Legal
Security & Data Protection
Last updated: May 15, 2026
Authentication
ZoroBiz uses Supabase Auth for account authentication. Users should use strong passwords and protect access to their email accounts because email verification and password recovery depend on email control.
Tenant isolation
ZoroBiz is designed as a multi-tenant SaaS product. Company data is scoped by company records, authenticated employee profiles, role checks, and database policies intended to prevent one company from accessing another company’s data.
Role-based access
Admin, employee, and platform-owner workflows are separated in the application. Customers should assign admin access only to trusted staff and review employee access regularly.
Sensitive operational data
Attendance records, GPS coordinates, selfie images, employee files, salary fields, invoices, customer records, vendor records, purchase orders, and inventory data should be treated as confidential business data by customers and users.
Files and uploads
Uploaded documents and images should not contain unnecessary sensitive information. Customers are responsible for checking files before uploading them and for removing files that should no longer be stored.
Incident reporting
If you believe an account, employee login, file, invoice, or company record has been exposed or accessed incorrectly, contact support@zorobiz.online with the company name, affected email, and a short description of the issue.