Zato Trust Centre

Zato is designed for accounting firms managing sensitive financial and client information. Security, privacy, and transparency are fundamental to the platform’s architecture and operations.

Zato is independently certified to ISO/IEC 27001 and operates in alignment with international privacy frameworks including GDPR, the New Zealand Privacy Act, and the Australian Privacy Act.

Accounting firms retain control of their client data. Zato processes that information solely to operate the platform and support accounting workflows.

ISO27001
Certified

Independently certified to ISO/IEC 27001:2022, the global standard for information security management systems. Zato applies these controls across its cloud infrastructure, development lifecycle, operations, and platform security practices.

GDPR
Compliant

Platform architecture and data protection practices aligned with the EU General Data Protection Regulation. Zato applies safeguards for secure processing, transparency, access controls, and responsible management of personal data.

NZ & AU Privacy
Act Compliant

Designed to comply with the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988. Zato applies stringent local regulatory standards governing the secure collection, use, storage, and protection of personal data and information.

Zato AI Policy

Service-Only Processing

Data processed within Zato is used solely to operate the platform and deliver accounting workflows.

Human Oversight

Accounting professionals remain responsible for reviewing platform outputs and decisions.

Traceable Platform Actions

System activity and automated outputs are logged to support transparency and review

No Data Selling or Sharing

Firm and client data is never sold, shared, or monetised.

Secure Data Handling

AI functionality operates within the same security and access controls as the core platform.

Controlled Integrations

External integrations access data only when enabled and authorised by the accounting firm.

Platform Security

Encrypted Data

All platform communications are encrypted in transit using secure TLS protocols.

Access Controls

Role-based permissions ensure users only access information relevant to their role.

Tenant Separation

Customer environments are logically separated to protect firm and client data.

Secure Infrastructure

Zato operates on enterprise-grade cloud infrastructure with continuous monitoring.

Authentication Controls

Robust authentication and account access controls protect platform users.

Automated Backups

Encrypted backups support resilience and recovery of platform data.

Infrastructure & Hosting

Cloud Infrastructure

Zato runs on secure Amazon Web Services infrastructure designed for reliability, scalability, and enterprise-grade security.

Regional Data Hosting

Customer data is always hosted locally, with New Zealand data stored in New Zealand and Australian data stored in Australia.

Operational Monitoring

Infrastructure and platform systems are continuously monitored to maintain availability, reliability, and security for our clients.

Documents & Policies

Additional documentation

Compliance documents are available upon request.

For any enquiries

Contact team@zatohq.com

Make Zato your unfair advantage.

Home Product Trust Centre About

We take data protection seriously. Our platform is ISO 27001 certified and fully GDPR compliant, ensuring data is handled with the highest standards of security and privacy.