Skip to main content

Controlled Export Framework for PII

Caution

Disclaimer: Editorial and technical reviews are currently in progress. As a result, there may be a slight delay in publishing the final versions of some content. We’re actively working on it, including any minor or major changes—will be made available within the next few days. Thank you for your patience.

This article explains Zenoti’s Controlled Export Framework for Personally Identifiable Information (PII). This framework ensures that only authorized users can export sensitive data, with export limits, multi-factor authentication (MFA), approval workflows, and complete audit trails.

Overview

Unrestricted exports of guest and employee information pose a serious compliance and security risk. To mitigate this, Zenoti introduces a Controlled Export Framework that governs exports from reports and listings containing PII data. The framework adds a secure, monitored layer around all exports, ensuring that data access is consistent with global data protection principles (such as GDPR and CCPA). This feature helps organizations:

  • Prevent misuse or accidental sharing of PII

  • Track all data exports for compliance audits

  • Ensure only verified users perform large exports

Key terms

  • PII (Personally Identifiable Information): Data that can identify an individual, such as name, contact details, email address, or IP address.

  • Export Control: A system of rules that restrict or monitor the export of PII from Zenoti reports and listings.

  • MFA (Multi-Factor Authentication): A verification method requiring users to confirm identity via mobile OTP, email OTP, or both.

  • Approval Workflow: A review and authorization process required for over-limit exports by Admins or Managers.

  • Audit Trail: A detailed record of export actions, including user details, timestamps, IP, and MFA logs.

Prerequisites

  • You must have Owner or Admin access to enable or configure export restrictions.

  • MFA setup (mobile number and email) is required for users who can export PII.

  • The organization must be upgraded to the Controlled Export Framework version.

Scope of coverage

This framework applies only to areas containing PII:

  • Guest Reports and Sales Reports with personal data

  • Employee Reports

  • Master Listings: Guests, Employees

  • Functional Areas: Target Segments, Opportunities, Issues with sensitive filters

Note

Reports without PII (such as Inventory Stock, Valuation, etc.) are not restricted.

Configure export permissions

  1. At the organization level, navigate to Configuration > Security >Export controls.

  2. For each role, you can:

    • Enable or disable PII exports.

    • Define the export row limit.

  3. Defaults:

    • Admins/Managers – Enabled, 5,000 rows

    • Owners/Zonal Managers – Enabled, unlimited

    • All other roles – Disabled

      Owners can override both role-level and employee-level settings.

MFA enforcement

When PII exports are attempted:

  • Owner/Zonal Manager: Must complete MFA before export proceeds.

  • Admin/Manager:

    • Within limit → MFA verification required

    • Above limit → MFA + approval workflow

  • Other Roles: Blocked by default with an error message — “PII exports are not permitted for your role.”

MFA options include:

  • Mobile OTP

  • Email OTP

  • Both (based on organization policy)

Approval workflow

For over-limit exports:

  1. The requester initiates export and completes MFA.

  2. Zenoti generates an Export Request visible to approvers (Owner/Zonal Manager).

  3. Approver completes MFA and approves or rejects the request.

  4. Once approved, you will be able to see a My Requests section on your profile.

All approvals and actions are logged.

Audit and monitoring

All export activities are recorded in the Employee Activity Report, capturing:

  • Exporting user ID and role   

  • Report or page name

  • Record count and timestamp

  • IP address and geo-location

  • MFA method used (email, mobile, or both)

  • Approver details (if applicable)

  • Configuration changes to export permissions

Example 1. Example scenario

A Center Manager attempts to export 60,000 guest records while their limit is 10,000. Zenoti prompts for dual MFA (email and mobile). Since the export exceeds their limit, an approval request is sent to the Zonal Manager. The Zonal Manager completes MFA and approves the export. Zenoti emails the manager a secure download link after successful verification. All events—request, MFA, approval, download—are logged with timestamps and IP addresses.



Considerations

  • Applies only to PII-bearing reports and listings.  

  • Non-PII exports are unaffected.

  • Scheduled report enforcement (Phase 2) will follow the same row limits and permission rules.

  • Users without registered MFA channels cannot initiate exports until MFA setup is complete.

In this section: