Security Overview

Ziantrix AI Technologies Private Limited ("Ziantrix", "we", "us", or "our") provides an AI-first HRMS for employee operations, payroll calculation support, workflow automation, compliance coordination, and HR service delivery. This Security Overview explains, at a high level, how we approach protection of customer data, employee information, payroll-related workflows, and AI-assisted operations.

Security at Ziantrix is treated as an ongoing operational practice. We design controls around the realities of HR and payroll systems: sensitive employee records, role-specific access, tenant separation, auditability, responsible AI usage, and customer accountability for critical workflows.

Our security philosophy is built on practical controls, clear ownership, and defense in depth. We prioritize controls that reduce risk in daily HRMS operations: limiting access, protecting sensitive data, preserving audit trails, monitoring for unusual activity, and ensuring sensitive workflows remain reviewable by accountable humans.

• Protect customer and employee data as a core product responsibility.
• Design for least privilege and role-appropriate access.
• Maintain tenant separation in a multi-tenant SaaS environment.
• Use encryption and secure data-handling practices for sensitive records.
• Keep critical HR, payroll, compliance, and AI-assisted workflows reviewable.
• Treat security as an ongoing operational discipline, not a one-time checklist.

Ziantrix uses a cloud-native architecture designed for enterprise SaaS operations. Our infrastructure approach emphasizes managed environments, secure deployment practices, environment separation, access control, monitoring, resilience, and controlled operational change.

We do not publicly disclose exact cloud architecture internals, network configuration, provider-specific implementation details, internal environment topology, or security tooling. Enterprise customers may request appropriate security documentation through their Ziantrix contact under suitable confidentiality terms.

• Purpose limitation: customer data is processed to provide, secure, support, and improve customer-specific HRMS workflows.
• Tenant separation: customer workspaces are logically separated to reduce cross-tenant exposure risk.
• Least privilege: access is limited by role, permission, operational need, and customer configuration.
• Data minimization: customers should configure only the employee, payroll, document, and workflow data required for their intended use.
• Auditability: important user, administrative, workflow, and security events may be logged for review and investigation.
• Human accountability: critical HR and payroll decisions remain subject to customer review and approval.

Ziantrix uses encryption protections for data in transit and at rest. Highly sensitive personal data and payroll-related identifiers receive additional handling controls where applicable. Encryption is one layer of a broader security model that also includes access governance, tenant isolation, operational controls, and monitoring.

• Data in transit is protected using modern transport encryption.
• Data at rest is protected using encryption appropriate for enterprise SaaS workloads.
• Sensitive HR, payroll, and identity-related data is handled with additional care and access restrictions.
• Customer access to sensitive records is governed by role, permission, tenant, and workflow configuration.
• Operational access by Ziantrix personnel is limited to support, maintenance, security, legal, or customer-authorized needs.

Identity and access management are central to Ziantrix because HRMS data is highly role-dependent. The platform supports customer-managed user access, enterprise identity capabilities on eligible plans, and administrative controls intended to help organizations apply least-privilege access.

Ziantrix uses role-based access controls to help customers assign permissions based on job function, data sensitivity, workflow ownership, and operational need. RBAC is intended to limit access to the data and actions needed by a user, team, or administrator.

• Customers can assign role-appropriate access for HR, payroll, finance, managers, employees, and administrators.
• Permissions help govern who can view, update, approve, export, or administer sensitive records.
• Workflow ownership and escalation paths can be configured to route work to appropriate reviewers.
• Customers should review access regularly, especially after role changes, exits, or organizational restructuring.

Ziantrix supports authentication and account protection practices appropriate for enterprise HRMS use. Available controls may vary by plan, customer configuration, and enabled identity integrations.

• Enterprise identity integration support on eligible plans.
• Administrative access controls for privileged users.
• Session and account protection practices designed to reduce unauthorized access risk.
• Customer responsibility for enforcing strong internal identity policies, appropriate device controls, and timely offboarding.

Ziantrix is designed as a multi-tenant SaaS platform with logical separation between customer tenants. Tenant isolation is applied so customer data, workflows, documents, permissions, and AI-assisted retrieval remain scoped to the appropriate customer environment and authorized user context.

We avoid publishing low-level implementation details of tenant isolation controls. Public disclosures focus on the principle: customer data separation is a core design requirement of the platform.

Audit logging and monitoring help maintain operational trust in HR and payroll workflows. Ziantrix records important activity to support review, investigation, security operations, and compliance workflows.

• User and administrative events may be logged for review.
• Workflow activity, approvals, escalations, and configuration changes may be logged.
• Payroll validation and document workflow events may be captured where relevant.
• Security and reliability monitoring supports operational visibility.
• Audit logs may be retained according to customer agreements, legal requirements, security needs, and platform retention controls.

AI-assisted HRMS workflows are governed by the same core security principles as the rest of the platform: tenant separation, role-based access, customer-approved context, auditability, and human review for sensitive matters.

• AI-assisted retrieval is intended to respect tenant and permission boundaries.
• Customer-approved knowledge sources and configured workflow context inform AI-assisted responses where enabled.
• AI output is assistive and should not be treated as an automatic final decision.
• Sensitive or unresolved matters can be escalated to authorized human reviewers.
• AI-assisted activity may be logged where needed for auditability, support, or security review.
• Customer data is not used to train public AI models.

Ziantrix is designed to keep critical HR and payroll workflows accountable to customer-authorized humans. The platform can assist with retrieval, classification, summarization, validation, routing, and documentation, but customers remain responsible for final decisions that materially affect employees or payroll outcomes.

• Payroll approval, statutory determinations, compensation changes, disciplinary action, and termination decisions should be reviewed by authorized customer personnel.
• Customers should configure approval chains and escalation paths for sensitive workflows.
• AI-generated or system-suggested outputs should be reviewed before use in critical HR, payroll, legal, or compliance contexts.
• Operational governance should include role review, policy review, workflow ownership, and clear employee escalation paths.

Ziantrix applies secure software development practices intended to reduce risk throughout design, implementation, testing, deployment, and operation. We focus on practical controls suitable for a SaaS platform handling sensitive HR and payroll data.

• Security considerations during product design and engineering review.
• Code review and controlled change practices.
• Dependency and configuration awareness.
• Testing and validation before production release.
• Separation of duties for sensitive operational changes where appropriate.
• Security-conscious defaults for access, data handling, and workflow review.

Vulnerability management is handled as an ongoing risk-management practice. We monitor security-relevant issues, assess severity and business impact, prioritize remediation, and apply fixes or mitigations based on risk.

We do not publicly disclose exact scanning tools, detection rules, patch timelines, internal severity formulas, or remediation workflows. Security researchers, customers, and partners can report concerns through the contact channels listed below.

Ziantrix maintains backup and recovery practices intended to support service resilience and data protection. Backup and recovery capabilities are part of broader operational continuity planning and may vary based on service configuration, customer agreement, and technical requirements.

• Backups are used to support recovery from operational failures or service disruption.
• Backup data is protected according to applicable security controls and lifecycle policies.
• Recovery processes are reviewed as part of operational readiness practices.
• Customers should maintain their own downstream records, exports, and payroll execution controls where required by their internal policies or legal obligations.

Security and privacy controls are closely connected in Ziantrix because employee and payroll data must be handled with both confidentiality and governance. Ziantrix supports privacy workflows such as access, export, correction, deletion, retention, and audit support where applicable and contractually supported.

Ziantrix does not claim certifications or compliance statuses that have not been completed. Customers should refer to their agreements, product configuration, and current Ziantrix-provided security documentation for the latest applicable information.

Security for enterprise SaaS is shared. Ziantrix is responsible for operating and securing the platform according to our service commitments. Customers are responsible for how they configure, govern, and use the platform within their organization.

Ziantrix maintains incident-management practices to identify, assess, contain, investigate, and respond to security or reliability events. The exact internal procedures, tooling, escalation paths, and response playbooks are not publicly disclosed.

• Security and reliability events are assessed based on severity, customer impact, and data sensitivity.
• Appropriate internal stakeholders are engaged for investigation and response.
• Customers are notified of qualifying incidents according to contractual, legal, and operational requirements.
• Post-incident review may inform control improvements, monitoring updates, or process changes.

Security is continuously reviewed as the product, threat landscape, customer needs, and regulatory expectations evolve. We use operational monitoring, engineering review, customer feedback, incident learnings, and governance review to improve our security posture over time.

As capabilities and controls mature, we may update this Security Overview to reflect current practices while continuing to protect sensitive internal details.

To report a security concern, suspected vulnerability, privacy issue, or trust question, contact legal@ziantrix.com. For privacy-specific matters, contact privacy@ziantrix.com. General inquiries may be sent to contact@ziantrix.com.

Ziantrix AI Technologies Private Limited, Plot No. 68, E/Part, Sri Ram Nagar Colony, Pasmamala, Rangareddy, Hyderabad, Telangana 501505, IN.

We may update this document as our security practices, product capabilities, legal expectations, or customer requirements evolve. Material changes will be reflected by updating the version or last updated date.