Security

Security isn’t an afterthought—it’s our foundation. Zams is built with enterprise-grade security and compliance at its core, ensuring your data is protected, private, and fully compliant.

Compliance

All servers are configured using a documented set of security guidelines and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately.

SOC 2 Type II

Zams' SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.

General Data Protection Regulation (GDPR)

We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.

Health Insurance Portability and Accountability Act (HIPAA)

Zams is HIPAA compliant, and is prepared and able to execute a standard Business Associate Agreement ("BAA").

California Consumer Privacy Act (CCPA)

We ensure policies, processes, and controls comply with CCPA requirements.

Infrastructure

Zams is built on Google Cloud’s secure and scalable infrastructure, ensuring enterprise-grade reliability, compliance, and performance. Our platform leverages Google Cloud’s robust security measures, including data encryption, network protection, and continuous monitoring, to safeguard user information and maintain the highest standards of data privacy.

Secure infrastructure provider

We host all of our data in physically secure Google Cloud facilities that include 24/7 on-site security, camera surveillance, and more. All customer data is hosted in data centers that are SOC 2, ISO 27001 and HITRUST compliant.

Data encryption in transit & at rest

Zams uses TLS and AES-256 encryption. Data is sent only during active sessions and deleted afterward unless recordings are enabled. Intra-European traffic stays within Europe, thanks to Cloudflare’s load balancer and servers in the Netherlands and UK.

Data redundancy and resiliency