Data encryption is a way to safeguard personal or sensitive information, such as phone numbers, passwords, etc., that are stored in the Zoho Contracts database and file system. It prevents the data from being stolen or lost by converting the plain (or readable) text into cipher (or non-readable) text that is accessible only to the authorized parties. Even if a potential hacker gets a hold of the data, the information stored in the cipher text is non-readable.
Encryption can be used in two situations.
- Encryption in Transit
- Encryption at Rest (EAR)
Encryption in Transit
Refers to data that is encrypted when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects your data from man-in-the-middle-attacks. Learn more
Encryption at Rest
Refers to data that is encrypted when it is stored (not moving) — either on a disc, in a database, or some other form of media. In addition to encryption of data during transit, encryption of data when it is stored in the servers provides an even higher level of security. EAR protects against any possible data leak due to server compromise or unauthorized access.
Encryption is done at the application layer using the AES-256 algorithm, which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called Data Encryption Key (DEK). The DEK is further encrypted using the KEK (Key Encryption Key), thus providing yet another layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS). Learn more
What data do we encrypt in Zoho Contracts?
Zoho Contracts encrypts the following data at rest.
- Contract Documents
- Generated Contract Letters
- File Attachments
- Organization Phone Number
- Counterparty Contacts' Phone Number
- Password of the password-protected contract document link sent for negotiation
- Name and Email Addresses of signers external to the organization and counterparty (i.e., Other Representatives)
- Users IP addresses
As the contract documents are encrypted, the data of the document fields present in a document are also encrypted.
Besides application-layer encryption, full-disk encryption is available in our IN (India), AU (Australia), and JP (Japan) data centers.