Data Encryption
Our platform ensures the security of your data through robust encryption measures:
Data in Transit: We use HTTPS to encrypt data during transmission.
Data at Rest: Data is stored on virtual machine disks in the Azure platform with Server-Side Encryption (SSE) and customer-managed keys (PMK).
Compliance and Certifications
We are actively working towards ISO 27001 certification by the end of 2026, underscoring our commitment to industry-standard information security practices.
Access Control and Authentication
User Identity Management
User identities are managed by your designated administrators. We support multi-factor authentication (MFA) to enhance security, with MFA status visible in the Users & Groups view.
Granular Access Control
Our User Groups feature allows for precise control of permissions and roles.
Audit Logs
We provide limited audit log support on a per-user basis, enabling tracking of user activities.
Incident Response and Data Breach Policies
Incident Response Protocol
In the event of a security incident or data breach, we: 1. Immediately contain the incident.
1. Conduct a thorough investigation.
1. Implement prompt remediation.
1. Notify affected parties in compliance with legal requirements. 1. Conduct a post-incident review to prevent future occurrences.
Customer Notification
We notify customers as soon as possible after containing and addressing a breach, within 48 hours of discovery.
Incidents
No incidents or breaches have occurred.
Data Ownership and Portability
Data Ownership
Data uploaded to our platform remains the property of the originating uploader.
Data Termination Policy
Upon service termination, you can delete your organisation and its data. If not deleted by you, the data remains in our system until it is internally deleted.
Data Export
Contracts can be exported in PDF format for backup or migration purposes.
Data Backup
We regularly back up uploaded data to ensure its integrity and availability.
Data Sharing
We do not share uploaded data with third parties.
Vendor Transparency and Reliability
Service Reliability Measures
While we do not have a formal Service Level Agreement (SLA) for uptime, our platform has experienced only 60 minutes of downtime in over three years, demonstrating its reliability.
Support and Communication
Customer Support
We provide 24/7 customer support, including assistance with security-related inquiries.
Security Updates
Security updates, patches, and changes are communicated through periodic release notes published in our knowledge base.
Data Residency and Compliance
Data Storage
Data is stored in the Azure (Australia Southeast) region.
Regulatory Compliance
We ensure compliance with data residency and sovereignty regulations on a per Managed Service Provider (MSP) basis.
Employee Access
Employees with access to customer data include citizens of New Zealand and Canada, in addition to the United States.
Integrations
Vendor Integrations
Integration with other vendors, such as Autotask, ConnectWise, and Azure, is managed by providing API keys within ZenContract. Detailed configuration information is available in our Knowledge Base.
Data Access
The specific data we can read or write is configured in the third-party platform, with summaries available in our knowledge base guides.
Support Policies
Refund and Termination Policy
If the product fails to deliver a key advertised feature, you can request termination with a 30-day notice. Refunds are provided based on mutual agreement.