Zerix Security Overview

At Zerix, data protection and system integrity are central to our mission of providing zero-risk compliance visibility. We follow enterprise-grade security practices to safeguard customer information and maintain platform reliability.

Data Hosting & Residency

All Zerix data is hosted on Amazon Web Services (AWS) infrastructure via Supabase, located in the EU (Ireland) region. This ensures full compliance with GDPR and EU data protection regulations.

Encryption

• At Rest: All databases, backups, and files are encrypted using AES-256.
• In Transit: All connections use TLS (HTTPS) to ensure data integrity between client and server.

Authentication & Access Control

• Secure email & password authentication with enforced strong password policy.
• Two-Factor Authentication (2FA) using TOTP is enabled for all production accounts.
• Role-Based Access Control (RBAC) and Row-Level Security (RLS) ensure users only access their organization’s data.
• Audit logs track key actions and access events for accountability.

Backups & Disaster Recovery

• Automated daily encrypted backups retained for 30 days.
• Stored securely within the EU (Ireland) AWS region.
• Regular backup integrity checks ensure data can be restored quickly and safely.

System Monitoring & Reliability

• Continuous monitoring for uptime, performance, and anomalies.
• Regular patching and dependency updates to reduce vulnerabilities.
• Separate staging environment for testing before production deployment.

Compliance

Zerix follows industry-standard security practices aligned with:

• GDPR (General Data Protection Regulation)
• ISO 27001 principles for information security management
• OWASP Top 10 web application security best practices

Responsible Disclosure

If you believe you’ve discovered a potential security issue, please contact our security team at security@zerix.co.uk. We investigate all reports promptly and appreciate responsible disclosures.