Data Security at Zero
Security at Zero
At Zero, we take the security and privacy of your data seriously. We maintain robust security practices to protect your business information. This document outlines our key security measures and commitments.
Data Storage and Protection
Encryption
All data is encrypted in transit using TLS 1.3
All data at rest is encrypted using AES-256 encryption
Database backups are encrypted before being stored
Cloud Infrastructure
We host our infrastructure on Google Cloud Platform (GCP) in European data centers
We utilize GCP's built-in security features including VPC networks, firewall rules, and IAM roles
Regular security patches and updates are applied to all systems
Infrastructure is strictly segregated into staging and production environments
Access Control
Employee Access
Single Sign-On (SSO) is required for all internal systems
Multi-Factor Authentication (MFA) mandatory for all employee accounts
Regular access reviews are conducted quarterly
Employee offboarding process includes immediate access revocation
Device Security
Mandatory device encryption for all work devices
Automatic screen locking enforced on all devices
Full disk encryption required for all hard drives
Regular device security audits
Customer Data Access
Customer data is logically separated in our databases
Access to customer data is logged and monitored
Employees can only access customer data when explicitly granted permission e.g. during customer onboarding or support
Security Practices
Authentication
Google SSO integration available for customer accounts
Automatic lockout and cooldown period after multiple failed login attempts
Session timeouts for inactive users
Monitoring and Incident Response
24/7 automated system monitoring
Security logs are retained for 90 days
Documented incident response procedures
Commitment to notify customers of any security incidents within 48 hours
Development Security
Code changes are reviewed before deployment
Strict separation between staging and production environments
Regular security testing and vulnerability scanning
Dependencies are automatically scanned for known vulnerabilities
Data Management
Data Retention
Customer data is retained only as long as necessary
Customers can request data deletion at any time
Regular data backups with 30-day retention
Data Processing
Clear data processing agreements with all third-party vendors
Minimal use of third-party services to reduce exposure
Regular vendor security assessments
Compliance and Testing
Security Assessments
Regular internal security audits
Annual penetration testing by third-party security consultants
Continuous vulnerability scanning
Privacy Compliance
GDPR-compliant data processing and storage
Data stored exclusively in European data centers
Privacy policy available at https://www.zero.inc/privacy
Data Processing Agreements available upon request
Security Updates and Communication
Staying Informed
Security advisories sent to all customers for critical updates
Regular security newsletter for customers
Transparent incident reporting and status updates
Contact
For security-related questions or to report a security concern, please contact:
Email: security@zero.inc
Commitment to Improvement
While we currently maintain these security measures, we are committed to continuously improving our security posture. We regularly review and update our security practices based on:
Emerging security threats
Customer feedback and requirements
Industry best practices
Changes in the regulatory landscape
Last updated: November 2024