Watch our new brand video - a tribute to the industry. Watch Video
Watch Video
CustomersCompanyCareersFree Demo
Follow us on
Free Demo
1st Pay POS
Abitzu
Acuity
Aesthetics Pro
Appointment Plus
Barberbooking
BigCommerce
Billez
Book4Time
Booker
Booksy
Boomtime
Boulevard
CSI
ChamberMaster
Citas
Clickbook
ClienTrak
Clinicmaster
Cliniko
ClubRunner
Cosmed Cloud
Customized Software
Demand Force
Divine Beauty
DrChrono
Envision
Exclusife
Fleury
FlexiSalon
Fresha
Full Slate
Gappt
GenBook
Getsquire
Guest Vision Software
GumNut
Hairware/Beautyware
Home Grown
Insight by Sintech Business Salons
Invoay
Jane
Kitomba
Korvue
MBO
MD Ware
Meevo
Merlin (Ikosoft)
Mikal
Milano
Millennium
Miosalon
Mspa
MyTime
Myaestheticpro
New Biz
Not Known
Offline
Opera
Orchid
Other
Pabau
Patient Now
Phorest
Practo
Premier Software
Pro Salon
Quickbooks
Resort Suite
Resurva
Rosy Salon
STX
Salbei Solutions
Salon Advantage
Salon Iris
Salon Ultimate
SalonBiz or SpaBiz
SalonGenius
SalonHub
SalonIQ
Salonbook.one
Schedulicity
Setmore
Shedul
Shortcuts
Simple Salon
Solutionreach
Spa Connect
Spa Salon Manager
Spa Soft
Square
StyleSeat
Super Salon
TCS
Timely
Touch Suite
Transcend
Trascend
Treatwell
Vagaro
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Contact Us
No items found.

Security @ Zenoti

Last updated Date: 15-Aug-2021, Version: Q3-2021

‍

Zenoti is committed to protecting its information and that of its customers. This is vital to the success of our Business. Customers across the globe trust us with their data security. This page provides information on our security measures.

‍

Our Information Security Strategy involves the following components:

  1. Information Security Governance
  2. Human Resources Security
  3. Cloud Security
  4. IT Security
  5. Incident Management
  6. Vulnerability Management
  7. Product Security
  8. Physical Security
  9. Business Continuity & Disaster recovery

‍

Information Security Governance

  • Well established Information Security Program.
  • Well established Security Policies and Procedures.
  • Well defined Security Roles and Responsibilities.
  • Active Participation from Zenoti’s Leadership team.
  • Dedicated team of security and privacy professionals.
  • Security audits performed to monitor compliance with Security requirements.
  • Security Newsletters shared on a periodic basis.

‍

Human Resources Security

  • Background Verification (BGV) is performed.
  • Upon joining Zenoti, employees are required to sign the Non-Disclosure Agreement and other documents which include mandatory security clauses.
  • All employees are mandatorily trained on Security and Privacy requirements.

‍

Cloud Security

Architecture

  • Zenoti Platform hosted in AWS and designed as a multi-tenant architecture.

Security

  • Data at rest is encrypted.
  • Data in transit is encrypted.
  • DDOS Protection is enabled.
  • API Throttling is enabled.
  • All systems in cloud are protected by Antivirus.
  • Threat detection is enabled.
  • All our instances run on AWS VPC (Virtual Private Cloud).
  • Single Sign On (SSO) is implemented.
  • Servers are Hardened based on CIS benchmark standards.
  • Industry Standard tools leveraged for periodic security assessments.
  • Data Masking feature is implemented on sensitive data.

Availability

  • Systems run from multiple AWS Availability Zones.
  • Support for On-demand scale of stateless server farms.
  • Zenoti sites are hosted to handle both hardware and availability zone failures.

Backup and Recovery

  • Snapshots are taken for all the Critical Servers at regular intervals.
  • Database: Zenoti employs different techniques like always-on configuration, full backups, incremental backups, image snapshots to recover from any failure.
  • Database backups are encrypted using native encryption.
  • All backups are stored in encrypted storage.
  • Periodic restoration checks are performed.

Logging & Monitoring

  • Industry standard tools leveraged for logging, monitoring, analysis, and incident management.
  • Site is continuously monitored for uptime.
  • Different types of Logs like Event Logs, Application Logs, Infrastructure Logs, Audit Logs are enabled.
  • Site Reliability Engineering team monitors the operations 24/7/365.

‍

IT Security

Endpoint Security

  • By default, administrative access is not provided, and guest accounts are disabled.
  • By default, all the endpoints have USB blocked.
  • All endpoints have anti-virus installed and configured for the latest patches.
  • All endpoints are encrypted.
  • Endpoint Detection and Response (EDR) is enabled.

Network Security

  • Network Intrusion Prevention System (NIPS) is Implemented.
  • URL Filtering feature is enabled.
  • Data Loss Prevention (DLP) is configured to monitor sharing of critical information.
  • E-mail communications are scanned at the gateway to prevent infection from malicious software and programs.
  • VPN (Remote Access Service) with MFA enabled for access from remote.

Backup & Recovery

  • Internal IT servers are backed up on a regularly basis.
  • Periodic Restoration checks are performed. 

Availability

  • Redundant Internet Services Providers (ISP).
  • Auto failover and fallback both are enabled on ISPs.
  • High Availability(HA) Firewall system is established.
  • In addition to the Primary DC (Domain Controller) Additional DC are maintained in Cloud and the other region.

Logging & Monitoring

  • Central Log server established for Server Logs, Network and Security device Logs, AV Logs, Admin User Logs.
  • The Logs are monitored continuously for appropriate actions.
  • All Internet connections are monitored for availability.

‍

Incident Management

  • Security Incident Management System is established.
  • Security Incidents are logged and tracked to closure.
  • Incidents related to security can be reported by Zenoti employees, customers, vendors by writing e-mails to a dedicated ID security_incidents@zenoti.com.

‍

Vulnerability Management

  • Vulnerability Management Program in place
  • Vulnerability Assessments are conducted periodically on the infrastructure and findings, if any, are tracked to closure.
  • Penetration Testing is conducted on a periodic basis and findings, if any, are tracked to closure.
  • Static code testing: Various static code checks like Code Style, Security ( includes OWASP Top 10), Error Prone, Performance, Compatibility, and Unused Code are performed before code check-ins.
  • Application Security Testing is performed. The guidelines followed included OWASP Top 10, CWE/SANS Top 25, PCI DSS Penetration Testing Guidelines, and other industry best practices as applicable.

‍

Product Security

  • Source control system is in place for the code repository.
  • Developer code is reviewed before being committed.
  • All changes are tested thoroughly by the Quality Assurance team.
  • Static code testing is performed.
  • Application security testing is performed.
  • The Zenoti Platform provides Roles and Permissions that allows users to be configured to access the platform based on their roles only.
  • Extensive Product Logging is available for the Zenoti Product to meet compliance requirements.

‍

Physical Security

  • Physical access to Zenoti premises and server rooms is controlled at the entry and exit doors by proximity-based access control system.
  • Zenoti premises and server rooms are continuously monitored through CCTV Cameras.
  • Devices are installed and preventive measures are in place for protection against environmental hazards including but not limited to fire, power outages, fluctuations.

‍

Business Continuity & Disaster recovery

  • BCP ( Business Continuity Planning ) Scenarios are identified as part of Business Impact Analysis.
  • BCP scenarios are tested on a periodic basis as part of disaster recovery readiness.
Why Zenoti?
Elevate your customer experience
Unify your brand & operationsAutomate with AI
Business
SalonsSpasMed SpasFitness Centers
Products
AppointmentsBilling & PaymentsReporting & AnalyticsMarketingEmployeesInventory
All product videos &
datasheets
COVID Resource Center
CompanyResourcesCustomersCareersPressContact UsHelp CenterReferral ProgramSupportSitemapOrder Device
Privacy Policies & Cookies
Security
Legal
All Content Copyright 2021
All Rights Reserved