Security at Zoveto

1. Overview

Zoveto is built for operational reliability, data security, and system integrity. This trust center summarizes how we protect systems, process data, and document legal safeguards in practical terms.

2. Security

• Infrastructure: production services run on Amazon Web Services (AWS).
• In transit: TLS is used for data exchanged between clients, APIs, and service endpoints.
• At rest: core data stores use encryption-at-rest controls.
• Access control: role-based access controls (RBAC) and least-privilege access practices.
• Audit logs: operational and security events are logged for investigation and reliability.

3. Data & privacy

• What we collect: account, usage, billing, and operational business data required to deliver the service.
• How we use data: service delivery, security, support, billing, and platform reliability.
• Data ownership: customer data belongs to the customer; Zoveto processes it to provide the contracted service.

4. Subprocessors

• Amazon Web Services (AWS) - cloud infrastructure hosting.
• Google (Gmail SMTP) - transactional and operational email delivery.
• Google Analytics - website analytics when consent is enabled.
• Microsoft Clarity - session replay and behavioral diagnostics when analytics consent is enabled.
• Razorpay - payment processing and billing transactions.

Full details are maintained on the Subprocessors page.

5. Compliance posture

Zoveto is built following industry best practices for SaaS security and data protection, including controls aligned to India's DPDP Act 2023 and IT Act obligations, and GDPR-ready processing standards for international customers. We do not claim SOC 2 or equivalent certifications unless officially completed and publicly announced.

6. Data ownership and export

Customer data remains the customer's data. On eligible plans, customers may request exports of operational data in standard machine-readable formats to support migration, analytics, and continuity requirements.

7. Uptime and SLA by plan

• Free / evaluation: best-effort availability, no formal SLA.
• Starter / Growth: standard production operations with priority incident response.
• Enterprise: contract-defined SLA and response commitments via order form.

8. Legal documents

• Terms of Service
• Privacy Policy
• Data Processing Agreement (DPA)
• Acceptable Use Policy
• Cookie Policy

9. Responsible disclosure

If you identify a potential vulnerability, report it to security@zoveto.com with reproducible details. We review good-faith reports and triage based on severity.