zuhoor.ai
Sign InGet Started

Security

Your data is safe with us

Zuhoor.ai is built with security as a foundation, not an afterthought. Here’s how we protect your brand data, audit results, and account information.

Data Encryption

  • All data encrypted in transit via TLS 1.3 (HTTPS enforced with HSTS)
  • Database encrypted at rest (Neon Postgres, AWS EU-West-2)
  • API keys hashed before storage — full key shown once at creation, never again
  • Stripe handles all payment data — we never see or store card numbers

Tenant Isolation

  • Every database query scoped by organization ID — verified across 60+ API routes
  • Agency managers only see brands assigned to them
  • Portal viewers restricted to their assigned brand with read-only access
  • No shared data between organizations — complete logical separation

Access Control

  • Authentication via Clerk (SOC 2 Type II compliant)
  • Role-based access: Owner, Admin, Manager, Viewer — each with distinct permissions
  • Middleware-level route protection with per-route authorization checks
  • Admin actions logged with full audit trail

Infrastructure

  • Hosted on Vercel (SOC 2 Type II, ISO 27001)
  • Database on Neon Postgres (AWS EU-West-2, London region)
  • No customer data stored outside the EU
  • Automated backups with point-in-time recovery

Application Security

  • Security headers: X-Frame-Options, HSTS, X-Content-Type-Options, Referrer-Policy
  • Stripe webhook signature verification — no unverified payloads accepted
  • File uploads validated (image-only, size-limited, filename sanitized)
  • Dependencies regularly audited and patched

Incident Response

  • If we discover a data breach, affected customers notified within 72 hours
  • Audit logging tracks sensitive operations for investigation
  • Dedicated security contact for vulnerability reports

Third-Party Services

We use industry-leading providers, each with their own security certifications:

Clerk
AuthenticationSOC 2 Type II
Stripe
Payment processingPCI DSS Level 1
Vercel
Hosting & CDNSOC 2 Type II, ISO 27001
Neon
DatabaseSOC 2 Type II
Resend
Transactional emailSOC 2 Type II
Inngest
Background jobsSOC 2 Type II

Report a Vulnerability

If you discover a security issue, please report it responsibly. We take all reports seriously and will respond within 48 hours.

security@zuhoor.ai