We take pride in keeping your data secure
with the best security practices.
Zealous data is securely stored on Google Cloud in the UK, with a twin data center in the EU (to be used as a fail-safe site should our primary center become unavailable).
Zealous depends on Stripe to provide the industry’s most secure payment processing.
We do not directly store or process credit card data, instead payment information is sent directly from the person making the payment to the payment gateway for processing.
Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry.
Our servers are physically monitored by a dedicated Security Operations team which detects and responds to internal and external threats, 24/7/365.
Access to the data center floors is tightly controlled with multiple physical security layers. Including electronic access cards, alarms, vehicle access barriers, metal detectors and biometric identification.
Laser beam intrusion detection and 24/7 monitoring by high-resolution interior and exterior cameras. Click here for more info.
Server Access Controls
Our highly scalable architecture is secured in a Virtual Private Cloud (VPC). Access to our servers is only possible by authorised staff via SSH key-based authentication through VPN access to our VPC. Only a limited number of senior employees are granted access to our servers through Identity and Access Management (IAM) and multi-factor authentication (MFA).
Personnel access to network resources and secure areas is terminated on the day employees terminate their employment or no longer need access.
All data stored across our databases and media storage is encrypted at rest, with all passwords stored encrypted by default.
Zealous is TLS 1.2 encrypted, data in transit between your device and the front end, is protected with SHA-256 signed certificates and AES encryption. This ensures the highest level of security when viewing and entering data on our web page.
Mailgun ensures high deliverability and protection for transactional emails sent through Zealous.
Mailgun is the leading email delivery service for businesses around the world with full GDPR compliance through SCCs, as well as robust data privacy and security through CPPA, SOC2, HIPAA, ISO 27001, PCI DSS and SOC 2 certification.
Stability and dependability at scale
To provide a continual service, our core data is backed up multiple times daily in separate locations to our core servers.
Backups are only accessible over SSH key-based authentication by a select few members of Zealous responsible for disaster recovery.
Zealous is built on Google Cloud’s highly scalable cloud architecture. Allowing for servers to be created on the fly during peak load periods (such as award closing dates).
This guarantees service stability and maintains balanced loading times even during heavy traffic (e.g. submissions closing).
Our server and data infrastructure is regularly reviewed and updated to match modern technology solutions. Giving us the flexibility to provide you with more features and cutting-edge security standards.
Maintaining our users right to privacy at all times.
We know all data we hold about you, and those submitting to your opportunities is valuable.
Our employees are trained to follow best practices when handling reports and enquires away from the network – keeping any reports we have run for you safe.
Global privacy laws are constantly being changed. Being straightforward about what data we hold allows us to navigate changes in new legislation around the world quickly.
Zealous is fully compliant with the EU’s GDPR regulations. As a host, you may download reports to satisfy information requests and add further consent options for anyone submitting to your opportunity.
Candidates can revoke your access to their entry, as well as permanently delete themselves from Zealous at any time. This will automatically revoke and remove their data protected under GDRP from your opportunity.
Standard Contractual Clauses
With Privacy Shield being invalidated by the EU Court of Justice, Zealous has signed agreements containing the EU Standard Contractual Clauses with all third-party suppliers processing data in the US.
This allows for data on EU citizens to continue to move freely between the US and the UK whilst protecting EU citizens’ rights to their data.