Security at Zentitle

Our clients rely on us to keep their data secure.
Our approach to security runs through our product design, policies, and our procedures.

We combine best practices to keep your data safe.

Incident response and monitoring

Zentitle2 implements a protocol for handling security events and other operational issues which includes escalation procedures, rapid mitigation, and post-mortems. You can visit our status page for updates.

We have a team of engineers on staff monitoring our infrastructure for cybersecurity events or threats.

Our staff uses the Drata Security & Compliance Automation Platform and independent 3rd party testers to monitor, secure and test our platform continuously.

GDPR Compliance

Zentitle2 ensures that your data is handled securely and complies with the Data Privacy Framework. The European Union (EU)-United States (US) Data Privacy Framework (DPF) as the primary personal data transfer mechanism for EU-US, UK-US and Swiss-US personal data transfers. You can visit our privacy page for details.

Nalpeiron has a dedicated European Union (EU) Representative with the Prighter Group.    

Data Privacy Framework Program


Nalpeiron certifies to the Data Privacy Framework Program.

You can find our record at the DPF program website at https://www.dataprivacyframework.gov/s/participant-search

Data encryption

Zentitle encrypts your data in transit and at rest.  We use modern cryptographic algorithms like AES256/HTTPS and follow key management best practices with strict user access control.

We use the OAuth standard to authenticate you and for access to our APIs.

Build your own security

Single tenant option: total flexibility in the build, location, security, and structure of your deployment.

Need a different security setup, we can build what you need on your choice of hyperscaler.

Backups and scalability

Data is backed up using best in class AWS tools and kept in multi-region storage.

- Point in time recovery -> 35 days
- Weekly Full -> 3 months
- Monthly Full -> 3 months hot storage, forever in cold storage

TurboScale: provides dynamic scaling of the Zentitle2 (and all the key elements of the platform) up and down as traffic increases or decreases to ensure high availability no matter the traffic volume.

Continuous Availability

Zentitle2 is hosted on Amazon Web Services and is designed with resilience and continuity in mind. Key measures include:

Multi-AZ Deployment: Our database spans multiple Availability Zones (AZs) within an AWS Region. This ensures uninterrupted service even during AZ outages.

Application Server Resilience: Our application servers operate across multiple AWS AZs, automatically scaling and maintaining high availability.

Autohealing: Our application services are configured for autohealing. If a server instance fails, the system automatically replaces it with a healthy instance. This proactive approach minimizes downtime and ensures seamless service delivery.

Infrastructure as Code (IaC): We use Infrastructure as Code to define our entire infrastructure. In case of a disaster, we can swiftly recreate our environment.

Testing and Monitoring: Regular drills validate our recovery procedures. Monitoring alerts us to anomalies.

Security best practices

We conduct extensive security-design reviews and regular penetration tests. All employees and contractors complete security training, including topics like information security, data privacy, and password security. They also sign a confidentiality agreement before working for Nalpeiron.

Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Zentitle2 environment, are permitted access to our production environment. SSH keys and credentials are rotated regularly and 2-factor authentication is enforced whenever possible.

In addition to our internal testing, we hire an external firm each year to conduct penetration testing at the network and application levels.

We use risk assessment tools from Drata to run regular internal audits.

Product and payment security

Customers can centrally manage their access to Zentitle using single sign-on (SSO) that has 2FA as standard. Zentitle data is encrypted at rest and in transit, and actions are recorded in an audit log.

Payment processing is done by Stripe which handles any credit card information for any of our customers. Stripe is certified to PCI Service Provider Level 1 which is the most stringent level of PCI DSS certification available.

Third-party cloud providers

Our cloud providers (AWS and Azure) comply with industry-leading security practices and frameworks, including SOC2, ISO 27001, and PCI DSS. AWS and Azure data centers are monitored by 24×7 security, biometric scanning, video surveillance and more.

Industry Standard Security Certification

Reliability, scalability, trust and security are core to our commitment to our customers. Our enterprise-grade security features and comprehensive audits ensure we're aligned to industry best practices. Zentitle2 adheres to data security, availability and confidentiality standards developed by SOC 2. AWS and Azure are SOC2 and ISO-27001 certified.

Our systems are constantly monitored using the Drata Continuous Control and end point Monitoring platform.

Zentitle is in the process of getting SOC 2 Type 2 approval.

Zentitle - the Enterprise-Class Software Monetization Platform

18 Years+

Track Record

$1B+

Revenues Protected

300M+

Transactions / Month

99.9%+

Uptime SLA for 10 Years+

Zentitle supports 100M's users 24x7x365 for the world's leading SaaS, Software and IoT companies