At Zesty, we consider the security and privacy of our customers as a top priority.
We implement technical and organizational strategy to uphold security and data privacy for our customers worldwide.
Our Security
We aim to maintain high levels of security for all data assets and systems.
Our comprehensive security measures, are tailored to the specific nature, scope, and purpose of the processing, and includes, among others, compliance with the following principles:
- Accessibility
Zesty implemented technical and organizational measures designed to ensure accessibility for its authorized users. We implemented measures designed to detect and respond to incidents, such as viruses and other malware threatening the continued availability of assets, systems, and information. - Confidentiality
Zesty implemented technical and organizational measures designed to ensure that information is only accessible to those authorized to access it on Zesty’s behalf, on a need-to-know basis, and that such are further subject to confidentiality obligations. - Integrity
Zesty implemented technical and organizational measures to safeguard the accuracy and completeness of information and processing methods, intended to prevent the unauthorized destruction or modification of electronic data.
Access Control
Zesty maintains strict access protocols and implementation of applicable monitoring systems, designed to prevent internal systems and customer data from being compromised. Our comprehensive approach extends to physical resource management, applying applicable security measures across all fronts, and among others:
- System Access Control
We ensure exclusive access to our system through strict authorization protocols and monitoring, combined with multi-factor authentication and automated threat detection, intended to safeguard our database. - Data Access Control
Our user authentication measures, and ongoing employee authorization review practice, are placed to ensure that only authorized personnel can access and interact with customer data, safeguarding against unauthorized modification, copy, or transfer. - Physical Access Control
At Zesty, we believe that physical security controls are a key component in any overall security program. We implement access controls and procedures intended to prevent unauthorized access to data and assets. Hosted on Amazon’s accredited data centers, our infrastructure adheres to industry standards and practices.
Continuous Security Monitoring
Zesty implements comprehensive security measures, including employee training, robust safeguards, and routine Penetration Testing, intended to protect the integrity and confidentiality of information.
- Organization & Operations
We deploy extensive training to ensure our employees adhere to our security policies, while actively raising awareness about the importance of data protection. Additionally, we maintain robust safeguards such as firewalls and anti-virus software to protect against potential threats to your information.
- Data availability
Zesty maintains comprehensive backup policies and an automated backup procedure for cloud deployment. Our approach includes permanent monitoring and regular checks in an effort to ensure recovery whenever needed.
- Penetration Testing
We conduct routine Penetration Testing, including annual external tests to detect potential risks. Partnering with reputable third-party vendors, we proactively identify and remediate vulnerabilities, to protect our systems against potential security breaches and maintaining the integrity of our systems.
Encryption
Zesty encrypts Customer data at rest as well as any communication in transit. We utilize TLS encryption on web assets to maintain high security standards and secure two-factor authentication AWS IAM roles. With regular verification of security certificates and encryption algorithms, Zesty implement measure with the aim of keeping your data safe and secure.
Privacy Compliance, Security Standards and Certifications
Aligned with industry best practices and global regulations, Zesty maintains extensive compliance standards, including Service Organization Control (SOC2) compliance, ensuring high level of data security and privacy protection.
- SOC2 standards and certification
Zesty maintains SOC2 type 2 certification, further ensuring the Zesty’s operations, policies, and procedures comply with SOC2 standards, as verified by independent audits..
- Data Protection Laws
Zesty in investing efforts and resource to maintain industry-standard measures, in accordance with applicable privacy and data protections laws. For additional information – see our Data Privacy Compliance Overview
- EU-US Data Privacy Framework
Zesty Tech Inc. is self-certified for compliance with the EU-U.S. Data Privacy Framework and the UK Extension, as set forth by the U.S. Department of Commerce. For additional information see our Data Privacy Framework Statement
