• Salon & Spa
    Featured

      Never Miss a Booking with AI Receptionist

      Learn more
    Schedule Product Demo
    Salon Overview
    Spa Overview
    Full Service
    Hair
    Waxing
    Aveda
    Lashes and Brows
    Blow Dry Bars
    Massage
    Day/Membership
  • Barbershop
  • Medspa
    featured
    Schedule Product Demo
    Medspa Overview
    Derma & Facial Fillers
    Skin and Derma
    Medical Weightloss
    Laser Treatments
    Wellness and IV Therapy
  • Fitness
    featured
    Schedule Product Demo
    Fitness Overview
    Gyms
    Healthclubs
  • Platform
    featured
    Get Product Demo

    Delight Your
Guests

    Online Booking
    Kiosk & Point of Sale
    Gift Cards & Referrals
    Forms & Charting
    Memberships
& Packages
    Loyalty Programs
    AI Receptionist

    Grow Your Business

    Abandoned Cart Recovery
    Preferred Provider Availability
    Automated Waitlist Management
    Nearby Availability Suggestions
    Automated Upsells
    Dynamic Pricing
    Premium Provider Pricing
    Direct Social
Bookings

    Create productive Providers

    Appointment Book
    Integrated Payroll
& Tipping
    AI-powered Assistant
— Zeenie
    MyZen Provider App
    Zenoti Mobile

    Unify Business Operations

    Marketing
    Payments
    Employee Performance Management
    Inventory
Management
    Photo Manager

    Outpace the Competition

    AI engagement hub
— Hyperconnect
    AI Lead Management
    Automated Reputation Management
    Business Intelligence
  • Pricing
  • Resources
    featured

      How Zenoti salons and spas are winning over millennials and Gen Zers

      Learn more

      Where Beauty, Wellness & Fitness Grow

      Learn more
    Resource Library
    The Zenoti Blog
    Success Stories
    The Check-in
    Growth Diaries
    Innergize
    Events
Book a demo
Book a demo

Security @ Zenoti

Zenoti is committed to protecting its information and that of its customers. This is vital to the success of our Business. Customers across the globe trust us with their data security. This page provides information on our security measures.

Our Information Security Strategy involves the following components:

  • Information Security Governance
  • Human Resources Security
  • Cloud Security
  • IT Security
  • Incident Management
  • Vulnerability Management
  • Product Security
  • Physical Security
  • Business Continuity & Disaster recovery

Information Security Governance

  • Well established Information Security Program.
  • Well established Security Policies and Procedures.
  • Well defined Security Roles and Responsibilities.
  • Active Participation from Zenoti’s Leadership team.
  • Dedicated team of security and privacy professionals.
  • Security audits performed to monitor compliance with Security requirements.
  • Security Newsletters shared on a periodic basis.

Human Resources Security

  • Background Verification (BGV) is performed.
  • Upon joining Zenoti, employees are required to sign the Non-Disclosure Agreement and other documents which include mandatory security clauses.
  • All employees are mandatorily trained on Security and Privacy requirements.

Cloud Security

Architecture

  • Zenoti Platform hosted in AWS and designed as a multi-tenant architecture.

Security

  • Data at rest is encrypted.
  • Data in transit is encrypted.
  • DDOS Protection is enabled.
  • API Throttling is enabled.
  • All systems in cloud are protected by Antivirus.
  • Threat detection is enabled.
  • All our instances run on AWS VPC (Virtual Private Cloud).
  • Single Sign On (SSO) is implemented.
  • Servers are Hardened based on CIS benchmark standards.
  • Industry Standard tools leveraged for periodic security assessments.
  • Data Masking feature is implemented on sensitive data.

Availability

  • Systems run from multiple AWS Availability Zones.
  • Support for On-demand scale of stateless server farms.
  • Zenoti sites are hosted to handle both hardware and availability zone failures.

Backup and Recovery

  • Snapshots are taken for all the Critical Servers at regular intervals.
  • Database: Zenoti employs different techniques like always-on configuration, full backups, incremental backups, image snapshots to recover from any failure.
  • Database backups are encrypted using native encryption.
  • All backups are stored in encrypted storage.
  • Periodic restoration checks are performed.

Logging & Monitoring

  • Industry standard tools leveraged for logging, monitoring, analysis, and incident management.
  • Site is continuously monitored for uptime.
  • Different types of Logs like Event Logs, Application Logs, Infrastructure Logs, Audit Logs are enabled.
  • Site Reliability Engineering team monitors the operations 24/7/365.

IT Security

Endpoint Security

  • By default, administrative access is not provided, and guest accounts are disabled.
  • By default, all the endpoints have USB blocked.
  • All endpoints have anti-virus installed and configured for the latest patches.
  • All endpoints are encrypted.
  • Endpoint Detection and Response (EDR) is enabled.

Network Security

  • Network Intrusion Prevention System (NIPS) is Implemented.
  • URL Filtering feature is enabled.
  • Data Loss Prevention (DLP) is configured to monitor sharing of critical information.
  • E-mail communications are scanned at the gateway to prevent infection from malicious software and programs.
  • VPN (Remote Access Service) with MFA enabled for access from remote.

Backup & Recovery

  • Internal IT servers are backed up on a regularly basis.
  • Periodic Restoration checks are performed.

Availability

  • Redundant Internet Services Providers (ISP).
  • Auto failover and fallback both are enabled on ISPs.
  • High Availability(HA) Firewall system is established.
  • In addition to the Primary DC (Domain Controller) Additional DC are maintained in Cloud and the other region.

Logging & Monitoring

  • Central Log server established for Server Logs, Network and Security device Logs, AV Logs, Admin User Logs.
  • The Logs are monitored continuously for appropriate actions.
  • All Internet connections are monitored for availability.

Incident Management

  • Security Incident Management System is established.
  • Security Incidents are logged and tracked to closure.
  • Incidents related to security can be reported by Zenoti employees, customers, vendors by writing e-mails to a dedicated ID [email protected].

Vulnerability Management

  • Vulnerability Management Program in place
  • Vulnerability Assessments are conducted periodically on the infrastructure and findings, if any, are tracked to closure.
  • Penetration Testing is conducted on a periodic basis and findings, if any, are tracked to closure.
  • Static code testing: Various static code checks like Code Style, Security ( includes OWASP Top 10), Error Prone, Performance, Compatibility, and Unused Code are performed before code check-ins.
  • Application Security Testing is performed. The guidelines followed included OWASP Top 10, CWE/SANS Top 25, PCI DSS Penetration Testing Guidelines, and other industry best practices as applicable.

Product Security

  • Source control system is in place for the code repository.
  • Developer code is reviewed before being committed.
  • All changes are tested thoroughly by the Quality Assurance team.
  • Static code testing is performed.
  • Application security testing is performed.
  • The Zenoti Platform provides Roles and Permissions that allows users to be configured to access the platform based on their roles only.
  • Extensive Product Logging is available for the Zenoti Product to meet compliance requirements.

Physical Security

  • Physical access to Zenoti premises and server rooms is controlled at the entry and exit doors by proximity-based access control system.
  • Zenoti premises and server rooms are continuously monitored through CCTV Cameras.
  • Devices are installed and preventive measures are in place for protection against environmental hazards including but not limited to fire, power outages, fluctuations.

Business Continuity & Disaster recovery

BCP scenarios are tested on a periodic basis as part of disaster recovery readiness.

BCP ( Business Continuity Planning ) Scenarios are identified as part of Business Impact Analysis.

© 2025 Zenoti