Zato Security
Accounting firms trust Zato with the most sensitive data they hold — their clients' financial records. We don't take that lightly.
Security and privacy aren't features in Zato. They're the foundation every other feature is built on. Your firm retains full ownership and control of your client data. Zato processes that information for one reason only: to run your accounting workflows.
Zato AI Policy
Data processed within Zato is used solely to operate the platform and deliver accounting workflows.
Accounting professionals remain responsible for reviewing platform outputs and decisions.
System activity and automated outputs are logged to support transparency and review
Firm and client data is never sold, shared, or monetised.
AI functionality operates within the same security and access controls as the core platform.
External integrations access data only when enabled and authorised by the accounting firm.
Platform Security
All platform communications are encrypted in transit using secure TLS protocols.
Role-based permissions ensure users only access information relevant to their role.
Customer environments are logically separated to protect firm and client data.
Zato operates on enterprise-grade cloud infrastructure with continuous monitoring.
Robust authentication and account access controls protect platform users.
Encrypted backups support resilience and recovery of platform data.
Infrastructure & Hosting
Zato runs on secure Amazon Web Services infrastructure designed for reliability, scalability, and enterprise-grade security.
Customer data is always hosted locally, with New Zealand data stored in New Zealand and Australian data stored in Australia.
Infrastructure and platform systems are continuously monitored to maintain availability, reliability, and security for our clients.
Additional documentation
Compliance documents are available upon request.
For any enquiries
Contact security@zatohq.com
