Last Update: 11/11/2020
Our service is built on Amazon Web Services (AWS) and based on a serverless architecture.
This allows us to operate without managing traditional servers and databases.
We don’t host or run our own routers, load balancers, DNS servers, or physical servers.
Our security strategy is focused on adhering to the highest standards of compliance and industry best practices.
Our integration IAM role gives us read-only access to the metadata about the running resources in your AWS account.
We never access any of your company or customer’s data.
We do not have permissions to modify or update any of your AWS resources.
Zesty does not store any private keys, passwords, or authentication tokens.
The authentication is made based on the IAM Cross Account Role along with External ID that provides two-factor authentication.
Data encryption in motion and at rest
We use SSL/TLS encryption on our web assets to ensure the highest security and data protection standards. We regularly verify our security certificates and encryption algorithms to keep your data safe.
At-rest user data is encrypted. Learn more about Server-Side Encryption with Amazon S3-Managed Encryption Keys.
Zesty’s physical infrastructure is hosted on Amazon’s data centers and utilizes the Amazon Web Service (AWS) technology. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- Sarbanes-Oxley (SOX)
- For more info, please see: https://aws.amazon.com/security
All payment instrument processing is safely outsourced to BlueSnap which is certified as a PCI Level 1 Service Provider. We don’t collect any payment information and are therefore not subject to PCI obligations.
EU General Data Protection Regulation (GDPR)
Zesty is committed to helping our customers understand the rights and obligations under the General Data
Protection Regulation (GDPR), which took effect on May 25, 2018.
We have introduced tools and processes to ensure our compliance with requirements imposed by the
GDPR and to help our customers comply as well.
To learn more about our GDPR compliance, please read our GDPR Policy.