Security · Zaploom

Enterprise-Grade Security

Protect conversations, metadata, and integrations with encryption, rigorous access controls, and compliance programs designed for global deployments.

Channels
WhatsAppSMS
Compliance posture

Badges teams ask for during procurement

Documentation packs include control mappings, subprocessors, and answers to standard vendor questionnaires.

GDPR
Data processing agreements & deletion callback support
RBAC
Role-based access control with workspace isolation
Audit Logging
Full audit trail for all platform actions
Encryption
TLS in transit, encryption at rest on all stores
Platform safeguards

Defense in depth across every layer

From encryption to incident response, Zaploom mirrors how regulated enterprises secure omnichannel programs.

Transport encryption
TLS 1.2+ enforced on all connections with HSTS preloading and strict Content Security Policy headers.
  • HTTPS enforced with HSTS
  • Content Security Policy headers
  • Webhook signature verification
CSRF protection
Origin validation on all mutating API requests with bypass only for verified webhook signatures and API keys.
  • Origin-based CSRF validation
  • Authenticated API key access for integrations
  • Signed webhook payload verification
Access controls
Role-based access control across workspaces with owner, admin, and agent roles. Platform admin impersonation for support.
  • Workspace-scoped RBAC
  • JWT session management
  • API key authentication with hashed storage
Infrastructure
Deployed on Vercel edge network with auto-scaling, Turso edge-replicated database, and Sentry monitoring.
  • Vercel serverless auto-scaling
  • Turso edge-replicated database
  • Sentry error monitoring
Rate limiting
Upstash Redis-based rate limiting with sliding window algorithm to protect against abuse.
  • Auth endpoint rate limiting
  • Per-workspace API rate limits
  • Configurable thresholds
Tenant isolation
All queries scoped to workspace ID ensuring strict data isolation between tenants.
  • Workspace-scoped data access
  • Secrets in environment variables
  • Audit logging for all actions

Customer trust

Need a custom security review?

Our field security engineers join architecture sessions, red-team findings reviews, and procurement diligence calls.

Request packet

Security isn’t a checkbox — it’s continuous assurance

Layer RBAC, encryption, and monitoring without slowing teams down.