Security First

Security at ZAICORE

We protect identities for a living. Our own security practices reflect that responsibility.

Last updated: January 23, 2026

Our Security Commitment

At ZAICORE, security is not an afterthought; it is the foundation of everything we build. As an AI company dedicated to protecting personal identities, we understand that you are trusting us with your most sensitive information. We take that trust seriously.

Our security program is designed to meet and exceed industry standards, combining technical controls, organizational processes, and a security-first culture to protect your data at every layer.

Data Encryption

At Rest

All stored data is encrypted using AES-256 encryption, the same standard used by governments and financial institutions worldwide.

In Transit

All data transmitted between your devices and our servers is protected by TLS 1.3 encryption, preventing interception and tampering.

Encryption keys are managed using industry-standard key management practices, with regular rotation and strict access controls. Sensitive data such as passwords are never stored in plain text; we use strong cryptographic hashing algorithms.

Infrastructure Security

Our infrastructure is designed with security and resilience as core principles:

  • Cloud Infrastructure: Hosted on SOC 2 certified cloud platforms with data centers in Canada.
  • Network Security: Web application firewalls, DDoS protection, and intrusion detection systems.
  • Segmentation: Network segmentation isolates different components to limit potential breach impact.
  • Redundancy: Multi-region deployment ensures high availability and disaster recovery.
  • Monitoring: 24/7 automated monitoring with real-time alerting for security events.
  • Patch Management: Regular security patches applied within 24-48 hours for critical vulnerabilities.

Access Controls

We implement strict access controls to protect your data:

  • Principle of Least Privilege: Employees only have access to systems and data necessary for their role.
  • Multi-Factor Authentication: Required for all employee access to production systems.
  • Role-Based Access: Granular permissions based on job function and need-to-know.
  • Access Logging: All access to sensitive systems is logged and auditable.
  • Regular Reviews: Access permissions are reviewed quarterly and upon role changes.
  • Secure Onboarding/Offboarding: Access is granted and revoked promptly with employment changes.

SOC 2 Compliance

SOC 2 Type II In Progress

We are actively pursuing SOC 2 Type II certification, with an expected completion date of Q3 2026. Our controls are designed to meet all Trust Service Criteria.

SOC 2 Type II certification involves an independent audit of our security controls over an extended period, verifying that our practices meet the rigorous standards of the American Institute of CPAs (AICPA) Trust Service Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Security Testing

We continuously test our security through multiple methodologies:

  • Penetration Testing: Annual third-party penetration tests by qualified security firms.
  • Vulnerability Scanning: Automated weekly vulnerability scans of all systems.
  • Code Review: Security-focused code reviews for all changes to critical systems.
  • Static Analysis: Automated static application security testing (SAST) in our CI/CD pipeline.
  • Dependency Scanning: Continuous monitoring for vulnerabilities in third-party dependencies.

Incident Response

We maintain a comprehensive incident response program to handle security events:

  • Documented Procedures: Clear, tested procedures for identifying, containing, and resolving incidents.
  • Response Team: Dedicated security personnel trained to respond to incidents 24/7.
  • Communication Plan: Defined notification procedures for affected users and regulators.
  • Post-Incident Review: Every incident is followed by a thorough review and implementation of lessons learned.
  • Regular Drills: Tabletop exercises to ensure team readiness.

In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by Canadian privacy law.

Employee Security

Our people are our first line of defense:

  • Background Checks: All employees undergo background verification before hire.
  • Security Training: Mandatory security awareness training upon hire and annually thereafter.
  • Phishing Simulations: Regular phishing exercises to maintain vigilance.
  • Secure Development: Developers receive secure coding training specific to their role.
  • Confidentiality Agreements: All employees sign comprehensive NDAs.

Data Handling and Privacy

We handle your data with the utmost care:

  • Data Minimization: We only collect data necessary to provide our services.
  • Purpose Limitation: Data is used only for the purposes disclosed in our Privacy Policy.
  • Secure Deletion: Data is securely deleted when no longer needed.
  • Vendor Assessment: Third-party vendors undergo security assessments before engagement.
  • Data Processing Agreements: All vendors handling personal data sign appropriate agreements.

For complete details on how we handle your data, see our Privacy Policy.

Responsible Disclosure

We value the security research community and welcome responsible disclosure of vulnerabilities. If you discover a security issue, please report it to us:

Report a Security Vulnerability

Email: security@zaicore.com

Please include a detailed description of the vulnerability, steps to reproduce, and your contact information. We will acknowledge receipt within 24 hours and work with you to understand and resolve the issue.

Security Questions

If you have questions about our security practices, please contact us:

ZAICORE Security Team

Email: security@zaicore.com

Or book a call with our team.