Security

Security at Zact

Enterprise‑minded practices to keep your data safe by default.

Overview

Security is built into our product and operations: least‑privilege access, encrypted data flows, continuous monitoring, and vendor due diligence.

Encryption

  • • TLS 1.2+ for data in transit
  • • AES‑256 for data at rest (managed KMS)
  • • Secret management for credentials and tokens

Access controls

Role‑based access, SSO support (on request), audit trails, and annual access reviews. Production access is limited and logged.

Compliance

We follow SOC‑2 minded practices. Data is hosted with reputable cloud providers with robust certifications.

Incident response

We maintain an incident runbook with triage, escalation, communication, and post‑mortem. Customers are notified per legal requirements.

Responsible disclosure

Report vulnerabilities to security@usezact.com. Please include steps to reproduce. We will acknowledge and remediate promptly.

Subprocessors

  • • Cloud infrastructure and storage
  • • Error monitoring and analytics
  • • Email delivery and support

Contact

Security questions? security@usezact.com