Security

Zea is secure by design; changes and features follow secure coding guidelines, code analyzer tools, vulnerability scanners, and peer review processes. Our security framework is based on OWASP standards, is implemented in the application layer, and provides functionalities to mitigate threats. Our employees think "security first," and we incorporate security into our entire software development process.

Any application that runs on GCP infrastructure is deployed with security in mind. We don't assume any trust between services, and we use the multiple mechanisms that Google makes available to us to establish and maintain trust. Our infrastructure was designed to be multi-tenant from the start.

Identities, users, and services are strongly authenticated. Access to sensitive data is protected by advanced tools like phishing-resistant security keys.

Data retention and backup happen in a secure manner. All cloud services, including databases, storage, and compute, are provided by and hosted on Google Cloud Platform, we run instances and backups in multiple zones and provide 99.99% uptime on the cloud.

We encrypt data in transit between your location and our instances on GCP and at rest, ensuring that it can only be accessed by authorized roles and services with audited access to the encryption keys.

Data stored on our infrastructure is automatically encrypted at rest and distributed for availability and reliability. This helps guard against unauthorized access and service interruptions.

We backup all databases weekly. 

We’re able to restore at any point from any of those backups.

Computer networks and data are protected against external and internal threats. Our robust identity and access management architecture ensures that each organization's data is logically separated from other customers' data. Furthermore, we provide encryption at rest as well as in transit to protect our all data.

We only gather the data we need in order to provide services to you. We store and process this information at Zea and secure third-party platforms like HubSpot and Stripe in full compliance with local regulations. Rest assured that you and your users are in good hands. We do not sell your data.

Google data centers feature layered security with custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, biometrics, and laser beam intrusion detection. They are monitored 24/7 by high-resolution cameras that can detect and track intruders. Only approved employees with specific roles may enter.