Security Overview

At Zerix, data protection and system integrity are central to our mission of providing zero-risk compliance visibility. Zerix implements enterprise-grade security measures to protect customer information and ensure platform reliability.

Data hosting and residency

Customer data resides on enterprise-grade managed cloud infrastructure, hosted in the EU (Ireland) region. This ensures GDPR and EU data protection compliance. Specific vendor details are available to customers under NDA in the Data Processing Addendum.

Encryption

• At rest: all databases, backups and files are encrypted using AES-256.
• In transit: all connections use TLS (HTTPS) to ensure data integrity between client and server.

Authentication and access control

• Strong password authentication with enforced policies.
• Two-Factor Authentication (2FA) using TOTP is enabled for all production accounts.
• Role-Based Access Control (RBAC) and Row-Level Security (RLS) ensure users only access their organisation’s data.
• Audit logs track key actions and access events for accountability.

Backups and disaster recovery

• Automated daily encrypted backups, retained for 30 days.
• Secured within the EU (Ireland) region.
• Regular integrity checks ensure safe restoration.

System monitoring and reliability

• Continuous uptime and performance monitoring.
• Regular patching and dependency updates.
• Separate staging environment for pre-production testing.

Compliance

Alignment with UK GDPR, ISO 27001 principles and OWASP Top 10 standards.

Responsible disclosure

Security concerns should be reported to security@zerix.co.uk.