Security Overview

ZAU Security Overview

Last Updated: June 2026

1. Our Commitment to Security

At ZAU, data protection is a core principle of our product design. We safeguard user data through layered security controls, industry-standard encryption, and continuous monitoring.

Our goal is to ensure that every piece of information processed through ZAU is handled safely, transparently, and in compliance with global regulations.

These security commitments are overseen by Alandra Studio, Unipessoal Lda., the legal company responsible for operating ZAU Data.

2. Infrastructure Security

  • Cloud Hosting: ZAU is hosted on Google Cloud Platform, a SOC 2- and ISO 27001-certified cloud provider.
  • Network Protection: Firewalls, network segmentation, and intrusion detection systems protect against unauthorized access.
  • Encryption:
    • All data in transit is protected with TLS 1.2+.
    • All data at rest, including API tokens and user identifiers, is encrypted using AES-256.
  • Backups: Encrypted daily backups stored in separate regions to ensure resilience.

3. Authentication and Access Control

  • OAuth 2.0 Authorization: All third-party connectors (Google Ads, Meta, Shopify) use OAuth for delegated, revocable access.
  • Least-Privilege Access: Internal staff access is limited to roles essential for support or maintenance.
  • Multi-Factor Authentication (MFA): Enforced for all administrative accounts.

4. Application Security

  • Secure Development Lifecycle (SDLC): Code is peer-reviewed, scanned for vulnerabilities, and deployed via controlled CI/CD pipelines.
  • Penetration Testing: Regular third-party security assessments validate our defenses.
  • Logging & Monitoring: Continuous audit logging and anomaly detection protect against suspicious behavior.

5. Data Isolation and Modeling

ZAU’s modeling layer separates raw source data from processed, aggregated metrics. This ensures that customer data remains isolated and can never be mixed between tenants.

6. Incident Response

We maintain a documented Incident Response Plan that includes immediate containment, investigation, remediation, and user notification protocols. Incidents are logged and reviewed to prevent recurrence.

7. Responsible Disclosure

If you believe you’ve found a vulnerability in ZAU, please report it responsibly to security@zau-data.com. We review all reports promptly and appreciate coordinated disclosure.

8. Contact

For security-related questions or requests:

📧 legal@zaudata.com