Strengthen your app security with end-to-end protocols

Identify, restore, and protect applications from security threats and vulnerabilities with the help of Zoho Creator's powerful security and encryption tools.

Try for free
End-to-end protocols for your app security
  • Cloud security
  • Data integrity
  • GDPR and HIPAA compliance

Completely secure your application and its data

Zoho Creator safeguards your application against security breaches throughout the entire app development lifecycle. It ensures your application's data security by helping you build apps with its robust OWASP-based security framework. Creator also keeps your app aligned with coding standards and guidelines, scanning for potential threats and vulnerabilities in code changes through automated reviews. The platform's built-in security even mitigates threats like cross-site scripting and application layer attacks, proactively working against them.

Democratizing application security

Protect the confidentiality, integrity, and availability of your application and its data with Zoho Cretor's security tools and features, like encryption, session management, MFA, and more. Whether you're using the application on your phone, tablet, or PC, our centralized security system ensures your application is safe and secure at all times.

Democratizing application security

Keep sensitive information under lock and key

From user data to app security, ensure your application is always secure and protected from potential threats.

  • Safeguard all the data in your app

    Every record, image, and file stored in your Zoho Creator application is always encrypted. You can also add an extra layer of protection for confidential information by encrypting it. Also, your data is yours! We only collect and hold data with your consent and is erased from our systems automatically within 120 days of your account being inactive or deleted. You do have the option to back up your data if you wish.

  • Dispose of data at regular intervals

    We only collect and hold data with your consent, because we prioritize your application data security. In the case of an inactive or terminated account, your data is erased from our systems automatically within 120 days, with the option to back up your data if needed.

  • Provide API security

    Use the API Access option to prevent unauthorized usage of Creator's APIs. This will let you decide which users will be able to use which APIs, helping secure them.

  • Protect your organization from unauthorized web sessions

    With Zoho Directory's session management, you can set the session lifetime, session timeouts, and concurrent sessions to protect your system from threats and track devices/browsers your users are logged in from.

  • Strengthen the organization's security with IP restrictions

    Using IP restrictions, you can control and restrict access to your application from certain IP ranges. By enforcing these restrictions, you can minimize unwanted traffic and secure your server.

  • Secure passwords with mandatory security standards

    Create strong passwords by defining rules like the length, characters, or expiration date of the password, thereby reducing security risks. You can also set up different password policies for different groups based on the sensitivity of the data they handle. For example, you can enable stronger password policies for the data center team compared to client accounts.

  • Add an additional layer of security to your app

    Multi-factor authentication is a protocol that enables you to add layers of verification in addition to a password, like OTP, SMS, Face ID, and more, to protect your app from unauthorized access.

Discover the compliance capabilities offered by Zoho Creator to strengthen your app security

Both Zoho Creator and the applications developed on it adhere to the following standards, ensuring full compliance:

GDPR (General Data Protection Regulation)

Zoho Creator is a GDPR-compliant platform designed to meet stringent data protection standards. It empowers users with essential rights, including the ability to request access to their data, correct inaccuracies, and request data erasure. Additionally, it ensures transparency by providing the right to be informed about how their personal data was, is, and will be processed.

Zoho Creator’s features support consent declaration, dynamic opt-in and double opt-in mechanisms, role-based PII, encryption, and masking information. It also includes data protection impact assessment and breach notification rules.

HIPAA compliance

HIPAA compliance is crucial for businesses that process and store sensitive medical information. Zoho Creator doesn't collect, use, store, or maintain health information protected by HIPAA for its own purposes. However, Zoho Creator meets HIPAA requirements by offering features that support ePHI controls, role and permission management, regular audit trails and assessments, and data backup and restoration.

SOC 2 + SOC 1 Type II

Zoho Creator is compliant with SOC 2 and SOC 1 Type II, as per the American Institute of Certified Public Accountants (AICPA's) Statement on Standards for Attestation Engagements No. 18 (SSAE18) standard and the International Auditing and Assurance Standards Board (IAASB's) International Standard on Assurance Engagements 3402 (ISAE 3402) standards.

ISO/IEC 27001

Zoho Creator is certified under the globally recognized ISO/IEC 27001 certification for information security management. This ensures that customer data is well-protected and secured from unauthorized access.

Beyond compliance

Data privacy

Zoho Creator prioritizes data privacy and offers features to keep your data safe. You can build secure apps using role-based access control, HTTPS communication, and data encryption to ensure user data remains protected.

No adjunct surveillance

Websites often use cookies to track user data, but not Zoho Creator. Instead, it only collects the necessary data through forms, reports, and applications, keeping data secure and ensuring there's no unnecessary monitoring of users.

Over 6 million users worldwide trust us with their data

Read more
Evaluation guide

Explore relevant features

Your security is our priority

Sign up now

Frequently Asked Questions

How are encryption keys managed, and can customers upload their own keys?

We own and maintain the keys using our in-house Key Management Service (KMS). Currently, there is no provision for customers to upload their own keys.

What is your data backup policy?

We run full backups once a week and incremental backups every day. Back up data is stored in the same location and encrypted at rest, as with the original data. We also restore and validate backups every week, and retain backed-up data for 3 months. In the case of a request from a specific customer, we will restore their data from the backup and make it available to them.

Is API security applicable for all users?

Yes, API security is enabled for users except portal users who have been added into the application. Their API security will be based on the policy defined in the permission set.

Is it possible to manage the sessions of individual users manually?

Yes, it's possible to manage sessions manually using the Account activity tab, Learn more.

Does MFA work offline?

Yes. If you're trying to log in to your account but don't have internet access on your mobile device, you can still log in to your Zoho account using an offline token provided by the OneAuth app. Learn more.