Z
ZimmimTech

Security Statement

Infrastructure Protection & Data Safeguards • Last Updated: May 20, 2026

🔐 Encryption in Transit🛡️ Access Controls⚠️ No Warranty

This Security Statement describes our technical and organizational measures to protect your data. IMPORTANT: Despite our efforts, NO SYSTEM IS 100% SECURE. We provide NO WARRANTY against breaches, unauthorized access, or data loss.

1. Encryption Standards

  • In Transit: TLS 1.2+ with strong cipher suites for all web traffic and API calls
  • At Rest: AES-256 encryption for sensitive database fields and backups
  • Payment Data: Fully handled by Stripe — we never store raw card details
  • License Keys: Stored as salted hashes, not plaintext

2. Access Controls & Authentication

  • Role-based access control (RBAC) for all internal systems
  • Multi-factor authentication (MFA) required for administrative access
  • Least privilege principle — employees only access data necessary for their role
  • Regular access reviews and revocation upon termination
  • SSH key-based authentication for server access (no passwords)

3. Infrastructure Security

  • Hosted on reputable cloud providers with SOC 2, ISO 27001 certifications
  • Virtual Private Cloud (VPC) isolation with security groups and network ACLs
  • Automated security patching and image hardening
  • Web Application Firewall (WAF) and DDoS protection
  • Regular vulnerability scanning and penetration testing

4. Incident Response

In the event of a security breach affecting your personal data:

  • We will investigate and contain the incident immediately
  • Affected users will be notified within 72 hours if legally required (GDPR Art. 33)
  • We will cooperate with regulatory authorities as required
  • However, we disclaim all liability for damages resulting from any breach

⚠️ NO WARRANTY OF SECURITY

The security measures described above represent our good-faith efforts, but WE PROVIDE NO GUARANTEE, WARRANTY, OR REPRESENTATION THAT YOUR DATA WILL BE SECURE FROM BREACHES, INTERCEPTION, UNAUTHORIZED ACCESS, OR LOSS. You assume all risks associated with using our "as is" software platform. We strongly recommend that you do not store sensitive personal, financial, or health information beyond what is strictly required for licensing.

🔍 Found a Security Vulnerability?

We appreciate responsible disclosure. Please report security findings via our paid consultation booking system. We do not offer bug bounties or financial rewards.

Report Vulnerability →

📋 Compliance Note: We maintain SOC 2 Type II and ISO 27001 certification readiness. Certificates available upon request via paid consultation.