Security & Compliance
Platform Security Overview
A comprehensive overview of Zelosify's security architecture, practices, and certifications.
Security-First Architecture
Zelosify is built with enterprise security as a foundational principle, not an afterthought. Every layer of the platform is designed to protect your sensitive contract and vendor data.
Security Layers
| Layer | Protection |
|---|---|
| Network | TLS 1.3 encryption in transit, DDoS protection, WAF (Web Application Firewall) |
| Application | OWASP Top 10 protections, CSRF protection, rate limiting, input validation |
| Authentication | Keycloak-powered OAuth/OIDC, MFA, SSO (OIDC), session management |
| Authorization | Role-Based Access Control (RBAC), tenant isolation, principle of least privilege |
| Data | AES-256 encryption at rest, field-level encryption for sensitive data |
| Infrastructure | Container isolation, no-new-privileges, capability dropping, resource limits |
| Monitoring | Real-time threat detection, audit logging, anomaly detection |
Key Security Features
- Multi-tenant isolation: Complete data segregation between organizations at the application and database level
- Zero-trust internal architecture: Internal services authenticate with API keys; Python backend never exposed to external traffic
- Secrets management: All credentials stored in environment variables, never in code
- Container hardening: All services run with dropped Linux capabilities, no-new-privileges, and strict resource limits
- Health monitoring: Continuous health checks on all services with automatic recovery
- Dependency scanning: Regular vulnerability scanning of all dependencies