Security

Your security and trust are our top priorities. Learn how we protect your data.

Infrastructure Security

  • Cloud hosting: Hosted on secure, SOC 2 compliant infrastructure
  • Network security: Firewalls and DDoS protection
  • Regular backups: Automated daily backups with 30-day retention
  • Monitoring: 24/7 system monitoring and alerting

Data Encryption

  • In transit: TLS 1.3 encryption for all data transmission
  • At rest: AES-256-GCM encryption for sensitive data
  • Passwords: Hashed using scrypt with unique salts
  • API keys: Encrypted webhook URLs and integration tokens

Access Control

  • Role-based access: Granular permissions for Owner, Admin, Member roles
  • Authentication: Secure OAuth 2.0 integration with Google
  • Session management: Secure, httpOnly cookies
  • MFA support: Multi-factor authentication available

Audit Logging

  • Activity tracking: Comprehensive logging of all actions
  • Tamper detection: Cryptographic hash chains prevent log modification
  • Retention: Logs retained for 1 year for compliance
  • Access: Organization owners can view audit logs

Compliance

GDPR

Compliant with EU General Data Protection Regulation

CCPA

Compliant with California Consumer Privacy Act

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly:

Email: security@zapitdone.com

We will respond within 48 hours and work with you to address the issue promptly.