Updated: Nov 12
In this day and age where our digital footprint is stronger than ever, it is crucial to know how organisations that you interact with manage your data. Here at Zelt we are advocating for transparency and security when it comes to personal information. That is why we have built Zelt using best practices to ensure a strong and secure service.
What data does Zelt store?
In line with GDPR principles, any personal data collected by Zelt is for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Essentially we will only collect and store mission-critical information to help you manage your company's operations and improve overall employee experience.
This means we never store your passwords, payment information or cookies from other websites (we only use secure cookies, which don’t store any personal information locally). We will also never sell or share your data with third-party providers without your explicit consent, i.e. when connecting a chosen third-party app to Zelt.
Where and how is data stored?
With Zelt, all your data is stored using Amazon Web Services (AWS), world’s leading cloud computing service provider. AWS is a recognised provider of secure network architecture to protect your information, identities, applications, and devices.
The data is stored in the AWS EU (London) Region that is designed and built to meet rigorous compliance standards including ISO 27001, ISO 9001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC3, PCI DSS Level 1, and many more.
Does my data get transferred?
Every time you access Zelt services on the website you transfer some data across to the browser. We encrypt each transfer at 256-bit and send it through TLS 1.2 (HTTP over TLS), adhering to the FIPS 140-2 certification standard. Each session is limited to 2 hours of idle time.
Who can see and access my personal data inside and outside of my account?
We believe that your data belongs to you. That's why Zelt employees do not have access to your company's user accounts inside the app. Also, our infrastructure permissions allow only few individuals (CEO, CTO) to directly access our production databases for the purpose of trouble shooting, and all requests are logged. No-one else can access our production databases.
Within the application, we have created Permission Groups, so you can be in control of your company's internal data governance and can set visibility rules on a needs basis. As a standard user (i.e. regular employee) you don't have to worry about sharing certain sensitive personal information such as your address or bank account details, as only admins can see them.
Is my data backed up?
In general you do not have to worry about losing your data as our uptime is >99.8%. which means less than an hour downtime in the last month. (Not to brag, but this is better than Facebook's 97%!)
However, in an unlikely event of data loss we save the last working version of Zelt every day and can restore it in a matter of a few minutes.
Is my activity monitored on Zelt?
For the purposes of user experience improvements and general usage statistics we keep a record of anonymised logins and high level actions such as "Application added" or "Device added". For audit purposes we also keep track of changes made to users' profiles that you can see at the bottom of each user's profile, if you have the necessary permissions.
We hope you find this article useful!
If you have any questions related to data privacy or any other aspects of Zelt, please reach out via the in-app Intercom. We're always happy to help!