Security & Compliance

We operate our CRM and automation platform as enterprise-grade software: secure infrastructure, strong encryption, disciplined access control, and continuous monitoring—so your team can focus on revenue and client delivery.

SOC 2 Type 2 — AICPA SOC for Service Organizations
GDPR — General Data Protection Regulation

Security overview

Security is built into how we design, deploy, and operate the platform—not added as an afterthought. Our approach combines hardened cloud infrastructure, encryption by default, least-privilege access, and operational practices aligned with widely recognized assurance frameworks.

  • Defense-in-depth across network, application, and data layers under our control.
  • Regular review of configurations, permissions, and vendor posture for critical dependencies.
  • Clear ownership for incident response, change management, and customer communication.

We describe our practices in good faith to support your diligence. Specific contractual commitments, data processing terms, and questionnaires are handled as part of commercial onboarding.

Infrastructure & cloud hosting

Production systems run in secure, globally recognized cloud environments. We leverage AWS and Google Cloud capabilities for resilient compute, storage, and networking—backed by their physical security, regional redundancy options, and compliance programs.

  • Isolated environments and strict change controls for production workloads.
  • Network segmentation and modern edge protections where applicable.
  • Alignment with SOC 2 Type II–oriented control objectives for service organizations.

Data encryption

Protecting data in motion and at rest is fundamental to a trustworthy CRM and messaging stack.

  • TLS encryption for traffic between clients and our services, using current protocols and cipher suites.
  • Encryption for sensitive data at rest within our cloud data stores and backups.
  • Key management practices that limit access to encryption material to authorized systems and roles.

Access control & authentication

Access to our production environment and to customer data is granted on a need-to-know basis and continuously reviewed.

  • Role-based permissions for staff and operators; separation of duties for high-risk actions.
  • Strong authentication for administrative systems; optional enhanced login controls for your organization’s users where supported.
  • Logging of privileged activity to support audits and investigations.

Monitoring & backups

Availability and recoverability depend on proactive monitoring and dependable backup routines.

  • Continuous monitoring of application and infrastructure health with alerting for anomalies.
  • Secure backups with encryption and retention policies appropriate to operational recovery goals.
  • Documented procedures for incident triage, escalation, and post-incident review.

GDPR & privacy commitment

We take a privacy-focused approach to architecture and process, supporting customers who operate under the GDPR and similar regimes.

  • Data minimization and purpose limitation in how platform features collect and surface information.
  • Support for organizational workflows around consent, access requests, and retention—aligned with your policies.
  • Transparency via our Privacy policy and contractual data protection terms as applicable.

We do not sell personal data. How you configure automations, forms, and integrations determines much of what is stored—your team remains the controller for your end-customer data in typical deployments.

Platform reliability

Your pipelines, inbox, and campaigns depend on a stable platform. We design for high availability and graceful degradation.

  • Redundant components and health checks to reduce single points of failure.
  • Capacity planning and performance testing for peak usage patterns.
  • Communication channels for customers when maintenance or issues affect service.

Compliance standards

Our security program is structured to map to expectations from enterprise buyers and regulators, including:

  • SOC 2 Type II aligned practices for security, availability, and confidentiality of the services we operate.
  • Use of cloud providers with robust third-party assurance reports.
  • Ongoing risk assessments, vendor reviews, and staff training.

Formal audit reports and completed questionnaires are shared under NDA with qualified prospects and customers as appropriate.

Contact the security team

For security questionnaires, responsible disclosure, or privacy and compliance questions, reach out to our team. We prioritize timely responses for verified customers and active evaluations.

Security & compliance
Include your organization name and whether you are reporting a vulnerability or requesting documentation.

info@zantacore.com Book a call