Skip to main content

Security Features and Privacy Policy

Matthew Mills
  • Updated

Zapnito implements a wide array of security features on our sites to ensure the safety of your sites which are described below. You will be able to find a full overview of the Zapnito Security Policy on our community site.

Data Security

Zapnito physical infrastructure and databases are hosted and managed within Amazon's secure data centers, utilising Amazon Web Services (AWS) technology and are all encrypted. This technology is used through Heroku's Platform as a service. Heroku is also used for Web Servers, PostgreSQL database(s), and Redis databases. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Amazon's data center operations have been accredited under: ISO 27001SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II) PCI Level 1FISMA ModerateSarbanes-Oxley (SOX)PCI.

Payment Security

We use PCI compliant payment processor Braintree for encrypting and processing credit card payments. Zapnito's infrastructure provider is PCI Level 1 compliant. 99% of the services we use are Amazon. We do not use any DMS on Amazon; it is all static files storage and CDN.

Platform Security

We also conduct scheduled vulnerability and penetration testing that is overseen by an independent third party specialist security testing organisation.

All traffic on the platform goes over HTTPS, there is no traffic going over HTTP at all. User passwords are encrypted using bcrypt and then they are stretched 10 times over. All of these protocols and more ensure for a secure and safe platform for your data and users.

Privacy Policy

As an end user you will have your own privacy policy which clients will have to agree to when they set up their accounts, but that can be derived from ours. To learn more about this, check out our guide to setting up your terms pages.

In terms of our privacy policy it’s all down to where the user data is stored, that leans on our upstream provider such as Salesforce, that privacy policy does declare that the user data is stored on Heroku services. We have a Safe Harbor Agreement with Salesforce, and Amazon have signed up a model clause, which covers the transfer of European data over to the US.

If you have any questions, please contact us at support@zapnito.com.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.