Secure, scalable & super reliable

We earn the trust of our customers by making data security our top priority.

Leading enterprises & agencies use Ziflow

  • mccann world group logo
  • amazon web services logo
  • dupont company logo
  • toyota company logo
  • overstock company logo
  • havas company logo
  • showtime company logo
  • electronic arts logo

Compliance & Certifications

Privacy and data-protection you can count on.

aicpa-soc2-blk logo

SOC 2

Ziflow has completed a third-party SOC 2 Type II audit. Our continued SOC 2 certification ensures our organizational and technology controls are independently audited at least annually.

privacy shield logo with stars

Privacy Shield

Ziflow is a member of the Privacy Shield framework. Privacy Shield is an agreement between the EU and US that allows for the transfer of personal data from the EU to the US.

GDPR logo

GDPR

Ziflow is GDPR compliant. GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations.

End-to-end security

We’ve partnered with the best in the industry to provide you with built-in security.
amazon web services logo

Amazon Web Services

Ziflow is hosted with Amazon Web Services (AWS), providing security features built-in. Our team uses AWS best practices to further harden our systems and processes. Amazon employs a robust physical security program with multiple certifications, including SOC 1 & 2.

crowdstrike logo with eagle

Crowdstrike

Ziflow partners with Crowdstrike which provides a comprehensive and automated malware detection service for files uploaded to the service by users, ensuring that foreign files uploaded to the service are not infected. In addition, we have a blocklist containing a list of forbidden file extensions. The file extension blocklist contains file types that may be considered dangerous, such as executables. By blocking these file types, we reduce the risk of malware infection significantly.

alert logic logo

Network Intrusion Detection System

Network Intrusion Detection System (NIDS) sensors are used in tandem with native AWS security services, which are enabled for all production assets.

Reliability you can count on

database icon

Data Redundancy

Our platform is hosted across multiple availability zones. We run a separate disaster recovery instance of Ziflow which is always at the ready.

eye icon

24/7 monitoring

Extensive performance and availability monitoring allows us to keep a close eye on system health and mitigate unforeseen issues early on.

settings icon

99.99% Uptime

Uptime is as mission critical to us as it is to your business. Our internal uptime goal is 99.99%, and our 2022 uptime record is 100%.

Security features for the Enterprise

Our Enterprise edition gives you all the security needed to deploy at scale.

sso logo

Single Sign-on

Easily authenticate and manage your enterprise users at scale.

server stack icon

System of record

Maintain activity logs for any period time or export projects for your records.

admin control panel dashboard

Advanced Admin controls

Administrators gain full control over their team, content and systems permissions.

Encrypting your data

  • hash icon

    Passwords

    We never store passwords in clear text - they are always hashed and salted securely using bcrypt. Bcrypt is a proven algorithm and is considered one of the best choices for password storage.

  • key icon

    Encryption at rest

    Data at rest is encrypted using AES-256. Encryption keys are stored using AWS Key Management Service (KMS). An annually rotated customer master key (CMK) is currently used to encrypt all customer data submitted to the Ziflow service and processed on their behalf.

  • lock icon-2

    Encryption in transit

    All network communication uses TLS with at least 128-bit AES encryption. The connection uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. Qualys SSL Labs scored Ziflow’s TLS configuration A+ on their SSL Server test and we regularly monitor this score.

secruity blue cube with lines decoration
html brackets icon

Secure product development

SDLC
Security is integral to Ziflow’s software development life cycle (SDLC). As part of that process, Ziflow incorporates threat modeling, attack surface analysis, security architecture analysis and continuous security training for its teams.

Encryption at rest
The Open Web Application Security Project (OWASP) is an online community that creates freely available articles, methodologies, documentation, tools, and technologies in the fields of web application security. It was started in 2001 as a nonprofit organization and since its foundation has contributed a wide range of publications. Ziflow has embraced the OWASP top 10 recommendations. Ziflow performs internal and third-party penetration testing on its products with an emphasis on OWASP top 10 security risks, and leverages code scanning to ensure Ziflow products are secure from known vulnerabilities.

Vulnerability management
Vulnerabilities are identified and classified based on our evaluation of their risk & impact on the confidentiality, integrity, and availability of the service and of customer data. The engineering team remediates identified vulnerabilities within predefined targets based on our Patch & Change Management Policies.

Penetration testing
Application penetration testing is performed at least quarterly by an independent third party, which include manual and automatic testing methods. In addition, our team regularly performs security audits and penetration testing for various features which require deep understanding of our internal security mechanisms and architecture. As part of our external and internal penetration testing, network scanning tools are also used against our production servers.

Create More Magic

Transform how your team reviews creative content with Ziflow.

Get started for free
footer_pv_ziflow