Security at Zoveto

1. Overview

Zoveto is built for operational reliability, data security, and system integrity. This trust center summarizes how we protect systems, process data, and document legal safeguards in practical terms.

2. Security

• Infrastructure: production services run on Amazon Web Services (AWS).
• In transit: TLS is used for data exchanged between clients, APIs, and service endpoints.
• At rest: core data stores use encryption-at-rest controls.
• Access control: role-based access controls (RBAC) and least-privilege access practices.
• Audit logs: operational and security events are logged for investigation and reliability.
• Role discipline: user permissions are designed around operational responsibilities so teams can separate admin, finance, warehouse, sales, and support actions.

3. Data & privacy

• What we collect: account, usage, billing, and operational business data required to deliver the service.
• How we use data: service delivery, security, support, billing, and platform reliability.
• Data ownership: customer data belongs to the customer; Zoveto processes it to provide the contracted service.

4. Subprocessors

• Amazon Web Services (AWS): cloud infrastructure hosting.
• Google (Gmail SMTP): transactional and operational email delivery.
• Google Analytics: website analytics when consent is enabled.
• Microsoft Clarity: session replay and behavioral diagnostics when analytics consent is enabled.
• Razorpay: payment processing and billing transactions.

Full details are maintained on the Subprocessors page.

5. Compliance posture

Zoveto is built following industry best practices for SaaS security and data protection, including controls aligned to India's DPDP Act 2023 and IT Act obligations, and GDPR-ready processing standards for international customers. We do not claim SOC 2 or equivalent certifications unless officially completed and publicly announced.

6. Data ownership and export

Customer data remains the customer's data. On eligible plans, customers may request exports of operational data in standard machine-readable formats to support migration, analytics, and continuity requirements.

7. Backup and continuity posture

Zoveto designs production systems with managed cloud infrastructure, environment separation, operational monitoring, and recovery planning appropriate to the customer's plan and contracted scope. Specific backup cadence, retention, and recovery commitments are confirmed in onboarding or enterprise order terms where applicable.

8. Support expectations

Support is handled through the channels agreed during onboarding. Evaluation access is best effort, paid plans receive standard business support, and Enterprise customers may define priority response terms in their order form.

9. Uptime and SLA by plan

• Free / evaluation: best-effort availability, no formal SLA.
• Starter / Growth: standard production operations with priority incident response.
• Enterprise: contract-defined SLA and response commitments via order form.

10. Legal documents

• Terms of Service
• Privacy Policy
• Data Processing Agreement (DPA)
• Acceptable Use Policy
• Cookie Policy

11. Responsible disclosure

If you identify a potential vulnerability, report it to security@zoveto.com with reproducible details. We review good-faith reports and triage based on severity.