Security at Zyphra
Your data security is our top priority. We implement industry-leading practices to protect your content and credentials.
Encryption
All data is encrypted in transit via TLS. Passwords are hashed with bcrypt. Payment processing is handled entirely by Stripe (PCI DSS Level 1).
Infrastructure
PostgreSQL database with connection pooling, Redis for job queues, and Docker-based deployment with health checks on all services.
Access Controls
JWT-based authentication, organization-scoped data isolation, rate limiting (100 req/min), and input validation on all API endpoints.
Compliance
GDPR and CCPA compliant with full privacy policy, cookie consent mechanism, and data deletion capabilities. SOC 2 and ISO 27001 are on our roadmap.
Incident Response
Application logging via Pino, error tracking for production issues, and a documented incident response process.
Data Protection
Organization-level data isolation ensures your content is only accessible to your team. Full account and data deletion available in settings.
Data Residency
Data is stored in EU-based infrastructure. Generated content and personal data are kept in your selected region.
Security Hardening
Security headers (HSTS, X-Frame-Options, CSP), CORS restrictions, file upload MIME validation, and Stripe webhook signature verification.
Need more details?
Request our full security whitepaper or schedule a security review call.
Contact Us