following options:

Yes, it’s PII. Encrypt and store it

This field can contain any sensitive information that only the users with permission to access PII will be able to view them. If you search for the details of this field using advanced search, then it will not show up in the results.

Yes, it’s PII but not sensitive. Store it without encryption

This field can contain any information that cannot be disclosed to all the users. Only the users with permission to access PII will be able to view them. If you search for the details of this field using advanced search, then it will show up in the results.

No, it’s not PII

The field can contain common data that is not sensitive at all. The data will not be encrypted and all users in the organization can view the details. The details of this field show up in results when you perform advanced searches.

• Select the other settings and click Save.

Note: The option to mark a field as PII is available only for the following data types: text, number, email, URL, date and phone. 

Restricting Data Export 

Once you have enabled role based access, the users without permission to access Personally Identifiable Information (PII) will not be able to export any sensitive information. This would include SSN number, bank account number, and any custom fields created and marked as sensitive. 

So, when users with permission to access PII want to export data, they can do so.

• Navigate to the module you would like to export data. 
• Click Export from the hamburger icon. 
• Select the module you want to export, choose the status of the transaction, and select the file format. 
• Enable the option Include Sensitive Personally Identifiable Information (PII) while exporting.
• Click Export.