We take the security of your data seriously and implement industry-leading security practices to protect your information.
At Zervixa, security is not an afterthought — it's a core part of how we design, build, and operate our platform. We understand that your affiliate tracking data and business information are critical assets, and we are committed to protecting them from unauthorized access, theft, and misuse.
We follow the principle of "defense in depth," implementing multiple layers of security controls to ensure that no single point of failure can compromise your data. Our security practices are aligned with industry standards and best practices, and we continuously monitor, test, and improve our security posture.
Zervixa is built on a secure, scalable architecture designed to protect your data at every level:
Our application runs in isolated Docker containers, providing strong isolation between instances. Each container has its own filesystem and network namespace, preventing unauthorized access between applications and reducing the blast radius of potential security incidents.
All traffic is routed through Traefik, a modern reverse proxy that provides request filtering, rate limiting, and URL rewriting. Traefik acts as a security barrier, protecting our application from direct exposure to the internet and enabling advanced traffic management.
All communication between your browser and our servers is encrypted using TLS 1.2 or higher. SSL/TLS certificates are automatically managed and renewed through industry-standard certificate authorities, ensuring encrypted connections at all times.
Our Docker containers run in an isolated network environment, restricting direct access to the internet. All inter-service communication is carefully controlled, with only necessary ports and protocols exposed, following the principle of least privilege.
All data transmitted between your device and Zervixa is encrypted using TLS 1.2 or higher. This includes:
Sensitive data stored in our database is encrypted at rest using industry-standard encryption algorithms. This ensures that even if an attacker gains unauthorized access to our storage systems, they cannot read sensitive information without the encryption keys.
Encryption keys are securely managed and stored separately from encrypted data. Access to encryption keys is restricted to authorized personnel and systems, and we regularly rotate our encryption keys as part of our security maintenance.
Your password is hashed using bcrypt, an industry-standard password hashing algorithm that is resistant to brute-force attacks. Bcrypt incorporates a salt to prevent rainbow table attacks and automatically becomes slower over time as computational power increases.
After login, you receive a secure session token that identifies you to our system. Session tokens:
All state-changing requests (adding domains, modifying settings, etc.) require a CSRF token to prevent cross-site request forgery attacks. These tokens are unique per session and per request, and they are automatically validated by our application.
Zervixa implements role-based access control to ensure that users can only access the features and data appropriate to their role. Different user roles have different permissions, and we enforce these permissions at the application level.
All system processes and services run with the minimum permissions necessary to perform their functions. Database accounts have limited privileges, and internal services communicate with only the data they need to access.
Zervixa uses Stripe for all payment processing. Stripe is a PCI-DSS Level 1 compliant payment processor, the highest level of PCI certification available. Key security measures include:
Your Payment Information is Safe: We never have access to your full credit card number. Stripe handles all payment processing and encryption, so your payment information is protected by Stripe's enterprise-grade security infrastructure.
Zervixa employs continuous monitoring of our infrastructure, applications, and systems to detect security anomalies and potential threats:
In the event of a security incident, we have a documented incident response plan that includes:
We regularly apply security updates and patches to our infrastructure, operating systems, and applications. Critical security updates are applied as soon as possible to protect against known vulnerabilities.
We take security vulnerabilities seriously and encourage responsible disclosure. If you discover a security vulnerability in Zervixa, please report it to us immediately:
Email: [email protected]
Please provide a detailed description of the vulnerability, steps to reproduce it, and any potential impact. We will investigate all reports and work with you to resolve confirmed vulnerabilities.
Security Researchers: We appreciate your help in keeping Zervixa secure. Please allow us a reasonable time to investigate and fix vulnerabilities before public disclosure. Do not attempt to exploit vulnerabilities or access data beyond what is necessary to confirm the issue.
Zervixa is working toward SOC 2 Type II certification, an independent audit that verifies our security controls, availability, processing integrity, confidentiality, and privacy. SOC 2 Type II certification demonstrates our commitment to maintaining a secure platform and will be completed in the near future.
Zervixa is designed to be compliant with the General Data Protection Regulation (GDPR) and supports the legal requirements of users subject to GDPR. We provide data processing agreements (DPAs) to users who need them and implement technical and organizational measures to protect personal data.
Through our use of Stripe for payment processing, Zervixa maintains PCI-DSS compliance. We do not handle credit card data directly, which significantly reduces our PCI compliance burden and enhances payment security.
While Zervixa implements comprehensive security measures, your account security also depends on your actions:
If you have security concerns or questions about Zervixa's security practices, please contact us:
Security Issues: [email protected]
General Support: [email protected]