Trust center
Security, compliance, and data protection at Zithara.AI
We know that choosing a CRM platform means trusting us with your customers' data. This page provides a transparent overview of our security posture, certifications, and data protection practices.
Certifications & Compliance
ISO 27001
Information security management system certified by BSI
DPDPA 2023
India's Digital Personal Data Protection Act
SOC 2 Type I
Expected completion: Q2 2025
AWS Well-Architected
Following AWS security best practices
OWASP Top 10 for LLM
AI-specific application security
Infrastructure
How we protect merchant data
- Per-merchant database isolation — no shared tables, no cross-tenant queries
- Role-based access controls with MFA for all internal access
- Production access restricted to authorized DevOps personnel only
- All access logged and auditable
- AES-256 encryption at rest, TLS 1.2+ in transit
- Regular third-party penetration testing
- 24/7 NOC monitoring for suspicious activity
AI governance
As an AI-first platform, we apply dedicated governance to all AI features.
- No merchant data used for third-party AI model training
- AI processing isolated per merchant tenant
- All AI outputs auditable and logged
- Human oversight required for all AI-generated campaigns
- Configurable guardrails for WhatsApp chat agents
Resources for your security review
Data Processing Agreement (DPA)
Download our standard DPA for merchant review
DownloadSecurity Whitepaper
Detailed overview of our security architecture
Coming soon — contact security@zithara.in for interim documentation
Sub-processor List
Third-party services that may process merchant data
Coming soon — contact security@zithara.in for interim documentation
Pre-filled Security Questionnaire
SIG Lite / CAIQ format for enterprise procurement
Coming soon — contact security@zithara.in for interim documentation