Yes. Zoho Payment Technologies Private Ltd, has implemented a comprehensive Information Security Management System based on ISO standards, focusing on our security objectives, risk management, and data protection measures. Zoho Payments certified for ISO/IEC 27001:2022 and PCI DSS Level 1, demonstrating our commitment to maintaining the highest standards of security and compliance.

For Zoho Payment Technologies Private Ltd, all customer data is securely stored in data centers located within India. When you sign up, your account and associated data are automatically stored within India to ensure compliance with regulatory requirements.

At any time, you can verify this by checking the URL in your browser while using Zoho Payments. If the URL is in the format of *.zoho.in (for example, payments.zoho.in), your data is stored in the India Data Center (IN DC).

Yes. Zoho Payments encrypt customer data both in transit and at rest to ensure complete protection. Data at rest is encrypted using AES-256, an industry-standard encryption protocol. Data in transit over public networks is protected using Transport Layer Security (TLS) 1.2/1.3 with Perfect Forward Secrecy (PFS) to prevent unauthorized access or modification.

Additional security features that can be managed by customers:

• Multi factor Authentication,
• Configurable password,
• IP restrictions,
• Geo-fencing,
• Application-Specific Passwords,
• Role based Access control,
• Account activity audit