Zaro
TRUST

Trust Center

Last updated · May 27, 2026

Security, privacy, and operational rigour are first-class product surfaces at Zaro. This page is our running summary of how we protect customer data, the compliance frameworks we are aligning to, and the controls we operate today.

We are actively pursuing SOC 2 Type II and ISO 27001 certification through Drata. Many of the underlying controls have already been implemented and are continuously monitored; the formal audits will follow once each framework's observation period concludes. We publish status updates here as those milestones land.

COMPLIANCE STATUS

Frameworks we operate to — and what's audited.

Compliance is a journey, not a checkbox. Here is exactly where each framework stands, what's verified by a third party, and what we are working toward.

  • SOC 2 Type II

    In progress · Drata

    Controls implemented and continuously monitored through Drata. Type II observation period in progress; report expected later this year.

  • ISO 27001

    In progress · Drata

    ISMS scoped and aligned to the ISO 27001:2022 control set. Stage 1 readiness review running in parallel with the SOC 2 programme.

  • GDPR

    Aligned

    EU-resident infrastructure (eu-west-2 London primary, eu-central-1 Frankfurt DR), data-subject request workflow, and a published DPA available on request.

  • UK GDPR & DPA 2018

    Aligned

    Zaro is UK-headquartered; the same data-protection programme covers UK GDPR and the Data Protection Act 2018.

  • CCPA / CPRA

    Aligned

    California consumer rights workflow runs on the same data-subject request pipeline used for GDPR.

  • HIPAA

    On roadmap

    Not in scope today. Dedicated BAA-ready deployments are available on request for healthcare workloads while the formal programme is being stood up.

CONTROLS

What we operate today.

These controls are live in production, continuously monitored by Drata, and form the substrate the SOC 2 and ISO 27001 audits will be conducted against.

Infrastructure & network

Production runs on AWS in a dedicated VPC behind Cloudflare, with the admin plane gated by VPN.

  • Amazon EKS workloads run as non-root containers in private subnets; no public IPs on pods or data stores.
  • Cloudflare sits in front of every public hostname, providing edge TLS, DDoS mitigation, WAF, and bot management. Origin IPs are not advertised.
  • All ingress terminates on an AWS Application Load Balancer with HTTPS-only listeners and TLS 1.2+.
  • The admin console is served by a separate, internal-only load balancer and requires a managed zero-trust VPN with per-device approval, scoped to the corporate identity.
  • Outbound HTTP from agents and integrations goes through an SSRF-safe client that blocks loopback, link-local, and private addresses before connect.

Data protection & encryption

Customer data is encrypted in transit and at rest, with application-level encryption on top for secrets.

  • TLS 1.2+ enforced everywhere — end-user traffic, MCP, internal service-to-service, and every backing data store.
  • RDS PostgreSQL Multi-AZ, encrypted at rest with AWS KMS. Application-layer AES-256-GCM encryption on OAuth refresh tokens, integration API keys, and proxy credentials before they reach the database.
  • S3 object storage with versioning and SSE-S3 encryption; OpenSearch Serverless indices encrypted under AWS-managed keys.
  • Secrets centralised in AWS Secrets Manager under a customer-managed KMS CMK, delivered to workloads via an audited secrets-injection pipeline. No plaintext secrets in source control.
  • API keys are stored as SHA-256 hashes only — the raw key is shown to the user once at issuance and is unrecoverable thereafter.

Access control & authentication

Layered authentication for humans, agents, and machines, with workspace-scoped permissions.

  • Email OTP, Google / Microsoft / GitHub / Apple OAuth, and enterprise SSO (OIDC + SAML). Tenants can require sso_only login.
  • Session tokens are JWT RS256, signed with an asymmetric keypair held only by the API service.
  • Cloudflare Turnstile in front of public OTP endpoints; per-user, per-IP, and global OTP rate limits with CloudWatch alarms on login-failure spikes.
  • File- and directory-level path rules at the storage layer, enforced equally for users, MCP clients, agents, and integrations.
  • Every agent runs under a scoped service account that can never exceed the creator's permissions; workspace managers can further restrict or revoke any agent's scope.

Agent guardrails

Agents must ask for approval before destructive or sensitive actions, and run code in isolated sandboxes.

  • Built-in ask_permission tool: agents must request user approval before deleting data, calling paid third-party APIs, or running irreversible operations.
  • Approval requests notify the user by email and Slack and time out as denied after 30 minutes.
  • Workspace managers can extend or relax these defaults per-agent through chat or the Access tab.
  • Code execution happens exclusively in isolated E2B sandbox VMs with hard session and idle limits — never on Zaro infrastructure.
  • Reserved system paths (workspace memory, skills, tasks) are protected from generic write tools so an agent cannot break the workspace namespace.

Monitoring, audit, & incident response

Structured logging, audit trails, and a documented incident response process.

  • Application logs shipped to AWS OpenSearch Serverless (30-day retention) over a VPC endpoint; ALB access logs to S3.
  • Per-action admin audit log records actor, target, action, and metadata. API-key prefixes (never full keys) are recorded so events can be correlated without leaking credentials.
  • Prometheus → CloudWatch metrics on every service, with comprehensive production alarming across error rates, latency, LLM spend, auth failures, capacity, and search/index health.
  • Alerts fan out to our on-call paging system and Slack; runbooks are maintained for every backing data store, API-key compromise, and provider outages.
  • Customer-impacting incidents are communicated through the status page and direct email; post-mortems are written within 48 hours regardless of severity.

Business continuity & DR

Multi-AZ production with cross-region backups under vault-locked AWS Backup.

  • RDS PostgreSQL Multi-AZ with continuous PITR over a 35-day window. Target RPO of 5 minutes and target RTO of 30 minutes for same-region recovery.
  • Cross-region backups copied nightly to eu-central-1 (Frankfurt) under AWS Backup with GFS retention (daily 35d / weekly 12w / monthly 12m). Both vaults are Vault-Locked in Governance mode.
  • S3 versioning enabled with a long noncurrent lifecycle (60d → IA, 180d → Glacier IR, 2y → expire).
  • Search/vector indices are mirrors of PostgreSQL + S3 and can be rebuilt in hours via the admin reindex API.
  • Disaster-recovery drills (PITR restore, cross-region restore, reindex dry-run) are scheduled into the launch ramp and repeated thereafter.

Data handling & retention

Customer data is yours. We don't train models on it, and you can export or delete it on demand.

  • We do not use customer content to train foundation models. Underlying LLM providers (Anthropic, OpenAI, Bedrock, Google, …) operate under contracts that disallow training.
  • Workspace data is tenant-isolated at every layer — database, search, and object storage — and isolation is enforced consistently across users, agents, MCP clients, and integrations.
  • File versions are retained per workspace policy and recoverable; deleted accounts have personal data removed within 30 days unless we are legally required to retain it.
  • Operational data has documented retention windows: events 90 days, application logs 30 days, proxy/integration logs 90 days.
  • Data-subject requests (access, correction, export, deletion) are handled within statutory timelines through [email protected].

Vendor & supply-chain management

We pick vendors carefully and only share the minimum data each one needs to do its job.

  • A maintained sub-processor index is published below and updated whenever a vendor is added.
  • Every sub-processor is bound by a data processing agreement that prohibits using customer data for any other purpose.
  • We require enterprise-grade security postures from the LLM, infrastructure, and agent-tooling vendors we rely on.
  • Customer notification is sent in advance of any change that introduces a new sub-processor with access to customer content.
SUB-PROCESSORS

Every vendor that touches your data.

We share only the minimum each vendor needs to do its job, and we update this list when it changes. None of the LLM providers listed here train on your data.

  • Amazon Web ServicesPrimary cloud infrastructure — compute, database, storage, backup.EU (London) · EU (Frankfurt) DR
  • CloudflareDNS, edge TLS, DDoS protection, WAF, bot management (Turnstile).Global edge
  • ClickHouse CloudEvent analytics store (90-day TTL).EU (London)
  • AnthropicLLM provider for agent reasoning. Contracts disallow model training on customer data.US
  • OpenAILLM provider, image generation. Zero data retention via enterprise API agreement.US
  • Google Cloud (Gemini & Speech-to-Text)Optional LLM provider and speech-to-text for meeting transcription.Global (multi-region routing)
  • OpenRouterOptional LLM router for embeddings and multimodal models.Global
  • ComposioOAuth + API orchestration for third-party integrations (Gmail, Slack, Notion, …).Global
  • BrowserbaseIsolated cloud browser sessions for agent-driven web automation.US
  • E2BIsolated sandbox VMs for agent code execution.US / EU
  • FirecrawlAgent web search and page extraction.US
  • ResendTransactional email delivery (auth, notifications, permission requests).EU / US
  • Customer.ioProduct and lifecycle email; user identity events only, no workspace content.EU
  • StripeBilling and payment processing.Global
  • PostHogProduct analytics on the marketing site and in-app surfaces.EU
  • DrataContinuous compliance monitoring and audit readiness platform.US
RESOURCES

Documents and reports.

The artefacts below are available for review. NDA-gated items are sent within one business day of a verified request.

  • Privacy Policy

    Read →

    How we collect, use, and protect personal data.

  • Terms of Service

    Read →

    The contract governing use of the Zaro platform.

  • Data Processing Agreement

    Request →

    GDPR-compliant DPA with Standard Contractual Clauses. Available on request, executed under NDA.

  • Security & Architecture Brief

    Request →

    Deeper technical write-up of the platform's guardrails, security controls, and data flows. Available under NDA.

  • SOC 2 Letter of Assertion

    View →

    Letter from Drata, our compliance automation platform, confirming Zaro subscribed to Drata's audit-readiness platform on 24 March 2026 to prepare for the upcoming SOC 2 Type II examination and to continuously monitor compliance posture post-audit.

    Download · PDF · 209 KB

  • SOC 2 Engagement Letter

    Request →

    Engagement letter from Agency, our managed cybersecurity service provider, confirming the SOC 2 Type II programme is underway. Observation period runs 1 June – 1 September 2026; final audit testing will be conducted afterwards by an independent auditor. Available under NDA.

  • SOC 2 Type II Report

    Coming soon

    Not yet available. Once the audit completes we will publish a link here so you can request the report under NDA.

Questions, audit requests, or a security report?

We take security correspondence seriously and aim to acknowledge every report within one business day. For DPA execution, audit material, data-subject requests, or anything else under NDA, email [email protected] and we will route it from there.

[email protected]