No external model training — how Zato's AI works

The short version

Your client data never leaves the Zato platform. No external AI model ever sees it. Ziffy runs on Zato's own infrastructure, within your jurisdiction.

How Zato's AI is built

Zato uses proprietary accounting logic combined with best-in-class large language models in a closed, locally hosted environment. This is not a bolt-on to a generic AI tool — it is purpose-built for accounting compliance.

What this means for your data

• Client data is never sent to an external AI model

• Ziffy's responses are generated within Zato's own regional infrastructure

• No client data is used to train any external model — ever

• Ziffy operates only on the data within the specific job you are working on

• AI processing stays within your jurisdiction — NZ firms' data is processed in NZ, AU firms' data in AU

ISO 42001 — AI governance certification

Zato holds ISO 42001 certification — the international standard for AI management systems. This is the first AI-specific ISO standard and one of the most rigorous governance frameworks for AI in enterprise software.

For your firm, this means:

• Zato's AI systems operate under documented policies and controls

• AI outputs are subject to defined human oversight and review processes

• Risk management applies specifically to AI decision-making

• There is accountability and transparency in how AI is used across the platform

This certification is rare in the field of accounting technology. It reflects the level of governance your firm should expect from any platform that handles client financial data using AI.

How it differs from general AI tools

When your team uses Ziffy, responses are grounded in Zato's accounting domain knowledge and the actual data in that specific job. It is not a general-purpose assistant connected to the internet. It does not learn from your data. It does not share outputs across firms. It operates within a secure, closed environment governed by ISO 42001.