Zesttee Data Security Policy

Zesttee Data Security Policy

Overview

Zesttee is committed to maintaining the highest operational standards in systems and processes to protect personal data in accordance with good industry practice. Zesttee employs multiple layers of security controls to protect access to data, including physical and network security, firewalls and intrusion protection systems.

Zesttee engages industry leading suppliers to leverage their expertise, experience, global threat and intelligence to protect its systems.

Physical security

Zesttee’s information systems and technical infrastructure are hosted within Microsoft’s Azure Platform. Azure maintains world-class, SOC 2, PCI and ISO accredited data centers with the highest levels of physical security.

To learn more about Azure Data Center security please visit
https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security

Web Application Firewall

Zesttee utilises Cloudflare’s WAF to protect our customer facing applications. Cloudflare’s WAF is an intelligent, integrated and scalable solution to protect business-critical web applications from malicious attacks.

Learn more here
https://www.cloudflare.com/waf

Access Control

Access to Zesttee’s technology resources is only permitted through secure connectivity (e.g., VPN, SSH) and requires multi-factor authentication. Our production password policy requires complexity, expiration, and lockout and disallows reuse. Zesttee grants access on a need to know basis of least privilege rules.

All Zesttee staff are required to use 2 factor authentication in order to gain access to our back office systems, customers also have the option of turning on 2FA to secure access to their account.

Only authorised Zesttee personnel have access to data which is strictly limited to essential personnel only

Data Encryption

Zesttee uses the latest industry standard SSL and TLS 1.3 (Transport Security Layer) with HSTS (HTTP Strict Transport Security) for enhanced security and all data is encrypted in transit.

In addition to transport layer encryption all customer data is encrypted at rest in our databases.