Security
Security is foundational to ZiplineOS. Your business data is hosted in Australia, encrypted in transit and at rest, and isolated per organisation. This page is a summary — for the full detail, read our Security & Trust documentation.
Australian data residency
All customer data is stored and processed in Australia, in Google Cloud's Sydney region. We do not move customer data offshore for storage.
Encryption
All traffic is served over TLS (HTTPS), and data is encrypted at rest with Google-managed AES-256 encryption across our databases, file storage, and backups.
Multi-tenant isolation
Every organisation's data is logically isolated and scoped to that organisation, enforced both in the application and at the database layer through PostgreSQL Row-Level Security.
Network and application security
A web application firewall (Google Cloud Armor) inspects inbound traffic and blocks common attacks including XSS and SQL injection, with geo-restriction and per-client rate limiting. Our databases run on private networking with no public IP address.
Compliance
ZiplineOS is pursuing SOC 2 compliance with controls monitored continuously, and we handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles. See our Privacy Policy for data-handling and sub-processor detail.
Responsible disclosure
If you believe you've found a vulnerability, please email security@codenexas.com.au. We will acknowledge your report and work with you on remediation.