Meet Zap 2: the AI agent that can handle your entire frontline support Learn more

Contact sales Get Started
megamenu-blog-image
New Release

Procurement Process 2026: Expert Guide to Smarter Decisions

Master the procurement process with this step-by-step guide. Boost efficiency, cut costs, and build stronger supplier relationships with ease.

Read now
By Industry

Our adaptable procurement solution delivers efficiency and cost savings for every industry.

By Personas

Zapro empowers every person in the procurement process to achieve their goals.

megamenu-blog-image
New Release

Buy from Amazon. Approve in Zapro. Track everything.

Punch-In or Punch-Out, every order flows through your approvals, budgets, and books without you lifting a finger.

Read now

Entity: Zapro AI Pvt. Ltd.

This Security Policy defines Zapro AI’s commitment to protecting the confidentiality, integrity, and availability of Customer Data and company assets.


1. Purpose & Scope
Applies to all employees, contractors, affiliates, and subprocessors who have access to Zapro AI systems and Services.


2. Security Objectives
– Protect Customer Data against unauthorized access, use, disclosure, alteration, or destruction.
– Maintain resilience and availability of systems.
– Detect and respond effectively to threats and vulnerabilities.
– Align with SOC 2 Type II and ISO 27001:2022.


3. Governance & Responsibility
– Chief Security Officer (or Compliance Lead): Oversees security program.
– Security Team: Implements and monitors security controls.
– Employees/Contractors: Must comply with this policy and complete annual security training.


4. Data Protection & Encryption
– TLS 1.2+ for all external/internal communications.
– AES-256 encryption at rest for databases, storage, backups.
– Keys rotated and stored securely with KMS.
– Customer Data logically separated in multi-tenant environments.


5. Access Control & Identity Management
– Least Privilege: Access granted only as needed.
– MFA required for all accounts.
– RBAC enforced across infrastructure.
– Access reviewed quarterly; revoked upon termination.


6. Network & Infrastructure Security
– Hosting: Azure & AWS with native security services.
– DDoS Protection: Azure DDoS, AWS WAF, CloudFront.
– Firewalls & NAT at perimeter and VPC levels.
– Monitoring: Logs via EFK, metrics via Prometheus, APM via New Relic.
– Load Balancing with Azure/AWS.
– VPN required for internal access.


7. Application Security
– Secure Development Lifecycle (SDLC).
– GitHub with branch protections, code reviews, vulnerability scanning.
– Regular patching of Ruby, JS/TS, React, and libraries.
– Annual penetration tests.
– Vulnerability management with SLA-based patching.


8. Monitoring, Logging & Incident Response
– Monitoring via Prometheus, New Relic, EFK.
– Automated alerts for anomalies and unauthorized access.
– Incident Response plan with defined roles and communication.
– Customer notification within legal timelines.


9. Business Continuity & Disaster Recovery (BC/DR)
– Encrypted daily backups across availability zones.
– DR procedures tested annually.
– Redundant infrastructure with regional failover.


10. Employee Security Practices
– Background checks for sensitive access roles.
– Mandatory onboarding and annual training.
– Device security with encryption, EDR, and patching.
– Privileged access logged, reviewed, and revoked on exit.


11. Vendor & Subprocessor Security
– Subprocessors vetted for SOC 2/ISO/GDPR compliance.
– Bound by Data Processing Agreements (DPA).
– List published at zapro.ai/subprocessors.


12. Compliance Alignment
– SOC 2 Type II audit.
– ISO 27001:2022 certification.
– Aligned with GDPR, CCPA, DPDP.


13. Policy Review & Updates
Reviewed annually and updated for evolving threats, regulations, or certifications.Contact: security@zapro.ai | compliance@zapro.ai
Zapro AI Pvt. Ltd., Prestige Atlanta, Koramangala, Bengaluru, Karnataka, India