Zoho Invoice

Help Docs

Privacy and Security

At Zoho Invoice, we take the privacy of your organization very seriously. With the data protection laws coming up, the following feature enhancements in Zoho Invoice will help you stay GDPR compliant. 

Permissions to Access PII

Zoho Invoice lets you to restrict your organization user’s access to the sensitive data of your contacts. You can choose to edit a user’s role and enable or disable their access to Personally Identifiable Information (PII) - Any data that can be used to identify a specific individual. To do this:

PII Permission

Note: By default, the setting will be enabled only for the Admin of the organization. 

Read more about Roles and Users. 

Custom Field Creation 

Custom Fields in Zoho Invoice allow you to quickly and easily add data against fields created by you. From now on, when you create a new custom field, you can choose to encrypt and save the Personally Identifiable Information (PII).

You can select one of the following options:

Yes, it’s PII. Encrypt and store it

This field can contain any sensitive information that only the users with permission to access PII will be able to view them. If you search for the details of this field using advanced search, then it will not show up in the results.

Yes, it’s PII but not sensitive. Store it without encryption

This field can contain any information that cannot be disclosed to all the users. Only the users with permission to access PII will be able to view them. If you search for the details of this field using advanced search, then it will show up in the results.

No, it’s not PII

The field can contain common data that is not sensitive at all. The data will not be encrypted and all users in the organization can view the details. The details of this field show up in results when you perform advanced searches.

Custom Field

Note: The option to mark a field as PII is available only for the following data types: text, number, email, URL, date and phone. 

Restricting Data Export 

Once you have enabled role based access, the users without permission to access Personally Identifiable Information (PII) will not be able to export any sensitive information. This would include SSN number, bank account number, and any custom fields created and marked as sensitive. 

So, when users with permission to access PII want to export data, they can do so.

Data Export
Was this document helpful?
Thank you for your feedback!