Your data is safe with us

Security isn't an afterthought at ZiggyHQ — it's built into every layer of the platform. Here's exactly how we protect your business data.

Two-Factor Authentication (TOTP)

Protect your account with time-based one-time passwords. Enable 2FA via any authenticator app (Google Authenticator, Authy, 1Password) for an extra layer of security on every login.

Data Encrypted at Rest (AES-256)

All data stored in ZiggyHQ databases is encrypted using AES-256, the same encryption standard used by financial institutions and government agencies worldwide.

Data Encrypted in Transit (TLS 1.3)

All data transmitted between your browser and our servers is protected using TLS 1.3 — the latest and most secure transport layer security protocol available.

SOC 2 Compliance (In Progress)

We are actively working toward SOC 2 Type II certification. Our infrastructure, access controls, and data handling practices are built to meet the rigorous requirements of the SOC 2 framework.

PCI Compliant Payments (Stripe)

We never store your payment card data. All billing is handled by Stripe, a Level 1 PCI DSS compliant payment processor trusted by millions of businesses worldwide.

Row-Level Security (Supabase RLS)

Our database enforces row-level security at the database layer using Supabase RLS policies. Your data is strictly isolated — no user or team can ever access another organization's data, even in the event of application-level bugs.

Regular Security Audits

We conduct regular internal security audits and penetration testing. Our code is reviewed for common vulnerabilities (OWASP Top 10) and we maintain a responsible disclosure program.

Google & Apple SSO

Sign in with Google or Apple for a secure, passwordless authentication experience. We support OAuth 2.0 and never store third-party passwords.

Built on trusted infrastructure

ZiggyHQ runs on enterprise-grade infrastructure from companies that have set the standard for reliability and security.

Supabase

Database & Auth

Vercel

Hosting & CDN

Stripe

Payments

AWS

Cloud Infrastructure

Report a vulnerability

We take security reports seriously. If you discover a vulnerability in ZiggyHQ, please report it responsibly. We'll acknowledge your report within 24 hours and work to resolve confirmed issues promptly.

security@ziggyhq.com

24-hour acknowledgment

We respond to every security report within one business day.

Responsible disclosure

We appreciate researchers who follow responsible disclosure guidelines.

No legal action for good-faith reports

We will not pursue legal action against researchers acting in good faith.