Security

Security at Zyora Labs

We take security seriously. Here's how we protect your data and our infrastructure.

Our Security Practices

Encryption

All data in transit is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256. API keys and secrets are stored in isolated, encrypted vaults — never in plain text.

Infrastructure Security

Our infrastructure runs on hardened, containerised environments with network segmentation, automated patching, and strict firewall rules. We deploy across multiple regions for redundancy.

Authentication & Access Control

We enforce role-based access control (RBAC) across all internal systems. Multi-factor authentication is mandatory for all employees. API access uses token-based authentication with scoped permissions.

Monitoring & Logging

All systems are monitored 24/7 with real-time alerting. We maintain comprehensive audit logs for access, changes, and security events. Logs are retained securely and reviewed regularly.

Vulnerability Management

We conduct regular vulnerability scans and security assessments. Dependencies are continuously monitored for known vulnerabilities. Critical patches are deployed within 24 hours of discovery.

Data Residency

Primary data processing occurs in India. We ensure compliance with applicable data protection regulations. Data is never transferred to third parties without explicit consent.

Secure Development Practices

  • All code undergoes peer review before deployment.
  • We follow OWASP guidelines for secure application development.
  • Automated security testing is integrated into our CI/CD pipeline.
  • We maintain separate development, staging, and production environments.
  • Secrets and credentials are managed through dedicated secret management systems, never hardcoded.

Incident Response

  • We maintain a documented incident response plan with defined escalation procedures.
  • Security incidents are classified by severity and addressed with appropriate urgency.
  • Affected users are notified promptly in the event of a data breach, in accordance with applicable laws.
  • Post-incident reviews are conducted to prevent recurrence.

Employee Security

  • All employees undergo security awareness training upon onboarding and periodically thereafter.
  • Access to production systems is granted on a need-to-know and least-privilege basis.
  • Background checks are conducted for roles with access to sensitive systems.
  • All employee devices are encrypted and managed with endpoint protection.

Third-Party Security

  • We carefully vet all third-party vendors and service providers.
  • Vendor access is restricted and monitored.
  • Data processing agreements are in place with all third parties handling user data.
  • We regularly review vendor security posture and compliance.

Responsible Disclosure

If you discover a security vulnerability in any of our products or services, we encourage you to report it responsibly. Please contact our security team directly — we appreciate your help in keeping our systems and users safe.

hello@zyoralabs.com
+91 89401 89694

Please do not publicly disclose vulnerabilities before we've had a reasonable opportunity to address them.