Security is our top priority

We have successfully implemented Information Security Management System (ISMS). The ISMS covers all of Zapflow’s systems, services and personnel. Zapflow is recognized and certified as an ISMS compliant, certificate issued on October 20, 2020.

All data in Zapflow is encrypted at all times when stored, including all database entries, attached documents and emails. The data is stored encrypted in the Amazon Web Services (AWS) RDS service. All documents and email attachments are stored in AWS S3 in encrypted buckets. The encryption keys are managed by AWS KMS. All customer files are scanned for viruses within the AWS S3 with the AWS Lambda antivirus feature. AWS provides services that comply with the highest security standards in the industry, including SOC 3, HIPAA/HITECH, GDPR, PCI DSS Level 1 and MTCS Level 3.

Any network traffic in and out of our servers will always be transported over encrypted network protocols: SSL, WSS and SSH. The application servers are hosted in a Virtual Private Cloud (VPC) and only the internet-facing application servers are exposed through a firewall and load balancers. The databases and application servers are protected by firewalls. The firewalls only allow access to dedicated ports and protocols required by the application architecture.

We pay the utmost attention to your data privacy and visibility. Access privileges to the data are managed and checked on four levels: input data validation, database queries, business logic and upon data serialization. In addition to that, role-based authorization privileges are checked upon every request to our application servers.

All requests to our application servers are logged and logs are stored and encrypted on the AWS S3 service. An object-level change timeline is provided for select objects.

We do not have access to our customers' data. Only within a special control, we might be provided temporary access to your data by authorized employees only to satisfy your special requirements or business needs.

The AWS RDS Database is configured with a multi-zone hot-swap replica. The automated backups are stored daily and in multiple locations. We use third-party tools to monitor service availability worldwide and our personnel is automatically notified of any outages.

Our AWS application servers are protected by firewalls and only the internet-facing servers can be accessed via SSL and WSS protocols. Any other access to our servers is limited to VPN. Access to the VPN is given only to our DevOps team and is only allowed with public key authentication.

Our AWS access policy requires all users to use Two-factor authentication (2FA) to log in to Zapflow Amazon Web Services accounts. 2FA can also be integrated into customer user accounts when they login to Zapflow. For more details on this subject please contact sales@zapflow.com.