Zea is secure by design; changes and features follow secure coding guidelines, code analyzer tools, vulnerability scanners, and peer review processes. Our security framework is based on OWASP standards, is implemented in the application layer, and provides functionalities to mitigate threats. Our employees think "security first," and we incorporate security into our entire software development process.
Any application that runs on GCP infrastructure is deployed with security in mind. We don't assume any trust between services, and we use the multiple mechanisms that Google makes available to us to establish and maintain trust. Our infrastructure was designed to be multi-tenant from the start.
Data retention and backup happen in a secure manner. All cloud services, including databases, storage, and compute, are provided by and hosted on Google Cloud Platform, we run instances and backups in multiple zones and provide 99.99% uptime on the cloud.
We encrypt data in transit between your location and our instances on GCP and at rest, ensuring that it can only be accessed by authorized roles and services with audited access to the encryption keys.
Computer networks and data are protected against external and internal threats. Our robust identity and access management architecture ensures that each organization's data is logically separated from other customers' data. Furthermore, we provide encryption at rest as well as in transit to protect our all data.
We only gather the data we need in order to provide services to you. We store and process this information at Zea and secure third-party platforms like HubSpot and Stripe in full compliance with local regulations. Rest assured that you and your users are in good hands. We do not sell your data.
Google data centers feature layered security with custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection. They are monitored 24/7 by high-resolution cameras that can detect and track intruders. Only approved employees with specific roles may enter.