Security & Compliance
Data Encryption & Storage
How Zelosify encrypts and stores your data — at rest and in transit.
Encryption at Rest
| Data Type | Encryption Method | Key Management |
|---|---|---|
| Database (PostgreSQL) | AES-256 | Managed encryption keys |
| Document Storage (S3) | AES-256 (SSE-S3) | AWS-managed keys |
| Vector Database (Qdrant) | AES-256 | Application-level encryption |
| Redis Cache | In-memory (ephemeral) | Isolated per tenant |
| Backups | AES-256 | Separate backup encryption keys |
Encryption in Transit
- All client-to-server communication: TLS 1.3 (minimum TLS 1.2)
- Internal service-to-service: Encrypted within VPC
- Database connections: SSL/TLS enforced
- E-signature documents: End-to-end encryption during signing
Data Storage Locations
- US Region (Primary): All data is hosted on secure, US-based servers (AWS us-east-1) for all plan tiers.
Data Residency
- All organization data (contracts, vendor profiles, metadata, and analytics) remains stored within the secure primary US region.
- Backup storage and replication targets also reside within the US boundaries.
- No region-selection choices are available during setup; EU and APAC storage regions are not supported.
Backup & Recovery
| Backup Type | Frequency | Retention | Recovery Time |
|---|---|---|---|
| Database snapshots | Every 6 hours | 30 days | < 1 hour |
| Point-in-time recovery | Continuous | 7 days | < 30 minutes |
| Document storage | Continuous replication | Indefinite | < 15 minutes |
| Disaster recovery | Cross-region | Ongoing | < 4 hours (RTO) |