Security
Security isn't a feature—it's the foundation of everything we build.
Security practices
Encryption at Rest
All work data is encrypted using platform-native encryption (LUKS, DPAPI, Keychain) with AES-256.
Encryption in Transit
TLS 1.3 for all network communications. Certificate pinning for mobile clients.
Zero Knowledge
We cannot access your encrypted data. Encryption keys are managed locally on each device.
Audit Logging
Comprehensive audit trails for all administrative actions and policy changes.
Secure Development
All code undergoes security review. Dependencies are automatically scanned for vulnerabilities.
Penetration Testing
Regular third-party penetration tests with published results.
Compliance
SOC 2 Type II In Progress
GDPR Compliant
CCPA Compliant
HIPAA Ready
ISO 27001 Planned
Report a vulnerability
Found a security issue? Please report it responsibly to our security team.
security@zero.xaltrax.com