Security

Teams and organizations trust Zento with the safe keeping of their project data and sensitive task information every day. Security isn't just fine-print for us: it's a central feature and shapes every decision we make to ensure your workflow remains safe, private, and uninterrupted.

Zento Security Illustration

Securing your data

You own your data

We are the custodians of your data, but you remain the sole owner. Every step has been taken to help you manage your project information securely and confidentially. If the time ever comes for us for us to say goodbye, your data will be held for a minimum of 90 days after cancellation. That way, if you decide to restart your Zento workspace, all your tasks, progress, and history will be here exactly the way you left it.

If you ever need to transfer your project info outside of Zento for any reason, you can take it anywhere you want using Zento’s comprehensive data export feature.

Ultra-secure facilities

Zento is hosted in state-of-the-art datacentre facilities. Physical access is strictly controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means to ensure the servers holding your task data are never compromised.

High availability

We use datacentre facilities built in clusters to ensure your team never stops moving. In case of a localized failure, automated processes move your data traffic away from the affected area and into other functioning sites. It all occurs behind the scenes, so your "In Progress" tasks remain accessible, and you won’t even notice a flicker in service.

Encryption

Whenever your data is sent between your device and our servers, it’s encrypted using HTTPS (end-to-end encryption). We use a 2048-bit SSL certification for encryption in transit. All project data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm.

If that sounds like a bunch of jargon nonsense, here’s what it means: all data shared between you and Zento is transmitted and stored securely. No one can read your task details or project notes except for you and your authorized team members. Plus, we refresh your backup every day to ensure your progress is always current.

Data Security Illustration

Accreditations and Certifications

We choose our partners carefully. Our hosting partner, Amazon Web Services (AWS), has achieved the following global accreditations and certifications to ensure your project data is handled with the highest level of care:

  • ISO 27001 (Information Security Management System)
  • PCI DSS Level 1 (Payment Card Industry Data Security Standard)
  • SOC 2 Type II (The gold standard for SaaS security and privacy)

24/7/365 Monitoring

Zento is monitored 24 hours a day, 7 days a week, 365 days a year. No matter what time zone your team is working in, if something goes wrong, we’ll be the first to know. Our engineering team will jump into action immediately to ensure your "In Progress" work is never interrupted.

Backups

Zento project data is backed up daily. Backups are redundantly stored in multiple physical locations. Data is also constantly streamed to replica databases for up-to-the-second redundancy.

In other words, we’ve got backups for your backups and a contingency plan in place to handle any potential interruptions. Don&rsquot forget that you can also export your project data at any time and create your own local backups too.

Bug Bounty Program

We offer bug bounties for new, responsibly disclosed security issues. If you’ve discovered a vulnerability or have a suggestion to improve the safety of our platform, please contact us at support@zento.com. We value the contribution of the security community in helping us keep our users' project data safe.

Zento Data Security Infrastructure

What can you do to protect your account?

Enable passkeys

Passkeys use your device’s built-in security features (like your fingerprint, face scan, or a PIN) to prevent anyone besides you from gaining access to your account. They’re great protection against phishing attacks, as they’ll only work on the real Zento sign-in page.

Enable two-factor authentication

Two-factor authentication (2FA) adds an extra security step when you log in. With Zento, this means that accessing your workspace will require both your password and a unique code generated on your smartphone.

Understand user security roles

User security roles in Zento help you limit access to sensitive project boards and administrative settings. Ensure that only team members who need specific information can view it.

Create a strong password

Use a unique password for your Zento account. Since longer passwords are generally harder for criminals to break, try using a line from your favorite song or a short sentence you’ll easily remember.

Restrict third-party access

Zento connected apps often require your API key in order to link with your workspace. Only share your API key with parties you trust, and be sure to read their terms of service and privacy policies.

Want to learn more? Get details on how you can protect your project data.

Protect your Zento account

Zento & Data Compliance

We provide you with the tools to ensure your team is compliant with important global privacy legislation, including the Australian Privacy Principles, GDPR, PIPEDA, and SOC 2 standards.

Data Compliance Illustration

Australian Privacy Principles

To help you manage your obligations under the Australian Privacy Principles, Zento provides features to record user consent to your privacy policy or data processing terms. We also ensure that project records are securely destroyed when you no longer require them. Plus, if you need to maintain records for data retention requirements, Zento’s comprehensive export feature allows you to hold on to your info for as long as you need.

GDPR

Because Zento data is processed globally, we have a Data Processing Addendum (DPA) that covers the use of Zento and includes Standard Contractual Clauses (SCCs) to protect EU-based teams. We&rsquove also appointed a Data Protection Officer to ensure all our workflows remain compliant with strict GDPR requirements.

PIPEDA

Zento makes it easy to obtain and store user consent for data collection. We offer transparent disclosure of all processes related to the storage and use of any project information in our clear and concise Privacy Policy.

HIPAA & SOC 2

While HIPAA is primarily a concern for health-related tasks in the United States, Zento’s high security standards are designed to meet the rigorous data protection needs of teams handling sensitive information. If your team requires a Business Associate Agreement (BAA) or specific compliance documentation, just send us a request, and our security team will gladly assist you.

HIPAA SOC2 Compliance Illustration

Further Reading

Help guides

Blog posts

Useful links

All the tools you need to power your team’s productivity

Zento is an all-in-one management platform trusted by thousands of high-performing teams and professionals around the world. Track task status from "In Progress" to "Complete," document project details, manage budgets, generate real-time productivity reports, and so much more.