Security

SECURITY POLICY

INTRODUCTION

At Zonar ERP Software (“Zonar”), we understand the importance of security when it comes to handling our customers’ sensitive data. This security policy outlines the measures we have implemented to ensure that our SaaS ERP software and related services (“Services”) are secure and protected against unauthorized access, use, or disclosure.

HOSTING INFRASTRUCTURE

Our Services are hosted on the cloud infrastructure provided by DigitalOcean and AWS, a leading cloud provider that offers advanced security features and data protection measures. DigitalOcean’s and AWS infrastructure is designed to provide high levels of security and reliability, with features such as:

Physical security controls: Data centers are equipped with strict physical security measures, including video surveillance, biometric authentication, and 24/7 on-site security personnel.

Network security: It Implements a variety of network security measures to prevent unauthorized access to its infrastructure, including firewalls, intrusion detection and prevention systems, and distributed denial-of-service (DDoS) protection.

Data redundancy: It stores data in multiple locations to ensure that it is protected against data loss or corruption.

ACCESS CONTROLS

We take strong measures to ensure that only authorized users have access to our Services. Our access controls include:

• User authentication: Users are required to provide a valid user ID and password to access our Services.
• Role-based access control: Users are assigned roles that determine their access permissions to our Services.
• Multi-factor authentication: We offer multi-factor authentication as an optional security feature to further enhance access controls.
• Session management: We implement session management controls to prevent unauthorized access to our Services.

SOFTWARE SECURITY

We are committed to ensuring that our software is secure and free of vulnerabilities. Our software security measures include:

• Code reviews: Our development team performs regular code reviews to identify and address potential security issues

• Penetration testing: We perform regular penetration testing to identify and address potential vulnerabilities in our Services.
• Software updates: We promptly apply security patches and software updates to address known vulnerabilities.

Network Security

The cloud infrastructure is configured with a robust network security system to prevent unauthorized access to the ERP software and its associated data. This includes firewalls, intrusion detection systems, and encryption protocols to ensure the confidentiality, integrity, and availability of customer data.

DATA ENCRYPTION

We use industry-standard encryption protocols to protect all data in transit and at rest. Our data encryption measures include:

• SSL/TLS: We use SSL/TLS encryption to secure all data transmitted between our Services and your devices.
• Disk encryption: We encrypt all data stored on our servers using disk encryption technologies.
• Encryption of backups: All backups of our Services are encrypted using industry-standard encryption protocols.

BACKUP SERVICE PLAN

We offer a Backup Service Plan that includes daily backups of your data and related services. We maintain backups for a period of time specified in our Backup Service Plan. Our Backup Service Plan includes the following:

• Backup frequency: We perform daily backups of your data and related services.
• Backup retention: We maintain backups for a period of time specified in our Backup Service Plan.
• Backup security: All backups are encrypted using industry-standard encryption protocols.

SECURITY INCIDENT RESPONSE

In the event of a security incident, we have a formal incident response plan that includes:

• Notification: We will promptly notify you of any security incidents that may affect your data.
• Investigation: We will investigate the incident to determine its scope and impact.
• Remediation: We will take appropriate remedial actions to mitigate the impact of the incident.

AUDIT LOGGING

We maintain detailed audit logs of all user activities on our Services. Our audit logs include:

• User ID and IP address: We record the user ID and IP address of all users accessing our Services.
• Timestamp: We record the date and time of all user activities.
• Activity details: We record the details of all user activities, including the type of activity and the

Data Protection 

We take the following measures to protect the data processed through our Services:

Confidentiality: We protect the confidentiality of data by limiting access to authorized users, using encryption protocols, and applying data classification and handling policies.

Integrity: We ensure the integrity of data by implementing data validation and verification processes, using secure coding practices, and applying change management policies.

Availability: We ensure the availability of data by implementing high availability and disaster recovery measures, using backup and restore processes, and applying service level agreements.

Third-Party Security

We require third-party service providers who have access to our Services to comply with our security policies and standards. We perform due diligence and assessments on our third-party service providers to ensure they meet our security requirements.

User Security Responsibilities

We require our users to follow the security policies and guidelines outlined in our user agreement. Users are responsible for maintaining the security of their user IDs and passwords and for reporting any security incidents or suspicious activities to our security team.

Policy Review and Updates

We review and update our Security Policy periodically to ensure it remains effective and relevant. Any updates will be communicated to our users and posted on our website.

Contact Us

If you have any questions or concerns regarding our Security Policy, please contact us at [email protected] . We are committed to addressing your concerns in a timely and professional manner.

Customer controls for security

So far, we have discussed what we do to offer security on various fronts to our customers. Here are the things that you as a customer can do to ensure security from your end:

• Pick a strong, one-of-a-kind password, and safeguard it.
• To ensure that mobile applications are protected against vulnerabilities and using the most recent security features, utilise the most recent browser and mobile operating system versions.
• Take acceptable safety measures while transferring data from our cloud environment.
• Sort your data into personal and sensitive categories and label each one appropriately.
• Manage roles and privileges associated with your account and keep an eye on devices connected to your account, current web sessions, and third-party access to identify any unusual activity.
• Be on the lookout for suspicious emails, websites, and links that could be used to exploit your private information by imitating Zeekoi or other services you rely on in order to avoid phishing and malware risks.
• From your end, we strongly recommend scheduling regular backups of your data by exporting them from the respective Zeekoi services and storing it locally in your infrastructure.