Security & Compliance

Learn how we protect your data with strong security measures at every layer.

Last Updated: March 14, 2026

Encryption In-Transit & At-Rest

Multi-Workspace Data Isolation

Secure OAuth & JWT Sessions

PCI-Compliant Payment Partners

Our Commitment to Security

At ZeroDue, security is not an afterthought—it's fundamental to everything we do. We understand that you're entrusting us with sensitive financial information, and we take that responsibility seriously. Our security infrastructure is designed with multiple layers of protection to keep your data safe.

Data Encryption

Your data is encrypted at every stage:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3.
  • Encryption at Rest: Your financial data is encrypted at rest in our databases using AES-256 encryption.

Authentication & Access Control

We secure access to your account using modern authentication standards:

  • OAuth 2.0: Sign in securely with Google or Apple using the Authorization Code Flow with one-time code exchange — we never store your social media passwords.
  • Two-Factor Authentication (2FA): Add a second layer of protection using any TOTP-based authenticator app (Google Authenticator, Authy, etc.). Your 2FA secret is encrypted with AES-256 before storage.
  • JWT Sessions: Authenticated sessions use signed JSON Web Tokens with short expiry times. Tokens are automatically invalidated on password reset. All active sessions can be revoked from your account settings.
  • Brute-Force Protection: Login attempts are rate-limited and monitored. Repeated failures trigger account lockout with email notification to the account owner.

Infrastructure Security

Our application is hosted on industry-leading cloud infrastructure that provides robust physical and network security, including DDoS mitigation, firewalls, and regular patching.

Workspace Isolation

We employ a strict secure architecture to guarantee that your workspace data is isolated and inaccessible to any other user or workspace. Every database query is scoped to your unique workspace identifier, making data leakage between workspaces impossible by design.

Payment Security

We do not store your full credit card information on our servers. All payment processing is handled by Stripe, a PCI-DSS Level 1 compliant payment processor, ensuring your billing information is handled with the highest level of security.

Monitoring & Incident Response

Our systems are monitored 24/7 for security events and suspicious activity. In the event of a security incident, our response team is prepared to investigate, mitigate, and notify affected users in accordance with our incident response plan.

Report a Security Vulnerability

If you believe you have discovered a security vulnerability in our application, please report it to us responsibly at security@getzerodue.com. Do not publicly disclose the issue until we have had a chance to address it. We appreciate the security community's help in keeping our platform safe.

You can also find our security disclosure policy at getzerodue.com/.well-known/security.txt