Trust Center
Security, privacy, and compliance are foundational to Zof. Learn about our practices and certifications.
Certifications & Compliance
SOC 2 Type II
Audited annually for security, availability, and confidentiality.
ISO 27001
Certified information security management system.
GDPR
Full compliance with EU data protection regulations.
HIPAA
Ready for healthcare data processing agreements.
Security Practices
Data Encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Customer code and test results are isolated and encrypted with customer-specific keys.
Access Control
Role-based access control, SSO integration, and audit logging for all access. MFA required for all privileged access.
Infrastructure Security
Hosted on SOC 2 Type II certified cloud infrastructure with network isolation, intrusion detection, and continuous monitoring.
Penetration Testing
Annual third-party penetration testing with continuous vulnerability scanning. All findings are remediated promptly.
Incident Response
Documented incident response procedures with 24/7 on-call security team. Customers are notified of any security incidents per SLA.
Vendor Management
Rigorous vendor security assessment process. All subprocessors undergo security review and are contractually bound to our security standards.
Questions About Security?
Our security team is available to answer questions and provide documentation.
Contact Security Team