Server Security

Zealous data is securely stored on Google Cloud in the UK,  with a twin data center in the EU (to be used as a fail-safe site should our primary center become unavailable).

Our Google Cloud infrastructure offers the gold standard for data privacy and security. Certified ISO/IEC 27001 / 27017 / 27018 / 27701 and fully PCI DSS compliant.

Our servers have SOC 1 / 2 / 3 reporting and are compliant with HIPAA, GDPR, and CCPA, among others.

Safe Payments

Zealous depends on Stripe to provide the industry’s most secure payment processing.

We do not directly store or process credit card data, instead payment information is sent directly from the person making the payment to the payment gateway for processing.

Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry.

Physical Security

Our servers are physically monitored by a dedicated Security Operations team which detects and responds to internal and external threats, 24/7/365.

Access to the data center floors is tightly controlled with multiple physical security layers. Including electronic access cards, alarms, vehicle access barriers, metal detectors and biometric identification.

Laser beam intrusion detection and 24/7 monitoring by high-resolution interior and exterior cameras. Click here for more info.

Server Access Controls

Our highly scalable architecture is secured in a Virtual Private Cloud (VPC). Access to our servers is only possible by authorised staff via SSH key-based authentication through VPN access to our VPC. Only a limited number of senior employees are granted access to our servers through Identity and Access Management (IAM) and multi-factor authentication (MFA).

Personnel access to network resources and secure areas is terminated on the day employees terminate their employment or no longer need access.

Data Encryption

All data stored across our databases and media storage is encrypted at rest, with all passwords stored encrypted by default.

Zealous is TLS 1.2 encrypted, data in transit between your device and the front end, is protected with SHA-256 signed certificates and AES encryption. This ensures the highest level of security when viewing and entering data on our web page.

Email Deliverability

Mailgun ensures high deliverability and protection for transactional emails sent through Zealous.

Mailgun is the leading email delivery service for businesses around the world with full GDPR compliance through SCCs, as well as robust data privacy and security through CPPA, SOC2, HIPAA, ISO 27001, PCI DSS and SOC 2 certification.

Business continuity

To provide a continual service, our core data is backed up multiple times daily in separate locations to our core servers.

Backups are only accessible over SSH key-based authentication by a select few members of Zealous responsible for disaster recovery.

Scalability

Zealous is built on Google Cloud’s highly scalable cloud architecture. Allowing for servers to be created on the fly during peak load periods (such as award closing dates).

This guarantees service stability and maintains balanced loading times even during heavy traffic (e.g. submissions closing).

Transparent Uptime

Zealous successfully maintains an uptime of 99.98%.

You can view real-time live status updates of our services, as well as third-party components, on our public status page.

Reviews

Our server and data infrastructure is regularly reviewed and updated to match modern technology solutions. Giving us the flexibility to provide you with more features and cutting-edge security standards.

Data Handling

We know all data we hold about you, and those submitting to your opportunities is valuable.

Our employees are trained to follow best practices when handling reports and enquires away from the network – keeping any reports we have run for you safe.

Privacy Policy & DPA

Global privacy laws are constantly being changed. Being straightforward about what data we hold allows us to navigate changes in new legislation around the world quickly.

We have embraced transparency in our privacy policy to let all users of our services know exactly what data is being collected for which purposes and cover all the requirements contained in the EU Data Processing Agreement.

GDPR

Zealous is fully compliant with the EU’s GDPR regulations. As a host, you may download reports to satisfy information requests and add further consent options for anyone submitting to your opportunity.

Candidates can revoke your access to their entry, as well as permanently delete themselves from Zealous at any time. This will automatically revoke and remove their data protected under GDRP from your opportunity.

Standard Contractual Clauses

With Privacy Shield being invalidated by the EU Court of Justice, Zealous has signed agreements containing the EU Standard Contractual Clauses with all third-party suppliers processing data in the US.

This allows for data on EU citizens to continue to move freely between the US and the UK whilst protecting EU citizens’ rights to their data.