Trust & Security
Security and transparency, from day one
We are a young company and we earn trust by being precise about what we do — and honest about what is still ahead. This page documents our current security practices, compliance posture, and the providers we rely on.
Security practices
Encryption in transit and at rest
All traffic is served over TLS. Data at rest is encrypted by our managed database provider.
Role-based access control
Customer, platform-admin, and super-admin privileges are strictly separated. Production access is limited to authorised personnel.
Credential security
Passwords are stored with modern one-way hashing, email verification is required before account activation, and sessions expire automatically.
Managed infrastructure
Hosted on Vercel and Supabase (AWS). Environments are isolated and secrets live in managed configuration — never in code.
Backups
Automated database backups through our managed database provider support recovery from operational incidents.
Monitoring and logging
Structured application logging and error monitoring help us detect, triage, and resolve issues quickly.
Compliance posture
An honest snapshot of where we stand today — including what is planned but not yet in place.
GDPR
In placeOur privacy policy documents what we collect, the legal bases we rely on, your rights, and our sub-processors. Data subject requests are handled via the contact page.
Data processing agreement (DPA)
PlannedA standard DPA covering product data processing is being prepared. In the meantime, business customers can raise data processing requirements with us during enterprise onboarding.
SOC 2 / ISO 27001
PlannedWe are not yet certified. Our controls are designed with these frameworks in mind, and formal certification is on our roadmap as the company grows.
Public status page
PlannedA public uptime and incident-history page is planned at status.zentryk.com.
Data residency
In placeCorporate-site and account data is hosted in AWS ap-northeast-2 (Seoul) via Supabase. Product-specific residency details are provided in each product's documentation.
Sub-processors
The service providers that process data on our behalf. Details on what each processes are in our privacy policy.
| Provider | Purpose |
|---|---|
| Vercel | Website hosting & CDN |
| Supabase | Managed Postgres database |
| Resend | Transactional email |
| Sentry | Error monitoring |
| PostHog | Product analytics |
See our privacy policy for the data each provider processes and the safeguards applied to international transfers.
Questions about security or compliance?
Ask us directly, or see the platform for yourself — we are happy to walk through our architecture and practices on a call.