Zapnito implements a wide array of security features on our sites to ensure the safety of your sites which are described below. You will be able to find a full overview of the Zapnito Security Policy on our community site.
Zapnito physical infrastructure and databases are hosted and managed within Amazon's secure data centers, utilising Amazon Web Services (AWS) technology and are all encrypted. This technology is used through Heroku's Platform as a service. Heroku is also used for Web Servers, PostgreSQL database(s), and Redis databases. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon's data center operations have been accredited under: ISO 27001SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) PCI Level 1FISMA ModerateSarbanes-Oxley (SOX)PCI.
We use PCI compliant payment processor Braintree for encrypting and processing credit card payments. Zapnito's infrastructure provider is PCI Level 1 compliant. 99% of the services we use are Amazon. We do not use any DMS on Amazon; it is all static files storage and CDN.
We also conduct scheduled vulnerability and penetration testing that is overseen by an independent third party specialist security testing organisation.
All traffic on the platform goes over HTTPS, there is no traffic going over HTTP at all. User passwords are encrypted using bcrypt and then they are stretched 10 times over. All of these protocols and more ensure for a secure and safe platform for your data and users.
If you have any questions, please contact us at email@example.com.