Data Encryption

• At Rest: All user data—including tasks, projects, documents, and metadata—is encrypted at rest using 256-bit AES encryption.
• In Transit: Data is encrypted using TLS and SSH protocols during transit, securing your information end-to-end.

Backend Compliance

Our backend is powered by Convex, which ensures secure infrastructure and meets the following compliance standards:

• SOC 2 Type I
• HIPAA
• GDPR

File Storage

We use Cloudflare to store user files:

• All user files are stored in private buckets, inaccessible to the public, except for profile pictures and workspace logos, which are publicly accessible for performance and usability.
• Private files are delivered using signed URLs that expire after 15 minutes.

Authentication & Identity

Zavimo uses Clerk for authentication and identity management:

• Clerk is SOC 2 Type II certified and CCPA compliant, ensuring strong privacy controls and secure access management.

Hosting & Deployment

Zavimo is hosted on Vercel, a globally distributed, secure hosting platform:

• Vercel's infrastructure follows modern best practices and is SOC 2 Type II, ISO 27001, and GDPR compliant.

Our Commitment

We're committed to maintaining a secure and trustworthy platform and to continuously improving our security practices. As part of that commitment, we are actively working toward achieving SOC 2 Type I, GDPR, and HIPAA compliance to further strengthen our data protection and privacy standards.

If you have any questions or concerns about how we handle security or data protection, feel free to contact us.