Ensure your application, architecture, and data are safe and secure
Protecting your applications against security vulnerabilities throughout the app development lifecycle with the help of software, hardware, and protocols is known as app security.
Zoho Creator allows you to build secure apps with its robust OWASP-based security framework. It ensures your application adheres to coding guidelines, and screens code changes for potential threats with our vulnerability scanners and manual review processes.
Its security-by-design approach makes sure the platform mitigates threats, like cross-site scripting and application layer attacks, and proactively works against them.
Democratizing application security
Protect the confidentiality, integrity, and availability of your application and its data with Zoho Cretor's security tools and features, like encryption, session management, MFA, and more. Whether you're using the application on your phone, tablet, or PC, our centralized security system ensures your application is safe and secure at all times.
Security methods at every stage of your application
Zoho Creator's built-in policies and feature controls ensure all three aspects of your software security—application, platform and data—is taken care of.
Make sure your data is always secure
Maintain the integrity of all your data while keeping it appropriately accessible, with the help of features like encryption, data retention, and more.
Protect your software end-to-end
Make sure your application's data sharing is always compliant, with the help of features like API security and session management.
Control who gets to access your app
Restrict unauthorized access to your application with features like IP restrictions, password policies, and more.
Keep sensitive information under lock and key
From user data to platform security, ensure your application is always secure and protected from potential threats.
Safeguard the contents of your message
Every record, image, and file stored in your Zoho Creator application is always encrypted. You can also add a layer of protection for confidential information using the encrypt data field property. This makes sure your data is never compromised.
Dispose of data at frequent intervals
We don't hold any of your data without your consent. In the case of an inactive or terminated account, your data is erased from our systems automatically within 90 to 120 days, with an option to back up your data if needed.
Build GDPR- and HIPAA-compliant apps
Zoho Creator is a GDPR-ready and HIPAA-compliant platform. Zoho Creator’s features support consent declaration, dynamic opt-in and double opt-in mechanisms, role-based PII and ePHI controls, encryption, and masking information. You always have the right to access, revoke, and delete your data at any time.
Provide API security
Use the API Access option in the permission set to prevent unauthorized usage of the available APIs. This will let you decide which users will be able to use the APIs, helping secure them.
Protect your organization from unauthorized web sessions
With Zoho Directory's session management, you can set the session lifetime, session timeouts, and concurrent sessions to protect your system from threats and track devices/browsers your users are logged in from.
Strengthen the organization's security with IP restrictions
Using IP restrictions, you can control and restrict access to your application from certain IP ranges. By enforcing these restrictions, you can minimize unwanted traffic and secure your server.
Ensure passwords meet security standards
Create strong passwords by defining rules like the length, characters, or expiration date of the password, thereby reducing security risks. You can also set up different password policies for different groups based on the sensitivity of the data they handle. For example, you can enable stronger password policies for the data center team compared to client accounts.
Secure your app with an additional layer
Multi-factor authentication is a protocol that enables you to add a second layer of verification method on top of just a password, like OTP, SMS, Touch ID, and more, to protect your app from unauthorized access.
Over 6 million users worldwide trust us with their dataRead more
Your security is our prioritySign up now
Frequently Asked Questions
How are encryption keys managed, and can customers upload their own keys?
We own and maintain the keys using our in-house Key Management Service (KMS). Currently, there is no provision for customers to upload their own keys.
What is your data backup policy?
We run full backups once a week and incremental backups every day. Back up data is stored in the same location and encrypted at rest, as with the original data. We also restore and validate backups every week, and retain backed-up data for 3 months. In the case of a request from a specific customer, we will restore their data from the backup and make it available to them.
Is API security applicable for all users?
Yes, API security is enabled for users except portal users who have been added into the application. Their API security will be based on the policy defined in the permission set.
Is it possible to manage the sessions of individual users manually?
Yes, it's possible to manage sessions manually using the Account activity tab, Learn more.
Does MFA work offline?
Yes. If you're trying to log in to your account but don't have internet access on your mobile device, you can still log in to your Zoho account using an offline token provided by the OneAuth app. Learn more.