Security at Zetdo
Your data, your clients and your billing depend on us doing this well. Here is what we do today and what we are working towards.
Last updated 2026-05-14
Hosting
Zetdo runs on Microsoft Azure. Our infrastructure is defined in code (Terraform) and deployed via GitHub Actions with OIDC — there are no long-lived deployment credentials.
Encryption
- In transit: TLS 1.2 or higher for all traffic to and from Zetdo.
- At rest: AES-256 server-side encryption on all stored data and backups.
- Secrets: stored in Azure Key Vault, accessed via managed identities.
Access controls
- Authentication via Firebase Auth with email/password, OAuth and passwordless options.
- Role-based access inside each company account.
- Production database access is limited to a small number of engineers and is audited.
Backups and recovery
Cosmos DB continuous backup with point-in-time recovery. Backups are encrypted and replicated within the region.
Vulnerability disclosure
If you believe you have found a security issue, please report it to security@zetdo.com. Please do not publicly disclose until we have had a reasonable chance to fix it. We will acknowledge within two business days.
Compliance roadmap
We are pre-launch. We are working towards SOC 2 Type I, GDPR alignment and LGPD alignment. We will publish progress as it lands.