Security & Trust Center

Zyte is committed to maintaining high standards of data security and compliance. Zyte is ISO 27001 certified and all of its hosting providers have achieved ISO 27001 certification, ensuring that the infrastructure supporting Zyte's services meets stringent information security standards. Zyte also comply with data protection regulations such as GDPR and CCPA, and has co-authored the FISD Alternative Data Standards, underscoring its leadership in responsible data extraction practices.

Zyte collects and stores limited customre data such as names, email addresses, and payment details, as well as automatically gathered technical data like IP addresses and usage metrics. To safeguard this data, Zyte employs a comprehensive security framework, maintaining transparency through its Privacy Policy and Data Processing Agreement.

Zyte stores customer data on secure servers provided by ISO 27001 certified cloud hosting providers, ensuring compliance with stringent information security standards. These servers are located in highly secure data centers, with physical security measures in place to protect the data. Additionally, Zyte employs encryption protocols during data transmission and implements system monitoring for further safeguarding customer information.

To deliver specific functionalities, Zyte may utilize subprocessors. These subprocessors store and process data in accordance with strict security protocols. Zyte ensures that all subprocessors maintain comparable or superior security standards, including data encryption, access controls, and compliance with relevant regulations. Data transfer and storage involving subprocessors are governed by robust contractual agreements.

Zyte ensures that customer data is encrypted both during transmission and while at rest. Data transmitted between your systems and Zyte's services is protected using Transport Layer Security (TLS), safeguarding it from interception during transfer. Additionally, all user communications, digital assets, and personal information entered into the Zyte software application are encrypted, ensuring that even if unauthorized access to storage occurs, the data remains protected. These measures reflect Zyte's commitment to maintaining the confidentiality and integrity of customer data throughout its lifecycle.

Zyte is committed to GDPR compliance. We have implemented robust data protection measures and include a Data Processing Agreement to ensure compliance with GDPR requirements.

Upon termination of customer account, Zyte archives data, making it inaccessible. This data is retained for a period consistent with Zyte's data retention policy, allowing the option to reactivate the subscription and regain access by paying the applicable fees.

Zyte can provide penetration test reports to clients upon request. To ensure the confidentiality and security of sensitive information, access to these reports is typically granted after the execution of a Non-Disclosure Agreement (NDA). This practice aligns with industry standards, where sharing detailed security assessments is contingent upon legal agreements to protect both parties' interests. You can request a NDA from your sales contact.

You can find the list of Zyte's data subprocessors in Annex III of the Data Processing Agreement (DPA). This annex provides detailed information about the third-party service providers Zyte engages with to process personal data on behalf of their clients. Please note that Zyte may update this list as necessary to provide their services and will notify clients of any such changes

To report security issues to Zyte email can be sent to bughunt@zyte.com. Zyte's security team aims to acknowledge reports within 24 hours and typically takes up to five days to validate the issue. Once verified, they will take necessary actions to resolve the vulnerability and notify the reporter upon completion. For more details, refer to Zyte’s Responsible Disclosure Policy.