At Zealys, we take the security of customer data very seriously. This Security Practices Page details the administrative, technical and organizational security measures implemented by Zealys to safeguard customer data.

Infrastructure

Zealys uses infrastructure provided by Microsoft Azure (“Azure”) to host or process customer data submitted to Zealys services. Information about the security provided by Azure is available from the Azure Cloud Security website. Information about security and privacy-related audits and certifications received by Azure, including information on ISO 27001 certification and SOC reports, is available from the Azure Compliance website. 

Data Residency

Architecture and Data Segregation

Zealys services are operated on a multitenant architecture at both the platform and infrastructure layers that are designed to segregate and restrict access to the data our customers make available via Zealys services, as more specifically defined in the Terms of Service.

Data Encryption

Zealys services use industry-standard encryption to protect customer data during transmissions between a customer’s network and Zealys services. This is done by using secure protocols such as SSL/TLS and HTTPS.

Authentication

All services follow the principle of least privilege and authentication towards services and their APIs are secured using industry-standard mechanisms. OpenID Connect and the underlying OAuth 2.0 protocol is used to securely perform authentication of users and/or client services with trusted parties and validate identity and access using claims-based tokens.

Customer Access Management

Customers using Zealys services are fully empowered to conduct front-end access control to their application, including adding employees/users up to the number of headcounts subscribed and restricting access according to the roles and permissions assigned to the user.

Personnel Access Control

Customer data access is restricted to authorized Zealys personnel on a need-to-know basis through role-based access controls and authentication mechanisms.

Backup of Customer Data

Zealys backs up customer data in the production environment on a daily basis. Customers may request that Zealys restore the database to a state up to seven days prior.

Data Breach Response and Data Management

Potential data breaches are assessed within a 30-day period upon indication. 

For complete information on:
– Data breach notification procedures and timelines
– Data retention and deletion policies

Please refer to our Data Processing Agreement.