Skip to main content
close
  • Sales
    Press Space or Enter to display list of options
EXPLORE ALL PRODUCTS

Sales

 
CRM

Comprehensive CRM platform for customer-facing teams.

CRM
 
Bigin

Simple CRM for small businesses moving from spreadsheets.

Bigin
 
Forms

Build online forms for every business need.

Forms
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Sign

Digital signature app for businesses.

Sign
 
RouteIQ

Comprehensive sales map visualization and optimal route planning solution.

RouteIQ
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Suites
CRM Plus

Unified platform to deliver top-notch customer experience.

CRM Plus

Marketing

 
Social

All-in-one social media management software.

Social
 
Campaigns

Create, send, and track targeted email campaigns that drive sales.

Campaigns
 
Forms

Build online forms for every business need.

Forms
 
Survey

Design surveys to reach and interact with your audience.

Survey
 
Sites

Online website builder with extensive customisation options.

Sites
 
PageSense

Website conversion optimization and personalisation platform.

PageSense
 
Backstage

End-to-end event management software.

Backstage
 
Webinar

Webinar platform for webcasting online webinars.

Webinar
 
Marketing Automation

All-in-one marketing automation software.

Marketing Automation
 
LandingPage

Smart landing page builder to increase conversion rates

LandingPage
 
Publish

Manage all your local business listings on a single platform.

Publish
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Sign

Digital signature app for businesses.

Sign
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
LeadChain

Sync, manage, and convert leads across channels seamlessly.

LeadChain
 
NEW
CommunitySpaces

Online community platform for individuals and businesses to grow their network and brand.

CommunitySpaces
 
Suites
Marketing Plus

Unified marketing platform for marketing teams.

Marketing Plus

Commerce and POS

 
Commerce

eCommerce platform to manage and market your online store.

Commerce

Service

 
Desk

Helpdesk software to deliver great customer support.

Desk
 
Assist

Remote support and unattended remote access software.

Assist
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
FSM

End-to-end field service management platform for service businesses.

FSM
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Suites
Service Plus

Unified platform for customer service and support teams.

Service Plus

Finance

 
Books

Powerful accounting platform for growing businesses.

Books
 
FREE
Invoice

100% Free invoicing solution.

Invoice
 
Expense

Effortless expense reporting platform.

Expense
 
Inventory

Powerful stock management and inventory control software.

Inventory
 
Billing

End-to-end billing solution for your business.

Billing
 
Checkout

Collect payments online with custom branded pages.

Checkout
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Practice

Practice management software for accounting firms.

Practice
 
Sign

Digital signature app for businesses.

Sign
 
Commerce

eCommerce platform to manage and market your online store.

Commerce
 
Suites
Finance Plus

All-in-one suite to manage your operations and finances.

Finance Plus

Email and Collaboration

 
Mail

Secure email service for teams of all sizes.

Mail
 
Meeting

Online meeting software for all your video conferencing & webinar needs.

Meeting
 
Writer

Word processor for focused writing and discussions.

Writer
 
Sheet

Spreadsheet software for collaborative teams.

Sheet
 
Show

Create, edit, and share slides with a sleek presentation app.

Show
 
Notebook

Beautiful home for all your notes.

Notebook
 
Cliq

Stay in touch with teams no matter where you are.

Cliq
 
Connect

Employee experience platform to communicate, engage, and build positive employee relations.

Connect
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
TeamInbox

Shared inboxes for teams.

TeamInbox
 
WorkDrive

Online file management for teams.

WorkDrive
 
Sign

Digital signature app for businesses.

Sign
 
Office Suite

Powerful collaborative work platform for teams.

Office Suite
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
Calendar

Online business calendar to manage events and schedule appointments.

Calendar
 
Learn

Knowledge and learning management platform.

Learn
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
ToDo

Collaborative task management for individuals and teams.

ToDo
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
FREE
PDF Editor

Collaborative online PDF editing tool.

PDF Editor
 
Suites
Workplace

Application suite built to improve team productivity and collaboration.

Workplace

Human Resources

 
People

Organize, automate, and simplify your HR processes.

People
 
Recruit

Intuitive recruiting platform built to provide hiring solutions.

Recruit
 
Expense

Effortless expense reporting platform.

Expense
 
Workerly

Manage temporary staffing with an employee scheduling solution.

Workerly
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Shifts

Employee scheduling and time tracking app.

Shifts
 
Sign

Digital signature app for businesses.

Sign
 
Suites
People Plus

Comprehensive HR platform for seamless employee experiences.

People Plus

Security and IT Management

 
Creator

Build custom apps to simplify business processes.

Creator
 
Directory

Workforce identity and access management solution for cloud businesses.

Directory
 
FREE
OneAuth

Secure multi-factor authenticator (MFA) for all your online accounts.

OneAuth
 
Vault

Online password manager for teams.

Vault
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Toolkit

Complete resource for any admin-related lookup queries.

Toolkit
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
Assist

Remote support and unattended remote access software.

Assist
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA

BI and Analytics

 
Analytics

Modern self-service BI and analytics platform.

Analytics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep
 
NEW
IoT

Harnessing IoT analytics for real-time operational intelligence.

IoT

Project Management

 
Projects

Manage, track, and collaborate on projects with teams.

Projects
 
Sprints

Planning and tracking tool for scrum teams.

Sprints
 
BugTracker

Automatic bug tracking software for managing bugs.

BugTracker
 
Solo

The all-in-one toolkit for solopreneurs.

Solo

Developer Platforms

 
Creator

Build custom apps to simplify business processes.

Creator
 
Flow

Automate business workflows by creating smart integrations.

Flow
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA
 
NEW
Apptics

Application analytics for all apps.

Apptics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
NEW
IoT

Build, deploy, and scale IoT solutions for connected businesses.

IoT
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep

IoT

 
NEW
IoT

Low-code IoT platform and solutions for connected businesses.

IoT

Search Result

 
CRM Plus

Unified platform to deliver top-notch customer experience.

Try now
CRM Plus
 
Service Plus

Unified platform for customer service and support teams.

Try now
Service Plus
 
Finance Plus

All-in-one suite to manage your operations and finances.

Try now
Finance Plus
 
People Plus

Comprehensive HR platform for seamless employee experiences.

Try now
People Plus
 
Workplace

Application suite built to improve team productivity and collaboration.

Try now
Workplace
 
Marketing Plus

Unified marketing platform for marketing teams.

Try now
Marketing Plus
 
All-in-one suite

Zoho One

The Operating System for Business

Run your entire business on Zoho with our unified cloud software, designed to help you break down silos between departments and increase organizational efficiency.

TRY ZOHO ONE
Zoho One
Zoho Marketplace

With over 2000 ready-to-use extensions across 40+ categories, connect your favorite business tools with the Zoho products you already use.

EXPLORE MARKETPLACE
Marketplace

Understanding shared responsibility with Zoho

Zoho takes responsibility for building products that are secure, reliable, and robust. While we maintain the cloud infrastructure, you are responsible for securing your data and the settings you configure within the Zoho applications.

When you use Zoho, data security and privacy is a shared responsibility between you and us. Here's a model that describes the high-level architecture of our cloud environment, which is Software as a service (SaaS), and the associated responsibilities.

Updated on: July 12th, 2020

Customer's Responsibility

  •   Data accountability
  •   Passwords
  •  Client and end point security

Shared Responsibility

  •   Identity and access management
  •   Data management
  •   Managing data to other parties
  •   Encryption
  •   Backups
  •   Incident management
  •   Awareness and training
  •   Policy and compliance

Zoho's Responsibility

  •  Data security
  •  Availability
  •   Business continuity
  •   Network controls
  •   Host infrastructure
  •   Physical security

We have put together this guide to help you understand what Zoho does to keep your account safe, what you can do to secure your data, and how we can work together to achieve a safe cloud environment.

Customer's responsibility

Let's look at how you are responsible for protecting your data in the cloud and the security of your devices.

Data accountability

You are responsible for:

  • The data you share and receive over the cloud. You decide whom you share it with, the period, and the means of sharing.
  • Ensuring the privacy of data you handle using Zoho services, to ensure that you do not accidentally or willingly make any private content publicly available.
  • Maintaining the accuracy of the data that you process in your system.
  • Ensuring that your Zoho service account is not used by you or others on your behalf for spamming or illegal activities, that Zoho's services are only used for their intended purposes.

Passwords

You are responsible for creating a strong password and safeguarding it when you use it to log in and access the cloud.

Client and end-point security

  • The compromise of one of your endpoints (whether your laptop, desktop, or smart phone) will render all other controls ineffective.
  • You are responsible for your end-point security and are expected to keep your browser services, mobile OS, and mobile applications updated to the latest version and patched against vulnerabilities.

Shared responsibility

Responsibility of control that will apply to both you and Zoho.

Identity and access management

We provide infrastructure for managing user accounts through Identity and Access Management (IAM) service by facilitating:

  • User registration, de-registration options, and specifications on how to use them.
  • Functionality for managing access rights of your cloud users.
  • Strong authentication techniques such as Multi-Factor Authentication and IP address restrictions.

You are responsible for:

  • Implementing strong user access management controls.
  • Configuring strong passwords based on the organization's policy and protecting them.
  • Enabling Multi-Factor Authentication for your organization's users.
  • Administering user accounts and privileges—configuring user roles according to the principal of least privilege.
  • Defining the administrator(s) of the organization's account and having a proper process for ownership transfers. Taking necessary steps to ensure that your organization does not lose control of its administrator accounts.
  • Periodically reviewing the list of users with access to data and removing access for anyone who should not have it.
  • Frequently reviewing devices linked to the organization's user accounts and removing unused or unauthorized devices.
  • Monitoring your organization's user accounts for malicious access or usage.
  • Notifying Zoho of any unauthorized use of your organization’s accounts.
  • Educating your users on the importance of good password management, the risks on credential reuse, social logins, and phishing attacks.

Data Management

We provide a platform for you to manage your data with:

  • Data sharing features for administrator and user-level controls.
  • Audit features on customer data to provide transparency on important activities and to track changes.
  • Data interoperability—the option to take a complete backup of data and configurations to migrate all or a part of your data to another SaaS provider.
  • Data retention and disposal—we hold the data in your account as long as you choose to use Zoho Services. Once you terminate your Zoho user account, your data will get deleted from the active database during the next cleanup that occurs once every six months. The data deleted from the active database will be deleted from backups after three months.
  • Access limitations features to limit employees from accessing customer data and ensure that they can only do so if there is a specific reason.

You are accountable for:

  • Due diligence while processing information belonging to special categories (for example, personal/sensitive data) by applying appropriate controls to comply with the requirements of applicable legislation.
  • Configuring proper sharing and viewing permissions.
  • Regularly reviewing audit reports to identify any suspicious activity.
  • Maintaining up-to-date contact information with Zoho.
  • Taking your data out of the system once you stop using our services. Otherwise it will be subjected to permanent deletion without any scope for recovery.

Managing data to other parties

We work towards having secure integrations and extensions to our applications by:

  • Marketplace applications: Performing functional testing, security testing, and privacy testing once an application is submitted to us. We also perform product review and content review.
  • Sub-processors: Evaluating the security and privacy practices of sub-processors whom we wish to contract to ensure that they are in line with Zoho's information security and privacy standards. We then execute appropriate data protection agreements with them.
  • We review the privacy policy and terms of service of our vendors and ensure that their operations stick to it.

We expect you to:

  • Enable or disable third-party integrations after taking into consideration the data that gets shared to third-party environments. You must review the terms and the privacy policy of the third-party service regarding the collection, use, or disclosure of data.
  • Mark your preference on whether you would like to share your details with vendors every time an extension is installed.
  • Assess the suitability of the Marketplace Apps and the reasonableness of the requested permissions prior to installation.
  • Notify Zoho of any malicious behavior identified in the Marketplace Apps.

Data subject rights

We are accountable for:

  • Providing features that enable customers to cater to and protect the rights of your customers.
  • Notifying you of requests from your customers when they contact us directly for exercising their rights.

You are obliged to:

  • Honor and handle requests from customers for data access, rectification, deletion, and restrictions in processing of their personal information.

Encryption

We safeguard your data using encryption at transit and at rest in the following ways:

  • Data in transit: Customer data transmitted to our servers over public networks is protected using strong encryption protocols. We mandate all connections to our servers use Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers for all connections including web access, API access, our mobile apps, and IMAP/POP/SMTP access.
  • Data at rest: Sensitive customer data is encrypted at rest using Advanced Encryption Standard (AES) 256-bit algorithm. The data that is encrypted at rest varies with the services you opt for. We own and maintain the keys using our in-house Key Management Service(KMS).

We suggest you to:

  • Determine your encryption needs. For data at rest, in many instances while using our services, you may be responsible for defining which of the fields need to be encrypted.
  • When the data from our cloud is downloaded or exported into your environment or synced within integrations in Zoho or with any other third-party integration, you need to ensure that relevant encryption controls are applied. For example, enable disk encryption on your devices and use the export feature with password protection enabled, etc.

Backups

We are equipped with a robust system to:

  • Maintain system-level backups encrypted with AES-256 bit algorithm and stored securely. Automatically run integrity and validation checks of the full backups.
  • Enable requests for data restoration and provide secure access to it within the retention period. Provide customers a feature to export and take a backup of their data.

From your end, you can:

  • Schedule a backup for your data, export it from its respective Zoho services, and store it locally in your infrastructure, if necessary. You are responsible for storing it in a secure manner.

Incident management

From our side, we ensure to:

  • Report all incidents of breach that we are aware of and that applies to you along with impact details and suitable actions. For incidents specific to an individual user or an organization, we will notify the concerned party through email registered with us.
  • Track such incidents and close them.
  • Implement controls to prevent recurrence of similar incidents.
  • If requested, we will provide additional evidence related to the incident that applies to you.

We expect you to:

  • Take actions suggested by Zoho in case of a breach.
  • Meet your data breach disclosure and notification requirements, such as notifying your end users and data protection authorities when relevant.
  • Report security and privacy incidents that you are aware of to incidents@zohocorp.com.

Awareness and training

We take complete responsibility for:

  • Training our employees to be security-conscious and to adhere to a secure development standard. Newly hired employees take part in mandatory security and privacy training in addition to receiving regular security awareness training via informational emails, presentations, and resources available on our intranet.
  • Training our employees on appropriate handling of cloud service customer data.

You are responsible for training cloud users on:

  • Standards and procedures for the use of our services.
  • How the risks related to our services are managed.
  • Risks on the general system and the network environment.
  • Applicable legal and regulatory considerations.

Policy and compliance

We adhere to set of guidelines, such as:

  • We have a comprehensive risk management program in place and effectively implement the controls.
  • We operate within the law of various jurisdictions where we operate from.
  • We provide evidence of compliance with applicable legislations and based on our contractual requirements.
  • We will assist in DPIA assessments of our customers to the extent allowed by the applicable laws.

We expect you to:

  • Evaluate regulations and laws that are applicable to you and to review our compliance with regulations and standards that are needed for your business. You can request for additional information to serve as evidence of our compliance.
  • Understand our policies, our policy assessment methods, and how we process data.
  • Conduct DPIA as required by the data protection laws applicable to your organisation before / while processing data
  • Before you process any personal/sensitive data, assess your lawful basis. In case your lawful basis is consent, ensure you obtain the consent from your customers.
  • Assess the suitability of our cloud-based services based on the information we provide and ensure it is sufficient to meet your compliance needs.
  • Understand the risk profile and sensitivity of the data hosted in the Zoho services and apply appropriate controls.

Zoho's responsibility

We are responsible for the protection 'of' the cloud and related controls that run all Zoho services.

Data security

  • We are responsible for the isolation of your data stored with us. Each customer's service data is logically separated from other customers' data using a set of secure protocols in the framework.
  • We are responsible for the confidentiality of your data stored with us at rest, in transmission, and during processing.
  • We are responsible for the integrity of both your data and system data such as logs and configuration data.
  • We are responsible for traceability and control of your data, such that at any given time, the physical location and processing of data can be known.

Availability

  • We are responsible for ensuring that our services are available as per our uptime SLA of 99.9% by handling hardware/software failures and threats like denial of service attacks.
  • As a customer, you can visit zohostatus.com at any time to view the current site status, as well as past disruptions.

Business continuity

  • We are responsible for having a business continuity plan in place for our major operations such as support and infrastructure management.
  • We will ensure that the application data stored on resilient storage is replicated across data centers. Data in the primary DC is replicated in the secondary in near real-time, and we can switch to the secondary in case of any disaster.

Network controls

We are responsible for operating a secure production network. We use firewalls to prevent our network from unauthorized access and undesirable traffic. Access to production networks is strictly controlled.

Host infrastructure

We are responsible for protecting and securing the host infrastructure. All servers provisioned in the production network are hardened according to the standards. OS patch management, baseline configuration, and Host intrusion detection technologies are adopted to maintain a secure infrastructure.

Physical security

We are responsible to ensure that our infrastructure is protected from unauthorized physical access, intrusion, and disasters.

Conclusion

The shared responsibility model for cloud security provides clarity on security expectations for cloud users and cloud service providers. However, an understanding of the expectation is just the first step. Users must take action on these responsibilities by creating policies and procedures for their portion of cloud security. Zoho will continue to work hard to keep your data secure—like we always have—and will strive to work towards a secure cloud environment.

For any further queries on this topic, feel free to contact us at security@zohocorp.com