Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

Welcome to Zaggle's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

PCI DSS v4.0.0 Logo
PCI DSS v4.0.0
SOC 1 Type 2 Logo
SOC 1 Type 2
SOC 2 Type 2 Logo
SOC 2 Type 2
ISO 27001 Logo
ISO 27001
ISO 9001 Logo
ISO 9001
Cyber Essentials Logo
Cyber Essentials
GDPR Logo
GDPR
CISA: Secure-by-Design Pledge Logo
CISA: Secure-by-Design Pledge

Documents

COMPLIANCECISA: Secure-by-Design Pledge
COMPLIANCECyber Essentials
COMPLIANCEGDPR
COMPLIANCEISO 27001
COMPLIANCEISO 9001
COMPLIANCEPCI DSS v4.0.0
COMPLIANCESOC 1 Type 2
COMPLIANCESOC 2 Type 2
APP SECURITYApplication Penetration Testing
ESGAnti-Bribery and Corruption
CORPORATE SECURITYPenetration Testing
POLICIESAcceptable Use Policy

Policies

Acceptable Use Policy
Data Classification, Retention, Disposal
Encryption Policy

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

We may provide security-related reports upon request.

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Risk Profile

AssessmentRestricted
Impact LevelLow
Recovery Time ObjectiveImmediate
View more

Data Security

We follow industry best practices for data security. We are happy to provide more details about our data security practices upon request.

App Security

Application Penetration Testing

ESG

Anti-Bribery and Corruption

Legal

We take legal matters seriously and we always engage our legal counsel to review all commercial activities. Please contact us if you have any questions.

Data Privacy

Privacy of customer data is top of mind. We follow industry best practices and follow all applicable privacy regulations.

Access Control

Access is tightly monitored and controlled at our company. We are happy to provide more details about our access control practices upon request.

Infrastructure

We take great care to work with best-in-class infrastructure providers that provide secure computing and storage. We are happy to provide more details about our infrastructure upon request.

Endpoint Security

We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.

Network Security

We protect our corporate network against external & internal threats.

Corporate Security

Penetration Testing

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

Incident Response

We have a dedicated team that responds to security incidents. We are happy to provide more details about our incident response practices upon request.

Risk Management

We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.

Asset Management

We have strict asset management policies in place to ensure that all assets are accounted for and secure.

BC/DR

We have a business continuity plan in place to ensure that we can continue to operate in the event of a disaster.

Training

We provide security awareness training to all employees to ensure that they are aware of security best practices.

Change Management

We have a change and configuration management process in place to ensure that changes are properly reviewed and approved.

Physical & Environment

We have physical and environmental controls in place to ensure that our data centers are secure and reliable.

Continuous Monitoring

We continuously monitor our systems for security threats and vulnerabilities. We are happy to provide more details about our continuous monitoring practices upon request.

Knowledge Base (FAQ)
    What Payment data are getting stored in the database? -- List of fields from the database along with screenshot as part of evidences.
    Confirm the encryption implemented while data in transit (Client->Web/Mobile->App->DB) and at rest (DB). Data in transit -Channel/https/API communication shall be encrypted using TLS 1.2/1.3 and above with ECC/AES and 2 way SSL handshake. Data at rest encryption standards- shall be encrypted and the minimum encryption shall be AES (Advance encryption Standard) 256 bit.
    Do Partner follow Secure Development Lifecycle (SDLC)
    Data Storage - Report should clearly bring out, that defined payment data is only stored in India and no copy/backup is maintained outside the Indian jurisdiction in any form (Data Storage Certificate from Saas/Data Center provider vendor). Data localization directive as per RBI Circular DPSS.CO.OD.No 2785/06.08.005/2017-18 dated April 06, 2018 on 'Storage of Payment System Data' and RBI FAQs issued in June' 2019 - Confirm if you comply to it - Yes/No with evidences - Required CERT-IN empanelled reports.
    Confirm that the entities involved are ISO 27001:2022/ISMS Certified for their IT Infra, application, Organization
View more
Built onSafeBase by Drata Logo